Ubuntu security

USN-3094-1: Systemd vulnerability Ubuntu Security Notice USN-3094-1 29th September, 2016 systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made unavailable under certain conditions. Software description systemd – system and service manager Details Andrew Ayer discovered that Systemd improperly handled zero-lengthnotification messages. A local unprivileged attacker could usethis to cause a denial of service (init crash leading to systemunavailability). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: systemd 229-4ubuntu10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1628687 Source: USN-3094-1: Systemd vulnerability

USN-3092-1: Samba vulnerability Ubuntu Security Notice USN-3092-1 28th September, 2016 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be tricked into connecting to impersonated servers. Software description samba – SMB/CIFS file, print, and login server for Unix Details Stefan Metzmacher discovered that Samba incorrectly handled certain flagsin SMB2/3 client connections. A remote attacker could use this issue todisable client signing and impersonate servers by performing a man in themiddle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.In addition to the security fix, the updated packages contain bug fixes,new features, and possibly incompatible changes. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.14.04.1 [ more… ]

USN-3093-1: ClamAV vulnerabilities Ubuntu Security Notice USN-3093-1 28th September, 2016 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary ClamAV could be made to crash or run programs if it processed a specially crafted file. Software description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled certain malformed files.A remote attacker could use this issue to cause ClamAV to crash, resultingin a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAVAppArmor profile. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: clamav 0.99.2+dfsg-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: clamav 0.99.2+addedllvm-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: clamav 0.99.2+addedllvm-0ubuntu0.12.04.1 To update your system, please follow these instructions: [ more… ]

USN-3090-1: Pillow vulnerabilities Ubuntu Security Notice USN-3090-1 27th September, 2016 Pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. Software description pillow – Python Imaging Library compatibility layer Details It was discovered that a flaw in processing a compressed text chunk ina PNG image could cause the image to have a large size when decompressed,potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remoteattacker could use this to cause Pillow to crash, resulting in a denialof service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain malformedFLI, Tiff, and PhotoCD files. A remote attacker could use this issue tocause Pillow to crash, resulting in a denial [ more… ]

USN-3088-1: Bind vulnerability Ubuntu Security Notice USN-3088-1 27th September, 2016 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled building responses tocertain specially crafted requests. A remote attacker could possibly usethis issue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.1 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.9 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-2776 [ more… ]