Ubuntu security

USN-3382-1: PHP vulnerabilities Ubuntu Security Notice USN-3382-1 10th August, 2017 php5, php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that the PHP opcache created keys for files it cachedbased on their filepath. A local attacker could possibly use this issue ina shared hosting environment to obtain sensitive information. This issueonly affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was discovered that the PHP URL parser incorrectly handled certain URIcomponents. A remote attacker could possibly use this issue to bypasshostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.(CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameterswhen unserializing data. A remote attacker [ more… ]

USN-3381-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3381-2 7th August, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices inthe Linux kernel contained an integer overflow. A local attacker could usethis to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) It [ more… ]

USN-3381-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3381-1 7th August, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Peter Pi discovered that the colormap handling for frame buffer devices inthe Linux kernel contained an integer overflow. A local attacker could usethis to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) It was discovered that SELinux in the Linux kernel did not properly handleempty writes to /proc/pid/attr. A local attacker could use this to cause adenial of service (system crash). (CVE-2017-2618) 石磊 discovered that the RxRPC Kerberos 5 ticket handling [ more… ]

USN-3380-1: FreeRDP vulnerabilities Ubuntu Security Notice USN-3380-1 7th August, 2017 freerdp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in FreeRDP. Software description freerdp – RDP client for Windows Terminal Services Details It was discovered that FreeRDP incorrectly handled certain width and heightvalues. A malicious server could use this issue to cause FreeRDP to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in aScope List. A malicious server could use this issue to cause FreeRDP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain lengthvalues. A malicious server could use this [ more… ]

USN-3379-1: Shotwell vulnerability Ubuntu Security Notice USN-3379-1 7th August, 2017 shotwell vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Shotwell could be made to expose sensitive information over the network. Software description shotwell – digital photo organizer Details It was discovered that Shotwell is vulnerable to an information disclosurein the web publishing plugins resulting in potential password and oauth tokenplaintext transmission. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: shotwell 0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1 shotwell-common 0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1 Ubuntu 16.04 LTS: shotwell 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 shotwell-common 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 Ubuntu 14.04 LTS: shotwell 0.18.0-0ubuntu4.5 shotwell-common 0.18.0-0ubuntu4.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000024 Source: USN-3379-1: Shotwell vulnerability