Ubuntu security

USN-3047-2: QEMU regression Ubuntu Security Notice USN-3047-2 12th August, 2016 qemu, qemu-kvm regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3047-1 introduced a regression in QEMU. Software description qemu – Machine emulator and virtualizer qemu-kvm – Machine emulator and virtualizer Details USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403caused a regression which resulted in save/restore failures when virtiomemory balloon statistics are enabled. This update temporarily reverts thesecurity fix for CVE-2016-5403 pending further investigation. We apologizefor the inconvenience. Original advisory details: Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default [ more… ]

USN-3060-1: GD library vulnerabilities Ubuntu Security Notice USN-3060-1 10th August, 2016 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD library incorrectly handled certain malformedTGA images. If a user or automated system were tricked into processing aspecially crafted TGA image, an attacker could cause a denial of service.(CVE-2016-6132, CVE-2016-6214) It was discovered that the GD library incorrectly handled memory when usinggdImageScale(). A remote attacker could possibly use this issue to cause adenial of service or possibly execute arbitrary code. (CVE-2016-6207) Update instructions The problem can be corrected by updating your system to the following package version: [ more… ]

USN-3059-1: xmlrpc-epi vulnerability Ubuntu Security Notice USN-3059-1 10th August, 2016 xmlrpc-epi vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary xmlrpc-epi could be made to crash or run programs if it processed specially crafted data. Software description xmlrpc-epi – a XML-RPC request library Details It was discovered that xmlrpc-epi incorrectly handled lengths in thesimplestring_addn function. A remote attacker could use this issue to causeapplications using xmlrpc-epi such as PHP to crash, resulting in a denialof service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libxmlrpc-epi0 0.54.2-1.1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-6296 Source: USN-3059-1: xmlrpc-epi vulnerability

USN-3055-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3055-1 10th August, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Ben Hawkes discovered an integer overflow in the Linux netfilterimplementation. On systems running 32 bit kernels, a local unprivilegedattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code with administrative privileges.(CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel didnot ensure a data structure was initialized before referencing it after anerror condition occurred. A local attacker could use this to cause a denialof service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpuallocator in the Linux kernel. A local attacker could use this to [ more… ]

USN-3054-1: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3054-1 10th August, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details Ben Hawkes discovered an integer overflow in the Linux netfilterimplementation. On systems running 32 bit kernels, a local unprivilegedattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code with administrative privileges.(CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel didnot ensure a data structure was initialized before referencing it after anerror condition occurred. A local attacker could use this to cause a denialof service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpuallocator in the Linux [ more… ]