No Image

USN-3081-1: Tomcat vulnerability

2016-09-20 KENNETH 0

USN-3081-1: Tomcat vulnerability Ubuntu Security Notice USN-3081-1 19th September, 2016 tomcat6, tomcat7, tomcat8 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The system could be made to run programs as an administrator. Software description tomcat6 – Servlet and JSP engine tomcat7 – Servlet and JSP engine tomcat8 – Servlet and JSP engine Details Dawid Golunski discovered that the Tomcat init script incorrectly handledcreating log files. A remote attacker could possibly use this issue to obtain root privileges. (CVE-2016-1240) This update also reverts a change in behaviour introduced in USN-3024-1 bysetting mapperContextRootRedirectEnabled to True by default. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libtomcat8-java 8.0.32-1ubuntu1.2 tomcat8 8.0.32-1ubuntu1.2 Ubuntu 14.04 LTS: tomcat7 7.0.52-1ubuntu0.7 libtomcat7-java 7.0.52-1ubuntu0.7 Ubuntu [ more… ]

No Image

USN-3080-1: Python Imaging Library vulnerabilities

2016-09-15 KENNETH 0

USN-3080-1: Python Imaging Library vulnerabilities Ubuntu Security Notice USN-3080-1 15th September, 2016 python-imaging vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Python Imaging Libary could be made to crash if it received specially crafted input or opened a specially crafted file. Software description python-imaging – Python Imaging Library Details Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. (CVE-2016-0775, CVE-2016-2533) Andrew Drake discovered that the Python Imaging Libray incorrectly validated input. A remote attacker could use this to cause Python Imaging Library to crash, resulting in a denial of service. (CVE-2014-3589) Update instructions The problem can be corrected by updating your system to the following [ more… ]

No Image

USN-3058-1: Oxide vulnerabilities

2016-09-15 KENNETH 0

USN-3058-1: Oxide vulnerabilities Ubuntu Security Notice USN-3058-1 14th September, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details An issue was discovered in Blink involving the provisional URL for aninitially empty document. An attacker could potentially exploit this tospoof the currently displayed URL. (CVE-2016-5141) A use-after-free was discovered in the WebCrypto implementation in Blink.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code. (CVE-2016-5142) It was discovered that the devtools subsystem in Blink mishandles variousparameters. An attacker could exploit this to bypass intended accessrestrictions. (CVE-2016-5143, CVE-2016-5144) It was discovered that [ more… ]

No Image

USN-3079-1: WebKitGTK+ vulnerabilities

2016-09-14 KENNETH 0

USN-3079-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3079-1 14th September, 2016 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – JavaScript engine library from WebKitGTK+ – GObject introspection Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bugfixes. After a standard [ more… ]

No Image

USN-3078-1: MySQL vulnerability

2016-09-14 KENNETH 0

USN-3078-1: MySQL vulnerability Ubuntu Security Notice USN-3078-1 13th September, 2016 mysql-5.5, mysql-5.7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary MySQL could be made to run programs as an administrator. Software description mysql-5.5 – MySQL database mysql-5.7 – MySQL database Details Dawid Golunski discovered that MySQL incorrectly handled configurationfiles. A remote attacker could possibly use this issue to execute arbitrarycode with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 [ more… ]