Ubuntu security

USN-3309-1: Libtasn1 vulnerability Ubuntu Security Notice USN-3309-1 5th June, 2017 libtasn1-6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. Software description libtasn1-6 – Library to manage ASN.1 structures Details Jakub Jirasek discovered that GnuTLS incorrectly handled certainassignments files. If a user were tricked into processing a speciallycrafted assignments file, a remote attacker could possibly execute arbirarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libtasn1-6 4.10-1ubuntu0.1 Ubuntu 16.10: libtasn1-6 4.9-4ubuntu0.1 Ubuntu 16.04 LTS: libtasn1-6 4.7-3ubuntu0.16.04.2 Ubuntu 14.04 LTS: libtasn1-6 3.4-3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3308-1: Puppet vulnerabilities Ubuntu Security Notice USN-3308-1 5th June, 2017 puppet vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Puppet. Software description puppet – Centralized configuration management Details Dennis Rowe discovered that Puppet incorrectly handled the search path. Alocal attacker could use this issue to possibly execute arbitrary code.(CVE-2014-3248) It was discovered that Puppet incorrectly handled YAML deserialization. Aremote attacker could possibly use this issue to execute arbitrary code onthe master. This update is incompatible with agents older than 3.2.2.(CVE-2017-2295) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: puppet-common 3.4.3-1ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2014-3248, CVE-2017-2295 Source: [ more… ]

USN-3307-1: OpenLDAP vulnerability Ubuntu Security Notice USN-3307-1 1st June, 2017 openldap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary OpenLDAP could be made to crash if it received specially crafted network traffic. Software description openldap – OpenLDAP utilities Details Karsten Heymann discovered that OpenLDAP incorrectly handled certain searchrequests. A remote attacker could use this issue to cause slapd to crash,resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: slapd 2.4.44+dfsg-3ubuntu2.1 Ubuntu 16.10: slapd 2.4.42+dfsg-2ubuntu4.1 Ubuntu 16.04 LTS: slapd 2.4.42+dfsg-2ubuntu3.2 Ubuntu 14.04 LTS: slapd 2.4.31-1+nmu2ubuntu8.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-9287 Source: USN-3307-1: OpenLDAP [ more… ]

USN-3306-1: libsndfile vulnerabilities Ubuntu Security Notice USN-3306-1 1st June, 2017 libsndfile vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libsndfile. Software description libsndfile – Library for reading/writing audio files Details Agostino Sarubbo and Jakub Jirasek discovered that libsndfile incorrectlyhandled certain malformed files. A remote attacker could use this issue tocause libsndfile to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libsndfile1 1.0.27-1ubuntu0.1 Ubuntu 16.10: libsndfile1 1.0.25-10ubuntu0.16.10.1 Ubuntu 16.04 LTS: libsndfile1 1.0.25-10ubuntu0.16.04.1 Ubuntu 14.04 LTS: libsndfile1 1.0.25-7ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make [ more… ]

USN-3305-1: NVIDIA graphics drivers vulnerabilities Ubuntu Security Notice USN-3305-1 31st May, 2017 nvidia-graphics-drivers-375 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary NVIDIA graphics drivers could be made to crash or run programs as an administrator. Software description nvidia-graphics-drivers-375 – NVIDIA binary X.Org driver Details It was discovered that the NVIDIA graphics drivers contained flaws in thekernel mode layer. A local attacker could use these issues to cause a denial ofservice or potentially escalate their privileges on the system. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: nvidia-367 375.66-0ubuntu0.17.04.1 nvidia-375 375.66-0ubuntu0.17.04.1 Ubuntu 16.10: nvidia-367 375.66-0ubuntu0.16.10.1 nvidia-375 375.66-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: nvidia-367 375.66-0ubuntu0.16.04.1 nvidia-375 375.66-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: nvidia-367 375.66-0ubuntu0.14.04.1 nvidia-375 375.66-0ubuntu0.14.04.1 To update your system, please [ more… ]