Ubuntu security

USN-3377-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3377-1 3rd August, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did notproperly free memory in some situations. A local attacker could use this [ more… ]

USN-3376-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3376-1 2nd August, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3375-1: LXC vulnerability Ubuntu Security Notice USN-3375-1 2nd August, 2017 lxc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary LXC would allow unintended access. Software description lxc – Linux Containers userspace tools Details It was discovered that LXC incorrectly handled the TIOCSTI ioctl. Anattacker could possibly use this issue to escape LXC containers. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: lxc 1.0.10-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LXC containers to makeall the necessary changes. References CVE-2016-10124 Source: USN-3375-1: LXC vulnerability

USN-3370-2: Apache HTTP Server vulnerability Ubuntu Security Notice USN-3370-2 1st August, 2017 apache2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic. Software description apache2 – Apache HTTP server Details USN-3370-1 fixed a vulnerability in Apache HTTP Server.This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Robert Święcki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.13 To update [ more… ]

USN-3294-2: Bash vulnerability Ubuntu Security Notice USN-3294-2 1st August, 2017 bash vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary A security issues were fixed in Bash. Software description bash – GNU Bourne Again SHell Details USN-3294-1 fixed a vulnerability in Bash. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. (CVE-2016-7543) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-7543 Source: USN-3294-2: Bash vulnerability