Ubuntu security

USN-3441-1: curl vulnerabilities Ubuntu Security Notice USN-3441-1 10th October, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Daniel Stenberg discovered that curl incorrectly handled large floatingpoint output. A remote attacker could use this issue to cause curl tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names whendoing TFTP transfers. A remote attacker could use this issue to cause curlto crash, resulting in a denial of service, or possibly obtain sensitivememory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handlednumerical [ more… ]

USN-3442-1: libXfont vulnerabilities Ubuntu Security Notice USN-3442-1 10th October, 2017 libxfont, libxfont1, libxfont2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libXfont. Software description libxfont – X11 font rasterisation library libxfont1 – X11 font rasterisation library libxfont2 – X11 font rasterisation library Details It was discovered that libXfont incorrectly handled certain patterns inPatternMatch. A local attacker could use this issue to cause libXfont tocrash, resulting in a denial of service, or possibly obtain sensitiveinformation. (CVE-2017-13720) It was discovered that libXfont incorrectly handled certain malformed PCFfiles. A local attacker could use this issue to cause libXfont to crash,resulting in a denial of service, or possibly obtain sensitive information.(CVE-2017-13722) Update instructions The problem can be corrected by updating your system to the following [ more… ]

USN-3440-1: poppler vulnerabilities Ubuntu Security Notice USN-3440-1 6th October, 2017 poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in poppler. Software description poppler – PDF rendering library Details It was discovered that Poppler incorrectly handled certain files.If a user or automated system were tricked into opening acrafted PDF file, an attacker could cause a denial of service.(CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929,CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files.If a user or automated system were tricked into opening a craftedPDF file, an attacker could cause a denial of service. This issueonly affected Ubuntu 17.04 and 16.04. (CVE-2017-14926, CVE-2017-14928) Alberto Garcia, Francisco Oca and Suleman Ali discovered that Popplerincorrectly handled certain files. If a user or automated system weretricked into opening [ more… ]

USN-3439-1: Ruby vulnerabilities Ubuntu Security Notice USN-3439-1 5th October, 2017 ruby1.9.1 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Ruby. Software description ruby1.9.1 – Object-oriented scripting language Details It was discovered that Ruby incorrectly handled certain inputs.An attacker could use this to cause a buffer overrun.(CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files.An attacker could use this to execute terminal escape sequences.(CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs.An attacker could use this to cause a denial of service.(CVE-2017-0900) It was discovered that Ruby incorrectly handled certain files.An attacker could use this to overwrite any file on the filesystem.(CVE-2017-0901) It was discovered that Ruby incorrectly handled certain inputs.An attacker could use this to execute arbitrary code.(CVE-2017-10784) It was discovered that Ruby incorrectly [ more… ]

USN-3438-1: Git vulnerability Ubuntu Security Notice USN-3438-1 5th October, 2017 git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Git be made to run programs if it processed a specially crafted file. Software description git – fast, scalable, distributed revision control system Details It was discovered that Git incorrectly handled certain subcommands such ascvsserver. A remote attacker could possibly use this issue via shellmetacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell bydefault. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: git 1:2.11.0-2ubuntu0.3 Ubuntu 16.04 LTS: git 1:2.7.4-0ubuntu1.3 Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]