Ubuntu security

USN-3012-1: Wget vulnerability Ubuntu Security Notice USN-3012-1 20th June, 2016 wget vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Wget could be made to overwrite files. Software description wget – retrieves files from the web Details Dawid Golunski discovered that Wget incorrectly handled filenames whenbeing redirected from an HTTP to an FTP URL. A malicious server couldpossibly use this issue to overwrite local files. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: wget 1.17.1-1ubuntu1.1 Ubuntu 15.10: wget 1.16.1-1ubuntu1.1 Ubuntu 14.04 LTS: wget 1.15-1ubuntu1.14.04.2 Ubuntu 12.04 LTS: wget 1.13.4-2ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-4971 Source: USN-3012-1: [ more… ]

USN-3011-1: HAProxy vulnerability Ubuntu Security Notice USN-3011-1 20th June, 2016 haproxy vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary HAProxy could be made to crash if it received specially crafted network traffic. Software description haproxy – fast and reliable load balancing reverse proxy Details Falco Schmutz discovered that HAProxy incorrectly handled the reqdenyfilter. A remote attacker could use this issue to cause HAProxy to crash,resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: haproxy 1.6.3-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-5360 Source: USN-3011-1: HAProxy vulnerability

USN-3009-1: Dnsmasq vulnerability Ubuntu Security Notice USN-3009-1 20th June, 2016 dnsmasq vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Summary Dnsmasq could be made to crash if it received specially crafted network traffic. Software description dnsmasq – Small caching DNS proxy and DHCP/TFTP server Details Edwin Török discovered that Dnsmasq incorrectly handled certain CNAMEresponses. A remote attacker could use this issue to cause Dnsmasq tocrash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: dnsmasq 2.75-1ubuntu0.16.04.1 dnsmasq-utils 2.75-1ubuntu0.16.04.1 dnsmasq-base 2.75-1ubuntu0.16.04.1 Ubuntu 15.10: dnsmasq 2.75-1ubuntu0.15.10.1 dnsmasq-utils 2.75-1ubuntu0.15.10.1 dnsmasq-base 2.75-1ubuntu0.15.10.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2015-8899 [ more… ]

USN-3008-1: Linux kernel (Qualcomm Snapdragon) vulnerability Ubuntu Security Notice USN-3008-1 10th June, 2016 linux-snapdragon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Jann Horn discovered that eCryptfs improperly attempted to use the mmap()handler of a lower filesystem that did not implement one, causing arecursive page fault to occur. A local unprivileged attacker could use tocause a denial of service (system crash) or possibly execute arbitrary codewith administrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1015-snapdragon 4.4.0-1015.18 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the [ more… ]

USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3007-1 10th June, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linuxkernel incorrectly enables scatter/gather I/O. A remote attacker could usethis to obtain potentially sensitive information from kernel memory.(CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap()handler of a lower filesystem that did not implement one, causing arecursive page fault to occur. A local unprivileged attacker could use tocause a denial of service (system crash) or possibly execute arbitrary codewith administrative privileges. (CVE-2016-1583) Multiple race conditions where discovered in the Linux kernel's ext4 filesystem. A local user [ more… ]