SECURITY

USN-3391-2: Ubufox update Ubuntu Security Notice USN-3391-2 16th August, 2017 ubufox update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary This update provides compatible packages for Firefox 55. Software description ubufox – Ubuntu Firefox specific configuration defaults and apt support Details USN-3391-1 fixed vulnerabilities in Firefox. This update provides thecorresponding update for Ubufox. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, [ more… ]

USN-3392-1: Linux kernel regression Ubuntu Security Notice USN-3392-1 16th August, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3378-1 introduced a regression in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, aregression was introduced that prevented conntrack from workingcorrectly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use [ more… ]

USN-3392-2: Linux kernel (Xenial HWE) regression Ubuntu Security Notice USN-3392-2 16th August, 2017 linux-lts-xenial regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary USN-3378-2 introduced a regression the Linux Hardware Enablement kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablementkernel. Unfortunately, a regression was introduced that preventedconntrack from working correctly in some situations. This updatefixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker [ more… ]