Ubuntu security

USN-3097-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3097-1 10th October, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Marco Grassi discovered a use-after-free condition could occur in the TCPretransmit queue handling code in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the audit subsystem in theLinux kernel. A local attacker could use this to corrupt audit logs ordisrupt system-call auditing. (CVE-2016-6136) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controllerdriver in the Linux kernel when handling ioctl()s. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2016-6480) Update [ more… ]

USN-3091-1: Oxide vulnerabilities Ubuntu Security Notice USN-3091-1 7th October, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details A use-after-free was discovered in the V8 bindings in Blink. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-5170) A use-after-free was discovered in the V8 bindings in Blink. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-5171) An issue was discovered in V8. If a user were tricked in to [ more… ]

USN-3096-1: NTP vulnerabilities Ubuntu Security Notice USN-3096-1 5th October, 2016 ntp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in NTP. Software description ntp – Network Time Protocol daemon and utility programs Details Aanchal Malhotra discovered that NTP incorrectly handled authenticatedbroadcast mode. A remote attacker could use this issue to perform a replayattack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations ofsymmetric keys. A remote attacker could use this issue to perform animpersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handledmemory. An attacker could possibly use this issue to cause ntpq to crash,resulting in a denial of service. This issue only affected Ubuntu 16.04LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handleddangerous [ more… ]

USN-3095-1: PHP vulnerabilities Ubuntu Security Notice USN-3095-1 4th October, 2016 php5, php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details Taoguang Chen discovered that PHP incorrectly handled certain invalidobjects when unserializing data. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-7124) Taoguang Chen discovered that PHP incorrectly handled invalid sessionnames. A remote attacker could use this issue to inject arbitrary sessiondata. (CVE-2016-7125) It was discovered that PHP incorrectly handled certain gamma values in theimagegammacorrect function. A remote attacker could use this issue to causePHP to crash, resulting in a denial of [ more… ]

USN-3090-2: Pillow regresssion Ubuntu Security Notice USN-3090-2 30th September, 2016 Pillow regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Software description pillow – Python Imaging Library compatibility layer Details USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601caused a regression which resulted in failures when processing certainpng images. This update temporarily reverts the security fix for CVE-2014-9601pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that a flaw in processing a compressed text chunk ina PNG image could cause the image to have a large size when decompressed,potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remoteattacker could use this to cause Pillow to crash, resulting in a denialof service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain [ more… ]