Ubuntu security

USN-3491-1: ldns vulnerabilities Ubuntu Security Notice USN-3491-1 22nd November, 2017 ldns vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ldns. Software description ldns – ldns library for DNS programming Details Leon Weber discovered that the ldns-keygen tool incorrectly set permissionson private keys. A local attacker could possibly use this issue to obtaingenerated private keys. This issue only applied to Ubuntu 14.04 LTS.(CVE-2014-3209) Stephan Zeisberg discovered that ldns incorrectly handled memory whenprocessing data. A remote attacker could use this issue to cause ldns tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2017-1000231, CVE-2017-1000232) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libldns2 1.7.0-1ubuntu1.17.10.1 Ubuntu 17.04: libldns2 1.7.0-1ubuntu1.17.04.1 [ more… ]

USN-3492-1: LibRaw vulnerabilities Ubuntu Security Notice USN-3492-1 22nd November, 2017 libraw vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. Software description libraw – raw image decoder library Details It was discovered that LibRaw incorrectly handled photo files. If a user orautomated system were tricked into processing a specially crafted photofile, a remote attacker could cause applications linked against LibRawto crash, resulting in a denial of service, or possibly execute arbitrarycode Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libraw16 0.18.2-2ubuntu0.1 Ubuntu 17.04: libraw16 0.18.1-1ubuntu0.1 Ubuntu 16.04 LTS: libraw15 0.17.1-1ubuntu0.1 Ubuntu 14.04 LTS: libraw9 0.15.4-1ubuntu0.1 To update [ more… ]

USN-3489-2: Berkeley DB vulnerability Ubuntu Security Notice USN-3489-2 21st November, 2017 db, db4.8 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Berkeley DB could be made to expose sensitive information. Software description db – Berkeley v5.1 Database Utilities db4.8 – Berkeley v4.8 Database Utilities Details USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: db4.8-util 4.8.30-11ubuntu1.1 db5.1-util 5.1.25-11ubuntu0.1 libdb4.8 4.8.30-11ubuntu1.1 libdb5.1 5.1.25-11ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-3489-1: Berkeley DB vulnerability Ubuntu Security Notice USN-3489-1 21st November, 2017 db5.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Berkeley DB could be made to expose sensitive information. Software description db5.3 – Berkeley v5.3 Database Documentation Details It was discovered that Berkeley DB incorrectly handled certain configuration files.A attacker could possibly use this issue to read sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: db5.3-util 5.3.28-12ubuntu0.1 libdb5.3 5.3.28-12ubuntu0.1 Ubuntu 16.04 LTS: db5.3-util 5.3.28-11ubuntu0.1 libdb5.3 5.3.28-11ubuntu0.1 Ubuntu 14.04 LTS: db5.3-util 5.3.28-3ubuntu3.1 libdb5.3 5.3.28-3ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-10140 Source: USN-3489-1: Berkeley DB vulnerability

USN-3487-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3487-1 21st November, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. (CVE-2017-12188) It was discovered that on the PowerPC architecture, the kernel did notproperly sanitize the signal stack when handling sigreturn(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-1000255) Bo Zhang [ more… ]