Ubuntu security

USN-3077-1: OpenJDK 6 vulnerabilities Ubuntu Security Notice USN-3077-1 12th September, 2016 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive data over thenetwork or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto availability. An attacker could exploit these to cause a denialof service. (CVE-2016-3500, CVE-2016-3508) A vulnerability was discovered in the OpenJDK JRE related to informationdisclosure. An attacker could exploit this to expose sensitive data overthe network. (CVE-2016-3550) A vulnerability was discovered in the OpenJDK JRE related to informationdisclosure, data integrity, and availability. An attacker could exploitthis to cause a [ more… ]

USN-3075-1: Imlib2 vulnerabilities Ubuntu Security Notice USN-3075-1 8th September, 2016 imlib2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Imlib2. Software description imlib2 – Image manipulation and rendering library Details Jakub Wilk discovered an out of bounds read in the GIF loaderimplementation in Imlib2. An attacker could use this to cause adenial of service (application crash) or possibly obtain sensitiveinformation. (CVE-2016-3994) Yuriy M. Kaminskiy discovered an off-by-one error when handlingcoordinates in Imlib2. An attacker could use this to cause a denial ofservice (application crash). (CVE-2016-3993) Yuriy M. Kaminskiy discovered that integer overflows existed in Imlib2when handling images with large dimensions. An attacker could usethis to cause a denial of service (memory exhaustion or applicationcrash). (CVE-2014-9771, CVE-2016-4024) Kevin Ryde discovered that [ more… ]

USN-3074-1: File Roller vulnerability Ubuntu Security Notice USN-3074-1 8th September, 2016 file-roller vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary File Roller could be made to delete files. Software description file-roller – archive manager for GNOME Details It was discovered that File Roller incorrectly handled symlinks. If a user weretricked into extracting a specially-crafted archive, an attacker could deletefiles outside of the extraction directory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: file-roller 3.16.5-0ubuntu1.2 Ubuntu 14.04 LTS: file-roller 3.10.2.1-0ubuntu4.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-7162, LP: 1171236 Source: USN-3074-1: File Roller vulnerability

USN-3070-4: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3070-4 30th August, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu16.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS forUbuntu 14.04 LTS. A missing permission check when settings ACLs was discovered in nfsd. Alocal user could exploit this flaw to gain access to any file by setting anACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) James Patrick-Evans discovered that [ more… ]

USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3070-3 30th August, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details A missing permission check when settings ACLs was discovered in nfsd. Alocal user could exploit this flaw to gain access to any file by setting anACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in theLinux kernel did not properly handle certain error conditions. An attackerwith physical access could use this to cause a denial of service (memoryconsumption). (CVE-2016-5400) Yue Cao [ more… ]