SECURITY

USN-3364-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3364-2 24th July, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to/proc/iomem. A local attacker could use this to expose sensitiveinformation. (CVE-2015-8944) Alexander Potapenko discovered a race condition in the Advanced [ more… ]

USN-3357-2: MySQL vulnerabilities Ubuntu Security Notice USN-3357-2 24th July, 2017 mysql-5.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database Details USN-3357-1 fixed several vulnerabilities in MySQL. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: mysql-server-5.5 5.5.57-0ubuntu0.12.04.1 To update your system, please [ more… ]

USN-3362-1: X.Org X server vulnerabilities Ubuntu Security Notice USN-3362-1 24th July, 2017 xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the X.Org X server. Software description xorg-server – X.Org X11 server xorg-server-hwe-16.04 – X.Org X11 server xorg-server-lts-xenial – X.Org X11 server Details It was discovered that the X.Org X server incorrectly handled endiannessconversion of certain X events. An attacker able to connect to an X server,either locally or remotely, could use this issue to crash the server, orpossibly execute arbitrary code as an administrator. (CVE-2017-10971) It was discovered that the X.Org X server incorrectly handled endiannessconversion of certain X events. An attacker able to connect to an X server,either locally or remotely, could use this issue to possibly [ more… ]

USN-3353-4: Samba vulnerability Ubuntu Security Notice USN-3353-4 24th July, 2017 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Samba could allow unintended access to network services. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Original advisory details: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libsmbclient 2:3.6.25-0ubuntu0.12.04.12 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]