Ubuntu security

USN-3057-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3057-1 10th August, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Ben Hawkes discovered an integer overflow in the Linux netfilterimplementation. On systems running 32 bit kernels, a local unprivilegedattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code with administrative privileges.(CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel didnot ensure a data structure was initialized before referencing it after anerror condition occurred. A local attacker could use this to cause a denialof service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpuallocator in the Linux kernel. A local [ more… ]

USN-3056-1: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3056-1 10th August, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Ben Hawkes discovered an integer overflow in the Linux netfilterimplementation. On systems running 32 bit kernels, a local unprivilegedattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code with administrative privileges.(CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel didnot ensure a data structure was initialized before referencing it after anerror condition occurred. A local attacker could use this to cause a denialof service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpuallocator in the Linux kernel. [ more… ]

USN-3048-1: curl vulnerabilities Ubuntu Security Notice USN-3048-1 8th August, 2016 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Bru Rom discovered that curl incorrectly handled client certificates whenresuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates whenreusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectlyreused a connection struct, contrary to expectations. This issue onlyapplied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libcurl3-nss 7.47.0-1ubuntu2.1 libcurl3-gnutls 7.47.0-1ubuntu2.1 libcurl3 7.47.0-1ubuntu2.1 Ubuntu 14.04 LTS: libcurl3-nss 7.35.0-1ubuntu2.8 libcurl3-gnutls 7.35.0-1ubuntu2.8 libcurl3 [ more… ]

USN-3041-1: Oxide vulnerabilities Ubuntu Security Notice USN-3041-1 5th August, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denialof service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not validate theorigin of IPC messages to the plugin broker process. A remote attackercould potentially exploit this to bypass sandbox protection mechanisms.(CVE-2016-1706) It was discovered that Blink does not prevent window creation by adeferred frame. A remote attacker could potentially exploit this to bypasssame origin [ more… ]

USN-3044-1: Firefox vulnerabilities Ubuntu Security Notice USN-3044-1 5th August, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Gustavo Grieco discovered an out-of-bounds read during XML parsing insome circumstances. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit this to cause adenial of service via application crash, or obtain sensitive information.(CVE-2016-0718) Toni Huttunen discovered that once a favicon is requested from a site,the remote server can keep the network connection open even after the pageis closed. A remote attacked could potentially exploit this to trackusers, resulting in information disclosure. (CVE-2016-2830) [ more… ]