Ubuntu security

USN-3418-1: GDK-PixBuf vulnerabilities Ubuntu Security Notice USN-3418-1 18th September, 2017 gdk-pixbuf vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. Software description gdk-pixbuf – GDK Pixbuf library Details It was discovered that the GDK-PixBuf library did not properly handlecertain jpeg images. If an user or automated system were tricked intoopening a specially crafted jpeg file, a remote attacker could use thisflaw to cause GDK-PixBuf to crash, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2017-2862) It was discovered that the GDK-PixBuf library did not properly handlecertain tiff images. If an user or automated system were tricked intoopening a specially crafted tiff file, a remote attacker could use [ more… ]

USN-3416-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3416-1 14th September, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing context,an attacker could potentially exploit these to bypass same-originrestrictions, bypass CSP restrictions, obtain sensitive information, spoofthe origin of modal alerts, cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779,CVE-2017-7784, CVE-2017-7785, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807,CVE-2017-7809) A buffer overflow was discovered when displaying SVG content in somecircumstances. If a user were tricked in to opening a specially craftedmessage, an attacker could potentially exploit [ more… ]

USN-3417-1: Libgcrypt vulnerability Ubuntu Security Notice USN-3417-1 14th September, 2017 libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt20 – LGPL Crypto library Details Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt wassusceptible to an attack via side channels. A local attacker could use thisattack to recover Curve25519 private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libgcrypt20 1.7.6-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-0379 Source: USN-3417-1: Libgcrypt vulnerability

USN-3415-1: tcpdump vulnerabilities Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in tcpdump. Software description tcpdump – command-line network traffic analyzer Details Wilfried Kirsch discovered a buffer overflow in the SLIP decoderin tcpdump. A remote attacker could use this to cause a denialof service (application crash) or possibly execute arbitrarycode. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converterutility function bittok2str_internal() in tcpdump. A remote attackercould use this to cause a denial of service (application crash)or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomäki discovered logic errors in differentprotocol parsers in tcpdump that could lead to an infinite loop. Aremote attacker could use these to cause a denial of service(application [ more… ]

USN-3415-2: tcpdump vulnerabilities Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump – command-line network traffic analyzer Details USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS,Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides thecorresponding tcpdump update for Ubuntu 12.04 ESM. Original advisory details: Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and [ more… ]