Ubuntu security

USN-3571-1: Erlang vulnerabilities Ubuntu Security Notice USN-3571-1 14th February, 2018 erlang vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Erlang. Software description erlang – Concurrent, real-time, distributed functional language Details It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or [ more… ]

USN-3569-1: libvorbis vulnerabilities Ubuntu Security Notice USN-3569-1 13th February, 2018 libvorbis vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libvorbis. Software description libvorbis – The Vorbis General Audio Compression Codec Details It was discovered that libvorbis incorrectly handled certain sound files.An attacker could possibly use this to execute arbitrary code.(CVE-2017-14632) It was discovered that libvorbis incorrectly handled certain sound files.An attacker could use this to cause a denial of service.(CVE-2017-14633) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libvorbis0a 1.3.5-4ubuntu0.1 Ubuntu 16.04 LTS: libvorbis0a 1.3.5-3ubuntu0.1 Ubuntu 14.04 LTS: libvorbis0a 1.3.2-1.3ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system upgrade you need to restart any applications thatuse [ more… ]

USN-3544-2: Firefox regressions Ubuntu Security Notice USN-3544-2 12th February, 2018 firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3544-1 caused some regressions in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3544-1 fixed vulnerabilities in Firefox. The update caused a webcompatibility regression and a tab crash during printing in somecircumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. [ more… ]

USN-3568-1: WavPack vulnerabilities Ubuntu Security Notice USN-3568-1 12th February, 2018 wavpack vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary WavPack could be made to crash if it opened a specially crafted file. Software description wavpack – audio codec (lossy and lossless) – encoder and decoder Details Hanno Böck discovered that WavPack incorrectly handled certainWV files. An attacker could possibly use this to cause a denialof service. This issue only affected Ubuntu 14.04 LTS and Ubuntu16.04 LTS. (CVE-2016-10169) Joonun Jang discovered that WavPack incorrectly handled certainRF64 files. An attacker could possibly use this to cause a denialof service. This issue only affected Ubuntu 17.10. (CVE-2018-6767) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwavpack1 5.1.0-2ubuntu0.1 wavpack 5.1.0-2ubuntu0.1 Ubuntu [ more… ]

USN-3566-1: PHP vulnerabilities Ubuntu Security Notice USN-3566-1 12th February, 2018 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled the PHAR 404 error page. Aremote attacker could possibly use this issue to conduct cross-sitescripting (XSS) attacks. (CVE-2018-5712) It was discovered that PHP incorrectly handled memory when unserializingcertain data. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12933) It was discovered that PHP incorrectly handled 'front of' and 'back of'date directives. A remote attacker could possibly use this issue to obtainsensitive information. (CVE-2017-16642) Update instructions The problem can be corrected by updating your system to the following [ more… ]