Ubuntu security

USN-3034-1: Linux kernel vulnerability Ubuntu Security Notice USN-3034-1 14th July, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel Details Jan Stancek discovered that the Linux kernel's memory manager did notproperly handle moving pages mapped by the asynchronous I/O (AIO) ringbuffer to the other nodes. A local attacker could use this to cause adenial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.13.0-92-powerpc-e500mc 3.13.0-92.139 linux-image-3.13.0-92-powerpc-e500 3.13.0-92.139 linux-image-3.13.0-92-powerpc64-smp 3.13.0-92.139 linux-image-3.13.0-92-generic-lpae 3.13.0-92.139 linux-image-3.13.0-92-powerpc-smp 3.13.0-92.139 linux-image-3.13.0-92-lowlatency 3.13.0-92.139 linux-image-3.13.0-92-generic 3.13.0-92.139 linux-image-3.13.0-92-powerpc64-emb 3.13.0-92.139 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall [ more… ]

USN-3033-1: libarchive vulnerabilities Ubuntu Security Notice USN-3033-1 14th July, 2016 libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libarchive could be made to crash or run programs if it opened a specially crafted file. Software description libarchive – Library to read/write archive files Details Hanno Böck discovered that libarchive contained multiple security issueswhen processing certain malformed archive files. A remote attacker coulduse this issue to cause libarchive to crash, resulting in a denial ofservice, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923,CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930,CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844) Marcin "Icewall" Noga discovered that libarchive contained multiplesecurity issues when processing certain malformed archive files. A remoteattacker could use this issue to cause libarchive to crash, resulting in adenial of [ more… ]

USN-3032-1: eCryptfs vulnerability Ubuntu Security Notice USN-3032-1 14th July, 2016 ecryptfs-utils vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Summary eCryptfs could be made to expose sensitive information. Software description ecryptfs-utils – eCryptfs cryptographic filesystem utilities Details It was discovered that eCryptfs incorrectly configured the encrypted swappartition for certain drive types. An attacker could use this issue to discoversensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: ecryptfs-utils 111-0ubuntu1.1 Ubuntu 15.10: ecryptfs-utils 108-0ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References LP: 1597154 Source: USN-3032-1: eCryptfs vulnerability

USN-3031-1: Pidgin vulnerabilities Ubuntu Security Notice USN-3031-1 12th July, 2016 pidgin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Pidgin could be made to crash or run programs if it received specially crafted network traffic. Software description pidgin – graphical multi-protocol instant messaging client for X Details Yves Younan discovered that Pidgin contained multiple issues in the MXitprotocol support. A remote attacker could use this issue to cause Pidgin tocrash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libpurple0 1:2.10.11-0ubuntu4.2 Ubuntu 14.04 LTS: libpurple0 1:2.10.9-0ubuntu3.3 Ubuntu 12.04 LTS: libpurple0 1:2.10.3-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to [ more… ]

USN-3030-1: GD library vulnerabilities Ubuntu Security Notice USN-3030-1 11th July, 2016 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD library incorrectly handled memory when usinggdImageScaleTwoPass(). A remote attacker could possibly use this issue tocause a denial of service. This issue only affected Ubuntu 14.04 LTS.(CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformedXBM images. If a user or automated system were tricked into processing aspecially crafted XBM image, an attacker could cause a denial of service.This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04LTS. [ more… ]