Ubuntu security

USN-3085-1: GDK-PixBuf vulnerabilities Ubuntu Security Notice USN-3085-1 21st September, 2016 gdk-pixbuf vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. Software description gdk-pixbuf – GDK-Pixbuf library Details It was discovered that the GDK-PixBuf library did not properly handle speciallycrafted bmp images, leading to a heap-based buffer overflow. If a user orautomated system were tricked into opening a specially crafted bmp file, aremote attacker could use this flaw to cause GDK-PixBuf to crash, resultingin a denial of service, or possibly execute arbitrary code. This issue onlyaffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552) It was discovered that the GDK-PixBuf library contained an integer overflowwhen handling certain images. If [ more… ]

USN-3086-1: Irssi vulnerabilities Ubuntu Security Notice USN-3086-1 21st September, 2016 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Irssi could be made to crash if it received specially crafted network traffic. Software description irssi – terminal based IRC client Details Gabriel Campana and Adrien Guinet discovered that the format parsing codein Irssi did not properly verify 24bit color codes. A remote attacker coulduse this to cause a denial of service (application crash). (CVE-2016-7044) Gabriel Campana and Adrien Guinet discovered that a buffer overflow existedin the format parsing code in Irssi. A remote attacker could use this tocause a denial of service (application crash). (CVE-2016-7045) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: irssi 0.8.19-1ubuntu1.2 To update your system, please follow [ more… ]

USN-3083-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3083-2 19th September, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3083-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. Dmitry Vyukov discovered that the IPv6 implementation in the Linux kerneldid not properly handle options data, including a use-after-free. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2016-3841) It was discovered that a race condition existed when handling heartbeat-timeout events in the SCTP implementation of the Linux kernel. A remoteattacker could [ more… ]

USN-3083-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3083-1 19th September, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Dmitry Vyukov discovered that the IPv6 implementation in the Linux kerneldid not properly handle options data, including a use-after-free. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2016-3841) It was discovered that a race condition existed when handling heartbeat-timeout events in the SCTP implementation of the Linux kernel. A remoteattacker could use this to cause a denial of service. (CVE-2015-8767) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.13.0-96-powerpc-smp 3.13.0-96.143 linux-image-3.13.0-96-powerpc-e500mc 3.13.0-96.143 linux-image-3.13.0-96-powerpc64-smp 3.13.0-96.143 linux-image-3.13.0-96-generic 3.13.0-96.143 linux-image-3.13.0-96-generic-lpae [ more… ]

USN-3082-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-3082-2 19th September, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABIfor ARM (OABI) had incomplete access checks for epoll_wait(2) andsemtimedop(2). A local attacker could use this to possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1488-omap4 3.2.0-1488.115 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new [ more… ]