SECURITY

USN-3212-3: LibTIFF vulnerabilities Ubuntu Security Notice USN-3212-3 19th July, 2017 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details USN-3212-1 and USN-3212-2 fixed a vulnerabilitiy in LibTIFF. This update provides a subset ofcorresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package version: [ more… ]

USN-3355-1: Spice vulnerability Ubuntu Security Notice USN-3355-1 19th July, 2017 spice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Spice could be made to crash or run programs if it received specially crafted network traffic. Software description spice – SPICE protocol client and server library Details Frediano Ziglio discovered that Spice incorrectly handled certain invalidmonitor configurations. A remote attacker could use this issue to causeSpice to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libspice-server1 0.12.8-2ubuntu1.1 Ubuntu 16.04 LTS: libspice-server1 0.12.6-4ubuntu0.3 Ubuntu 14.04 LTS: libspice-server1 0.12.4-0nocelt2ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart qemu guests [ more… ]

USN-3356-1: Expat vulnerability Ubuntu Security Notice USN-3356-1 19th July, 2017 expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Expat could be made to hang if it received specially crafted input. Software description expat – XML parsing C library Details It was discovered that Expat incorrectly handled certain external entities.A remote attacker could possibly use this issue to cause Expat to hang,resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libexpat1 2.2.0-2ubuntu0.1 lib64expat1 2.2.0-2ubuntu0.1 Ubuntu 16.10: libexpat1 2.2.0-1ubuntu0.1 lib64expat1 2.2.0-1ubuntu0.1 Ubuntu 16.04 LTS: libexpat1 2.1.0-7ubuntu0.16.04.3 lib64expat1 2.1.0-7ubuntu0.16.04.3 Ubuntu 14.04 LTS: libexpat1 2.1.0-4ubuntu1.4 lib64expat1 2.1.0-4ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3307-2: OpenLDAP vulnerability Ubuntu Security Notice USN-3307-2 19th July, 2017 openldap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary OpenLDAP could be made to crash if it received specially crafted network traffic. Software description openldap – OpenLDAP utilities Details USN-3307-1 fixed a vulnerability in OpenLDAP. This update provides thecorresponding update for ubuntu 12.04 ESM. Original advisory details: Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: slapd 2.4.28-1.1ubuntu4.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-9287 Source: USN-3307-2: OpenLDAP [ more… ]