Ubuntu security

USN-3339-2: OpenVPN vulnerability Ubuntu Security Notice USN-3339-2 7th August, 2017 openvpn vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenVPN. Software description openvpn – virtual private network software Details USN-3339-1 fixed several issues in OpenVPN. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or possibly expose sensitive memory contents. (CVE-2017-7520) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: openvpn 2.2.1-8ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-3212-4: LibTIFF vulnerabilities Ubuntu Security Notice USN-3212-4 7th August, 2017 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details USN-3212-1 fixed several issues in LibTIFF. This updateprovides a subset of corresponding update for Ubuntu 12.04 ESM. Mei Wang discovered a multiple integer overflows in LibTIFF whichallows remote attackers to cause a denial of service (crash) orexecute arbitrary code via a crafted TIFF image, which triggersan out-of-bounds write. (CVE-2016-3945) It was discovered that LibTIFF is vulnerable to a heap bufferoverflow in the resulting in DoS or code executionvia a crafted BitsPerSample value. (CVE-2017-5225) Original advisory details: It was discovered that LibTIFF incorrectly handled [ more… ]

USN-3378-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3378-2 3rd August, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability [ more… ]

USN-3377-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3377-2 3rd August, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) 李强 [ more… ]

USN-3378-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3378-1 3rd August, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction [ more… ]