Ubuntu security

USN-3509-4: Linux kernel (Xenial HWE) regression Ubuntu Security Notice USN-3509-4 15th December, 2017 linux-lts-xenial, linux-aws regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary USN-3509-2 introduced a regression in the Linux HWE kernel for Ubuntu 14.04 LTS. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablementkernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced aregression that prevented the Ceph network filesystem from beingused. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary [ more… ]

USN-3513-2: libxml2 vulnerability Ubuntu Security Notice USN-3513-2 13th December, 2017 libxml2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. Software description libxml2 – GNOME XML library Details USN-3513-1 fixed a vulnerability in libxml2. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.20 libxml2-utils 2.7.8.dfsg-5.1ubuntu4.20 python-libxml2 2.7.8.dfsg-5.1ubuntu4.20 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3513-1: libxml2 vulnerability Ubuntu Security Notice USN-3513-1 13th December, 2017 libxml2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. Software description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrecty handled certain files. An attackercould use this issue with specially constructed XML data to cause libxml2 toconsume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libxml2 2.9.4+dfsg1-4ubuntu1.2 libxml2-utils 2.9.4+dfsg1-4ubuntu1.2 python-libxml2 2.9.4+dfsg1-4ubuntu1.2 python3-libxml2 2.9.4+dfsg1-4ubuntu1.2 Ubuntu 17.04: libxml2 2.9.4+dfsg1-2.2ubuntu0.3 libxml2-utils 2.9.4+dfsg1-2.2ubuntu0.3 python-libxml2 2.9.4+dfsg1-2.2ubuntu0.3 python3-libxml2 2.9.4+dfsg1-2.2ubuntu0.3 Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.5 libxml2-utils 2.9.3+dfsg1-1ubuntu0.5 python-libxml2 2.9.3+dfsg1-1ubuntu0.5 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.12 libxml2-utils [ more… ]

USN-3512-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-3512-1 11th December, 2017 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details David Benjamin discovered that OpenSSL did not correctly preventbuggy applications that ignore handshake errors from subsequently callingcertain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomerymultiplication procedure. While unlikely, a remote attacker could possiblyuse this issue to recover private keys. (CVE-2017-3738) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.3 Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.4 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-3507-2: Linux kernel (GCP) vulnerabilities Ubuntu Security Notice USN-3507-2 7th December, 2017 linux-gcp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems Details Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause adenial of service (application crashes) or possibly gain administrativeprivileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative arrayimplementation in the Linux kernel sometimes did not properly handle [ more… ]