Ubuntu security

USN-3026-1: libimobiledevice vulnerability Ubuntu Security Notice USN-3026-1 5th July, 2016 libimobiledevice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary libimobiledevice would allow unintended access to devices over the network. Software description libimobiledevice – Library for communicating with iPhone and iPod Touch devices Details It was discovered that libimobiledevice incorrectly handled socketpermissions. A remote attacker could use this issue to access services oniOS devices, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libimobiledevice6 1.2.0+dfsg-3~ubuntu0.2 Ubuntu 15.10: libimobiledevice4 1.1.6+dfsg-3.1ubuntu0.1 Ubuntu 14.04 LTS: libimobiledevice4 1.1.5+git20140313.bafe6a9e-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-5104 Source: USN-3026-1: libimobiledevice vulnerability

USN-3025-1: GIMP vulnerability Ubuntu Security Notice USN-3025-1 5th July, 2016 gimp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GIMP could be made to crash or run programs as your login if it opened a specially crafted file. Software description gimp – The GNU Image Manipulation Program Details It was discovered that GIMP incorrectly handled malformed XCF files. If auser were tricked into opening a specially crafted XCF file, an attackercould cause GIMP to crash, or possibly execute arbitrary code with theuser's privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: gimp 2.8.14-1ubuntu2.1 Ubuntu 14.04 LTS: gimp 2.8.10-0ubuntu1.1 Ubuntu 12.04 LTS: gimp 2.6.12-1ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3015-1: Oxide vulnerabilities Ubuntu Security Notice USN-3015-1 30th June, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denialof service via application crash, or execute arbitrary code.(CVE-2016-1704) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: liboxideqtcore0 1.15.8-0ubuntu0.16.04.1 Ubuntu 15.10: liboxideqtcore0 1.15.8-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.15.8-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3022-1: LibreOffice vulnerability Ubuntu Security Notice USN-3022-1 29th June, 2016 libreoffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 12.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled RTF document files.If a user were tricked into opening a specially crafted RTF document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libreoffice-core 1:5.1.4-0ubuntu1 Ubuntu 15.10: libreoffice-core 1:5.0.6-0ubuntu1 Ubuntu 12.04 LTS: libreoffice-core 1:3.5.7-0ubuntu11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice [ more… ]

USN-3021-2: Linux kernel (OMAP4) vulnerabilities Ubuntu Security Notice USN-3021-2 27th June, 2016 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Andrey Konovalov discovered that the CDC Network Control Model USB driverin the Linux kernel did not cancel work events queued if a later erroroccurred, resulting in a use-after-free. An attacker with physical accesscould use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernelcould be coerced into overwriting kernel memory. A local unprivilegedattacker could use [ more… ]