Ubuntu security

USN-3279-1: Apache HTTP Server vulnerabilities Ubuntu Security Notice USN-3279-1 9th May, 2017 apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Apache HTTP Server. Software description apache2 – Apache HTTP server Details It was discovered that the Apache mod_session_crypto module was encryptingdata and cookies using either CBC or ECB modes. A remote attacker couldpossibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest moduleincorrectly handled malicious input. A remote attacker could possibly usethis issue to cause Apache to crash, resulting in a denial of service.(CVE-2016-2161) David Dennerline and Régis Leroy discovered that the Apache HTTP Serverincorrectly handled unusual whitespace when parsing requests, contrary tospecifications. When being used in combination with a proxy or backendserver, [ more… ]

USN-3276-1: shadow vulnerabilities Ubuntu Security Notice USN-3276-1 5th May, 2017 shadow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary su could be made to crash or stop programs as an administrator. Software description shadow – system login tools Details Sebastian Krahmer discovered integer overflows in shadow utilities.A local attacker could possibly cause them to crash or potentiallygain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A localattacker could cause su to send SIGKILL to other processes withroot privileges. (CVE-2017-2616) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: passwd 1:4.2-3.2ubuntu1.17.04.1 login 1:4.2-3.2ubuntu1.17.04.1 uidmap 1:4.2-3.2ubuntu1.17.04.1 Ubuntu 16.10: passwd 1:4.2-3.2ubuntu1.16.10.1 login 1:4.2-3.2ubuntu1.16.10.1 uidmap 1:4.2-3.2ubuntu1.16.10.1 Ubuntu 16.04 LTS: passwd 1:4.2-3.1ubuntu5.2 login 1:4.2-3.1ubuntu5.2 uidmap 1:4.2-3.1ubuntu5.2 [ more… ]

USN-3274-1: ICU vulnerabilities Ubuntu Security Notice USN-3274-1 2nd May, 2017 icu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ICU. Software description icu – International Components for Unicode library Details It was discovered that ICU incorrectly handled certain memory operationswhen processing data. If an application using ICU processed crafted data,a remote attacker could possibly cause it to crash or potentially executearbitrary code with the privileges of the user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libicu57 57.1-5ubuntu0.1 Ubuntu 16.10: libicu57 57.1-4ubuntu0.2 Ubuntu 16.04 LTS: libicu55 55.1-7ubuntu0.2 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3273-1: LibreOffice vulnerabilities Ubuntu Security Notice USN-3273-1 2nd May, 2017 libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted EMF file. Software description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled EMF image files.If a user were tricked into opening a specially crafted EMF image file, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libreoffice-core 1:5.2.2-0ubuntu2.1 Ubuntu 16.04 LTS: libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial2 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to [ more… ]

USN-3272-1: Ghostscript vulnerabilities Ubuntu Security Notice USN-3272-1 28th April, 2017 ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Ghostscript. Software description ghostscript – PostScript and PDF interpreter Details It was discovered that Ghostscript improperly handled parameters tothe rsdparams and eqproc commands. An attacker could use these tocraft a malicious document that could disable -dSAFER protections,thereby allowing the execution of arbitrary code, or cause a denialof service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in thecolor management module of Ghostscript. An attacker could use thisto cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scanconversion code in Ghostscript. An attacker could use this to causea denial of [ more… ]