Ubuntu security

USN-3322-1: Exim vulnerability Ubuntu Security Notice USN-3322-1 19th June, 2017 exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Exim could be made to run programs as an administrator. Software description exim4 – Exim is a mail transport agent Details It was discovered that Exim did not properly deallocate memory whenprocessing certain command line arguments. A local attacker could use thisin conjunction with another vulnerability to possibly execute arbitrarycode and gain administrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: exim4-daemon-heavy 4.88-5ubuntu1.1 exim4-daemon-light 4.88-5ubuntu1.1 Ubuntu 16.10: exim4-daemon-heavy 4.87-3ubuntu1.2 exim4-daemon-light 4.87-3ubuntu1.2 Ubuntu 16.04 LTS: exim4-daemon-heavy 4.86.2-2ubuntu2.2 exim4-daemon-light 4.86.2-2ubuntu2.2 Ubuntu 14.04 LTS: exim4-daemon-heavy 4.82-3ubuntu2.3 exim4-daemon-light 4.82-3ubuntu2.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-3320-1: zziplib vulnerabilities Ubuntu Security Notice USN-3320-1 15th June, 2017 zziplib vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary zziplib could be made to crash or run programs as your login if it opened a specially crafted file. Software description zziplib – library providing read access on ZIP-archives Details Agostino Sarubbo discovered that zziplib incorrectly handled certainmalformed ZIP files. If a user or automated system were tricked intoopening a specially crafted ZIP file, a remote attacker could cause zziplibto crash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libzzip-0-13 0.13.62-3ubuntu0.17.04.1 Ubuntu 16.10: libzzip-0-13 0.13.62-3ubuntu0.16.10.1 Ubuntu 16.04 LTS: libzzip-0-13 0.13.62-3ubuntu0.16.04.1 Ubuntu 14.04 LTS: libzzip-0-13 0.13.62-2ubuntu0.1 To [ more… ]

USN-3319-1: libmwaw vulnerability Ubuntu Security Notice USN-3319-1 15th June, 2017 libmwaw vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary libmwaw could be made to crash or run programs as your login if it opened a specially crafted file. Software description libmwaw – import library for some old mac text document Details It was discovered that libmwaw incorrectly handled certain malformeddocument files. If a user or automated system were tricked into opening aspecially crafted file, a remote attacker could cause libmwaw to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libmwaw-0.3-3 0.3.9-1ubuntu0.1 Ubuntu 16.10: libmwaw-0.3-3 0.3.8-2ubuntu0.1 Ubuntu 16.04 LTS: libmwaw-0.3-3 0.3.7-1ubuntu2.1 Ubuntu 14.04 LTS: libmwaw-0.1-1 [ more… ]

USN-3315-1: Firefox vulnerabilities Ubuntu Security Notice USN-3315-1 15th June, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, read uninitializedmemory, obtain sensitive information, spoof the addressbar contents, orexecute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472,CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7762, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used byFirefox. If a user were tricked in to opening a specially crafted website,an attacker could [ more… ]

USN-3318-1: GnuTLS vulnerabilities Ubuntu Security Notice USN-3318-1 13th June, 2017 gnutls26, gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in GnuTLS. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Hubert Kario discovered that GnuTLS incorrectly handled decoding a statusresponse TLS extension. A remote attacker could possibly use this issue tocause GnuTLS to crash, resulting in a denial of service. This issue onlyapplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGPcertificates. A remote attacker could use this issue to cause GnuTLS tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2017-7869) Update instructions The problem can be corrected by updating your [ more… ]