Ubuntu security

USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3016-2 27th June, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) [ more… ]

USN-3016-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3016-1 27th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem ofthe Linux kernel. A local attacker [ more… ]

USN-3014-1: Spice vulnerabilities Ubuntu Security Notice USN-3014-1 21st June, 2016 spice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Spice. Software description spice – SPICE protocol client and server library Details Jing Zhao discovered that the Spice smartcard support incorrectly handledmemory. A remote attacker could use this issue to cause Spice to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primarysurface parameters. A malicious guest operating system could potentiallyexploit this issue to escape virtualization. (CVE-2016-2150) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libspice-server1 0.12.6-4ubuntu0.1 Ubuntu 15.10: libspice-server1 [ more… ]

USN-3013-1: XML-RPC for C and C++ vulnerabilities Ubuntu Security Notice USN-3013-1 20th June, 2016 xmlrpc-c vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in XML-RPC for C and C++. Software description xmlrpc-c – Lightweight RPC library based on XML and HTTP Details It was discovered that the Expat code in XML-RPC for C and C++ unexpectedlycalled srand in certain circumstances. This could reduce the security ofcalling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectlyhandled seeding the random number generator. A remote attacker couldpossibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++incorrectly handled malformed XML data. If a user or application linkedagainst XML-RPC for C [ more… ]

USN-3010-1: Expat vulnerabilities Ubuntu Security Notice USN-3010-1 20th June, 2016 expat vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Expat. Software description expat – XML parsing C library Details It was discovered that Expat unexpectedly called srand in certaincircumstances. This could reduce the security of calling applications.(CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random numbergenerator. A remote attacker could possibly use this issue to cause adenial of service. (CVE-2016-5300) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libexpat1 2.1.0-7ubuntu0.16.04.2 lib64expat1 2.1.0-7ubuntu0.16.04.2 Ubuntu 15.10: libexpat1 2.1.0-7ubuntu0.15.10.2 lib64expat1 2.1.0-7ubuntu0.15.10.2 Ubuntu 14.04 LTS: libexpat1 2.1.0-4ubuntu1.3 lib64expat1 2.1.0-4ubuntu1.3 Ubuntu 12.04 LTS: libexpat1 2.0.1-7.2ubuntu1.4 lib64expat1 2.0.1-7.2ubuntu1.4 To update your [ more… ]