Ubuntu security

USN-3586-1: DHCP vulnerabilities Ubuntu Security Notice USN-3586-1 1st March, 2018 isc-dhcp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in DHCP. Software description isc-dhcp – DHCP server and client Details Konstantin Orekhov discovered that the DHCP server incorrectly handled alarge number of concurrent TCP sessions. A remote attacker could possiblyuse this issue to cause a denial of service. This issue only affectedUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774) It was discovered that the DHCP server incorrectly handled socketdescriptors. A remote attacker could possibly use this issue to cause adenial of service. (CVE-2017-3144) Felix Wilhelm discovered that the DHCP client incorrectly handled certainmalformed responses. A remote attacker could use this issue to cause theDHCP client to crash, resulting in a denial of [ more… ]

USN-3579-2: LibreOffice regression Ubuntu Security Notice USN-3579-2 28th February, 2018 libreoffice regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary USN-3579-1 caused a regression in LibreOffice. Software description libreoffice – Office productivity suite Details USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it wasno longer possible for LibreOffice to open documents from certainlocations outside of the user's home directory. This update fixes theproblem. We apologize for the inconvenience. Original advisory details: It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. (CVE-2018-6871) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libreoffice-common 1:5.4.5-0ubuntu0.17.10.4 To update your system, [ more… ]

USN-3584-1: sensible-utils vulnerability Ubuntu Security Notice USN-3584-1 26th February, 2018 sensible-utils vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary sensible-utils could be made to run programs as your login if it opened a malicious URL. Software description sensible-utils – Utilities for sensible alternative selection Details Gabriel Corona discovered that sensible-utils incorrectly validated stringswhen launcher a browser with the sensible-browser tool. A remote attackercould possibly use this issue with a specially crafted URL to conduct anargument injection attack and execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: sensible-utils 0.0.10ubuntu0.1 Ubuntu 16.04 LTS: sensible-utils 0.0.9ubuntu0.16.04.1 Ubuntu 14.04 LTS: sensible-utils 0.0.9ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3583-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3583-1 23rd February, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that an out-of-bounds write vulnerability existed in theFlash-Friendly File System (f2fs) in the Linux kernel. An attacker couldconstruct a malicious file system that, when mounted, could cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2017-0750) It was discovered that a race condition leading to a use-after-freevulnerability existed in the ALSA PCM subsystem of the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowedpassthrough of the diagnostic I/O port [ more… ]

USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3583-2 23rd February, 2018 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. It was discovered that an out-of-bounds write vulnerability existed in theFlash-Friendly File System (f2fs) in the Linux kernel. An attacker couldconstruct a malicious file system that, when mounted, could cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2017-0750) It was discovered that a race condition leading to a use-after-freevulnerability existed in the ALSA PCM subsystem of [ more… ]