Ubuntu security

USN-3040-1: MySQL vulnerabilities Ubuntu Security Notice USN-3040-1 21st July, 2016 mysql-5.5, mysql-5.6, mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.6 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has beenupdated to MySQL 5.7.13. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Update instructions The problem can be corrected by updating your system [ more… ]

USN-3039-1: Django vulnerability Ubuntu Security Notice USN-3039-1 19th July, 2016 python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary A security issue was fixed in Django. Software description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled the admin's add/changerelated popup. A remote attacker could possibly use this issue to perform across-site scripting attack. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: python3-django 1.8.7-1ubuntu5.1 python-django 1.8.7-1ubuntu5.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-6186 Source: USN-3039-1: Django vulnerability

USN-3038-1: Apache HTTP Server vulnerability Ubuntu Security Notice USN-3038-1 18th July, 2016 apache2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary A security issue was fixed in the Apache HTTP Server. Software description apache2 – Apache HTTP server Details It was discovered that the Apache HTTP Server would set the HTTP_PROXYenvironment variable based on the contents of the Proxy header from HTTPrequests. A remote attacker could possibly use this issue in combinationwith CGI scripts that honour the HTTP_PROXY variable to redirect outgoingHTTP requests. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.1 Ubuntu 15.10: apache2-bin 2.4.12-2ubuntu2.1 Ubuntu 14.04 LTS: apache2.2-bin 2.4.7-1ubuntu4.13 Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.11 To update your system, please follow [ more… ]

USN-3023-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3023-1 18th July, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that NSPR incorrectly handled memory allocation. If auser were tricked in to opening a specially crafted message, an attackercould potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code. (CVE-2016-1951) Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson,discovered multiple memory safety issues in Thunderbird. If a user weretricked in to opening a specially crafted message, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, [ more… ]

USN-3037-1: Linux kernel (Vivid HWE) vulnerability Ubuntu Security Notice USN-3037-1 14th July, 2016 linux-lts-vivid vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid for Trusty Details Jan Stancek discovered that the Linux kernel's memory manager did notproperly handle moving pages mapped by the asynchronous I/O (AIO) ringbuffer to the other nodes. A local attacker could use this to cause adenial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.19.0-65-powerpc64-smp 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-powerpc-smp 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-powerpc-e500mc 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-powerpc64-emb 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-generic 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-generic-lpae 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-lowlatency 3.19.0-65.73~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]