SECURITY

USN-3363-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3363-1 24th July, 2017 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libmagick++-6.q16-7 8:6.9.7.4+dfsg-3ubuntu1.2 imagemagick 8:6.9.7.4+dfsg-3ubuntu1.2 imagemagick-6.q16 8:6.9.7.4+dfsg-3ubuntu1.2 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-3ubuntu1.2 Ubuntu 16.04 LTS: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.8 imagemagick 8:6.8.9.9-7ubuntu5.8 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.8 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.8 Ubuntu 14.04 LTS: libmagick++5 8:6.7.7.10-6ubuntu3.8 libmagickcore5 8:6.7.7.10-6ubuntu3.8 [ more… ]

USN-3353-3: Heimdal vulnerability Ubuntu Security Notice USN-3353-3 24th July, 2017 heimdal vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Heimdal could allow unintended access to network services. Software description heimdal – Heimdal Kerberos Network Authentication Protocol Details USN-3353-1 fixed a vulnerability in Heimdal. This update providesthe corresponding updade for Ubuntu 12.04 ESM. Original advisory details: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libkrb5-26-heimdal 1.6~git20120311.dfsg.1-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applicationsusing Heimdal libraries to [ more… ]

USN-3360-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3360-2 21st July, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to/proc/iomem. A local attacker could use this to expose sensitiveinformation. (CVE-2015-8944) It was discovered that a use-after-free vulnerability existed in [ more… ]

USN-3361-1: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3361-1 21st July, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel linux-meta-hwe Details USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Pleasenote that this update changes the Linux HWE kernel to the 4.10 basedkernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel fromUbuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilegeattributes of files when performing a failed unprivileged system call. Alocal attacker could use this to cause a denial of service. (CVE-2015-1350) Ralf Spenneberg discovered that the ext4 implementation [ more… ]

USN-3360-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3360-1 21st July, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to/proc/iomem. A local attacker could use this to expose sensitiveinformation. (CVE-2015-8944) It was discovered that a use-after-free vulnerability existed in theperformance events and counters subsystem of the Linux kernel for ARM64. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2015-8955) It was discovered that the SCSI generic (sg) [ more… ]