Ubuntu security

USN-3317-1: Irssi vulnerabilities Ubuntu Security Notice USN-3317-1 12th June, 2017 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Irssi could be made to crash if it received specially crafted network traffic. Software description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain DCC messages. Amalicious IRC server could use this issue to cause Irssi to crash,resulting in a denial of service. (CVE-2017-9468) Joseph Bisch discovered that Irssi incorrectly handled receivingincorrectly quoted DCC files. A remote attacker could possibly use thisissue to cause Irssi to crash, resulting in a denial of service.(CVE-2017-9469) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: irssi 0.8.20-2ubuntu2.1 Ubuntu 16.10: irssi 0.8.19-1ubuntu2.2 Ubuntu 16.04 LTS: [ more… ]

USN-3316-1: FreeRADIUS vulnerability Ubuntu Security Notice USN-3316-1 7th June, 2017 freeradius vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary FreeRADIUS would allow unintended access over the network. Software description freeradius – high-performance and highly configurable RADIUS server Details Stefan Winter and Luboš Pavlíček discovered that FreeRADIUS incorrectlyhandled the TLS session cache. A remote attacker could possibly use thisissue to bypass authentication by resuming an unauthenticated session. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: freeradius 3.0.12+dfsg-4ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-9148 Source: USN-3316-1: FreeRADIUS vulnerability

USN-3253-2: Nagios regression Ubuntu Security Notice USN-3253-2 7th June, 2017 nagios3 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3253-1 introduced a regression in Nagios. Software description nagios3 – host/service/network monitoring and management system Details USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log filesfrom being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, [ more… ]

USN-3313-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3313-2 7th June, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3313-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-54-generic 4.8.0-54.57~16.04.1 linux-image-4.8.0-54-generic-lpae 4.8.0-54.57~16.04.1 linux-image-lowlatency-hwe-16.04 4.8.0.54.25 linux-image-generic-hwe-16.04 4.8.0.54.25 linux-image-4.8.0-54-lowlatency 4.8.0-54.57~16.04.1 linux-image-generic-lpae-hwe-16.04 4.8.0.54.25 To update your system, please follow [ more… ]

USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3312-2 6th June, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that the netfilter netlink implementation in the Linuxkernel did not properly validate batch messages. A local attacker with theCAP_NET_ADMIN capability could use this to expose sensitive information orcause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause a denialof [ more… ]