Ubuntu security

USN-2991-1: nginx vulnerability Ubuntu Security Notice USN-2991-1 2nd June, 2016 nginx vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary nginx could be made to crash if it received specially crafted network traffic. Software description nginx – small, powerful, scalable web/proxy server Details It was discovered that nginx incorrectly handled saving client requestbodies to temporary files. A remote attacker could possibly use this issueto cause nginx to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2 Ubuntu 15.10: nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-core 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2 Ubuntu 14.04 LTS: nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-core 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5 To update your system, please follow [ more… ]

USN-2990-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-2990-1 2nd June, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectlysanitized untrusted input. A remote attacker could use these issues toexecute arbitrary code. These issues are known as "ImageTragick". Thisupdate disables problematic coders via the /etc/ImageMagick-6/policy.xmlconfiguration file. In certain environments the coders may need to bemanually re-enabled after making sure that ImageMagick does not processuntrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716,CVE-2016-3717, CVE-2016-3718) Bob Friesenhahn discovered that ImageMagick allowed injecting commands viaan image file or filename. A remote attacker could use this issue toexecute arbitrary code. (CVE-2016-5118) Update instructions The problem can be corrected [ more… ]

USN-2989-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2989-1 1st June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linuxkernel incorrectly enables scatter/gather I/O. A remote attacker could usethis to obtain potentially sensitive information from kernel memory.(CVE-2016-2117) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USBover wifi device drivers in the Linux kernel. A remote attacker could usethis to cause a denial of service (system crash) or obtain potentiallysensitive information from kernel memory. (CVE-2015-4004) Andy Lutomirski discovered a race condition in the Linux kernel'stranslation lookaside buffer (TLB) handling of flush events. A localattacker could use this to cause a denial of service or [ more… ]

USN-2988-1: LXD vulnerabilities Ubuntu Security Notice USN-2988-1 31st May, 2016 lxd vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Summary Several security issues were fixed in LXD. Software description lxd – Container hypervisor based on LXC Details Robie Basak discovered that LXD incorrectly set permissions when setting upa loop based ZFS pool. A local attacker could use this issue to copy andread the data of any LXD container. (CVE-2016-1581) Robie Basak discovered that LXD incorrectly set permissions when switchingan unprivileged container into privileged mode. A local attacker could usethis issue to access any world readable path in the container directory,including setuid binaries. (CVE-2016-1582) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: lxd 2.0.2-0ubuntu1~16.04.1 Ubuntu 15.10: lxd 0.20-0ubuntu4.2 To update your [ more… ]

USN-2987-1: GD library vulnerabilities Ubuntu Security Notice USN-2987-1 31st May, 2016 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD library incorrectly handled certain colortables in XPM images. If a user or automated system were tricked intoprocessing a specially crafted XPM image, an attacker could cause a denialof service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2014-2497) It was discovered that the GD library incorrectly handled certain malformedGIF images. If a user or automated system were tricked into processing aspecially crafted GIF image, an attacker could cause a [ more… ]