Ubuntu security

USN-3426-2: Samba vulnerabilities Ubuntu Security Notice USN-3426-2 2nd November, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in XXX-APP-XXX. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-3426-1 fixed several vulnerabilities in Samba. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2017-12150) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote attacker could possibly use this issue to obtain server memory contents. (CVE-2017-12163) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu [ more… ]

USN-3472-1: LibreOffice vulnerabilities Ubuntu Security Notice USN-3472-1 2nd November, 2017 libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details Marcin Noga discovered that LibreOffice incorrectly handled PPT documents.If a user were tricked into opening a specially crafted PPT document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. (CVE-2017-12607) Marcin Noga discovered that LibreOffice incorrectly handled Word documents.If a user were tricked into opening a specially crafted Word document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. (CVE-2017-12608) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.2 To [ more… ]

USN-3471-1: Quagga vulnerabilities Ubuntu Security Notice USN-3471-1 31st October, 2017 quagga vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Quagga. Software description quagga – BGP/OSPF/RIP routing daemon Details Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATEmessages. A remote attacker could possibly use this issue to cause Quaggato crash, resulting in a denial of service. (CVE-2017-16227) Quentin Young discovered that Quagga incorrectly handled memory in thetelnet vty CLI. An attacker able to connect to the telnet interface couldpossibly use this issue to cause Quagga to consume memory, resulting in adenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu16.04 LTS. (CVE-2017-5495) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-3470-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3470-2 31st October, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause a denialof service (system crash) or possibly execute arbitrary code withadministrative privileges. (CVE-2016-8632) Dmitry Vyukov discovered that a race condition existed in the timerfdsubsystem of the Linux kernel when handling might_cancel queuing. A localattacker could use this [ more… ]

USN-3468-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3468-1 31st October, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the KVM subsystem in the Linux kernel did notproperly bound guest IRQs. A local attacker in a guest VM could use this tocause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not properly validate superblock metadata. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did notproperly initialize some data structures before [ more… ]