Ubuntu security

USN-3392-1: Linux kernel regression Ubuntu Security Notice USN-3392-1 16th August, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3378-1 introduced a regression in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, aregression was introduced that prevented conntrack from workingcorrectly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use [ more… ]

USN-3392-2: Linux kernel (Xenial HWE) regression Ubuntu Security Notice USN-3392-2 16th August, 2017 linux-lts-xenial regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary USN-3378-2 introduced a regression the Linux Hardware Enablement kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablementkernel. Unfortunately, a regression was introduced that preventedconntrack from working correctly in some situations. This updatefixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker [ more… ]

USN-3391-1: Firefox vulnerabilities Ubuntu Security Notice USN-3391-1 15th August, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,bypass sandbox restrictions, obtain sensitive information, spoof theorigin of modal alerts, bypass same origin restrictions, readuninitialized memory, cause a denial of service via program crash or hang,or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780,CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786,CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792,CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800,CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807,CVE-2017-7808, CVE-2017-7809) Update instructions [ more… ]

USN-3390-1: PostgreSQL vulnerabilities Ubuntu Security Notice USN-3390-1 15th August, 2017 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in PostgreSQL. Software description postgresql-9.3 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database postgresql-9.6 – object-relational SQL database Details Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered thatPostgreSQL allowed the use of empty passwords in some authenticationmethods, contrary to expected behaviour. A remote attacker could use anempty password to authenticate to servers that were believed to havepassword login disabled. (CVE-2017-7546) Jeff Janes discovered that PostgreSQL incorrectly handled thepg_user_mappings catalog view. A remote attacker without server privilegescould possibly use this issue to obtain certain passwords. (CVE-2017-7547) Chapman Flack discovered that PostgreSQL incorrectly handled lo_put()permissions. A remote attacker could [ more… ]

USN-3384-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3384-1 10th August, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Andrey Konovalov discovered a race condition in the UDP FragmentationOffload (UFO) code in the Linux kernel. A local attacker could use this tocause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket optionhandling code in the Linux kernel. A local unprivileged attacker could usethis to cause a denial of service or possibly execute arbitrary code.(CVE-2017-1000111) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: linux-image-4.10.0-32-generic-lpae 4.10.0-32.36 linux-image-generic 4.10.0.32.32 linux-image-generic-lpae 4.10.0.32.32 [ more… ]