Ubuntu security

USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3582-2 22nd February, 2018 linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in theLinux kernel contained a race condition leading to uninitialized pointerusage. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2017-17712) Laurent Guerby discovered that the mbcache feature in the ext2 and [ more… ]

USN-3580-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3580-1 21st February, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-133-generic-pae 3.2.0-133.179 linux-image-generic 3.2.0.133.148 linux-image-generic-pae 3.2.0.133.148 linux-image-3.2.0-133-generic 3.2.0-133.179 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)requires corresponding processor microcode/firmware updates or,in virtual environments, hypervisor updates. On i386 and amd64architectures, the IBRS and [ more… ]

USN-3579-1: LibreOffice vulnerability Ubuntu Security Notice USN-3579-1 21st February, 2018 libreoffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibreOffice would allow unintended access to files over the network. Software description libreoffice – Office productivity suite Details It was discovered that =WEBSERVICE calls in a document could be used toread arbitrary files. If a user were tricked in to opening a speciallycrafted document, a remote attacker could exploit this to obtain sensitiveinformation. (CVE-2018-6871) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libreoffice-core 1:5.4.5-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial3 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice to makeall the necessary changes. [ more… ]

USN-3577-1: CUPS vulnerability Ubuntu Security Notice USN-3577-1 20th February, 2018 cups vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary CUPS could be made to provide access to printers over the network. Software description cups – Common UNIX Printing System(tm) Details Jann Horn discovered that CUPS permitted HTTP requests with the Hostheader set to "localhost.localdomain" from the loopback interface. If auser were tricked in to opening a specially crafted website in their webbrowser, an attacker could potentially exploit this to obtain sensitiveinformation or control printers, via a DNS rebinding attack.(CVE-2017-18190) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.4 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3575-1: QEMU vulnerabilities Ubuntu Security Notice USN-3575-1 20th February, 2018 qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer Details It was discovered that QEMU incorrectly handled guest ram. A privilegedattacker inside the guest could use this issue to cause QEMU to crash,resulting in a denial of service. This issue only affected Ubuntu 14.04 LTSand Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. Aprivileged attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. This issue was only addressed inUbuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. Anattacker could use this issue to cause QEMU [ more… ]