Ubuntu security

USN-3410-1: GD library vulnerability Ubuntu Security Notice USN-3410-1 5th September, 2017 libgd2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary GD library could be made to crash if it opened a specially crafted file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD Graphics Library (aka libgd) incorrectly handledcertain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Libraryto crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libgd3 2.2.4-2ubuntu0.3 libgd-tools 2.2.4-2ubuntu0.3 Ubuntu 16.04 LTS: libgd3 2.1.1-4ubuntu0.16.04.8 libgd-tools 2.1.1-4ubuntu0.16.04.8 Ubuntu 14.04 LTS: libgd3 2.1.0-3ubuntu0.8 libgd-tools 2.1.0-3ubuntu0.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3409-1: FontForge vulnerabilities Ubuntu Security Notice USN-3409-1 4th September, 2017 fontforge vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in FontForge. Software description fontforge – font editor Details It was discovered that FontForge was vulnerable to a heap-based bufferover-read. A remote attacker could use a crafted file to DoS or executearbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572) It was discovered that FontForge was vulnerable to a stack-based bufferoverflow. A remote attacker could use a crafted file to DoS or executearbitrary code. (CVE-2017-11571) It was discovered that FontForge was vulnerable to a heap-based bufferoverflow. A remote attacker could use a crafted file to DoS or executearbitrary code. (CVE-2017-11574) It was discovered that FontForge was vulnerable to a buffer over-read.A remote attacker could use a crafted file to DoS or execute [ more… ]

USN-3408-1: Liblouis vulnerabilities Ubuntu Security Notice USN-3408-1 4th September, 2017 liblouis vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Liblouis. Software description liblouis – Braille translation library – utilities Details It was discovered that an illegal address access can be made inLiblouis. A remote attacker can take advantange of this toaccess sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytesout-of-bounds write in Liblouis. A remote attacker can use this todenial of service or remote code execution. (CVE-2017-13739) It was discovered a stack-based buffer overflow in Liblouis. A remoteattacker can use this to denial of service or possibly unspecified otherimpact. (CVE-2017-13740, CVE-2017-13742) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-3407-1: PyJWT vulnerability Ubuntu Security Notice USN-3407-1 30th August, 2017 pyjwt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary PyJWT could be made to crash if it received specially crafted input. Software description pyjwt – Python implementation of JSON Web Token Details It was discovered that a vulnerability in PyJWT doesn't checkinvalid_strings properly for some public keys. A remote attackercould take advantage of a key confusion to craft JWTs from scratch. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: python-jwt 1.4.2-1ubuntu0.1 python3-jwt 1.4.2-1ubuntu0.1 Ubuntu 16.04 LTS: python-jwt 1.3.0-1ubuntu0.1 python3-jwt 1.3.0-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-11424 Source: USN-3407-1: PyJWT vulnerability

USN-3406-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3406-2 29th August, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. It was discovered that an out of bounds read vulnerability existed in theassociative array implementation in the Linux kernel. A local attackercould use this to cause a denial of service (system crash) or exposesensitive information. (CVE-2016-7914) It was discovered that a NULL pointer dereference existed in the DirectRendering Manager (DRM) driver for VMWare devices in the Linux kernel. [ more… ]