Ubuntu security

USN-2981-1: libarchive vulnerabilities Ubuntu Security Notice USN-2981-1 17th May, 2016 libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libarchive could be made to crash or run programs if it opened a specially crafted file. Software description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain entry-sizevalues in ZIP archives. A remote attacker could use this issue to causelibarchive to crash, resulting in a denial of service, or possibly executearbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10and Ubuntu 16.04 LTS. (CVE-2016-1541) It was discovered that libarchive incorrectly handled memory whenprocessing certain tar files. A remote attacker could use this issue tocuase libarchive to crash, resulting in a denial of service. (CVE numberpending) Update [ more… ]

USN-2982-1: Libksba vulnerabilities Ubuntu Security Notice USN-2982-1 17th May, 2016 libksba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libksba could be made to crash or run programs if it decoded specially crafted data. Software description libksba – X.509 and CMS support library Details Hanno Böck discovered that Libksba incorrectly handled decoding certain BERdata. An attacker could use this issue to cause Libksba to crash, resultingin a denial of service. This issue only applied to Ubunt 12.04 LTS andUbuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain BERdata. An attacker could use this issue to cause Libksba to crash, resultingin a denial of service, or possibly execute arbitrary code. This issue onlyapplied to Ubunt 12.04 LTS and Ubuntu 14.04 LTS. [ more… ]

USN-2980-1: libndp vulnerability Ubuntu Security Notice USN-2980-1 17th May, 2016 libndp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Summary libndp could be tricked into accepting an NDP message from outside the local network. Software description libndp – Library for Neighbor Discovery Protocol Details Julien Bernard discovered that libndp incorrectly performed origin checkswhen receiving Neighbor Discovery Protocol (NDP) messages. A remoteattacker outside of the local network could use this issue to advertise anode as a router, causing a denial of service, or possibly to act as a manin the middle. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libndp0 1.4-2ubuntu0.16.04.1 Ubuntu 15.10: libndp0 1.4-2ubuntu0.15.10.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-2975-1: Linux kernel vulnerability Ubuntu Security Notice USN-2975-1 16th May, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. (CVE-2016-0758) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.13.0-86-powerpc64-emb 3.13.0-86.131 linux-image-3.13.0-86-generic-lpae 3.13.0-86.131 linux-image-3.13.0-86-powerpc-e500mc 3.13.0-86.131 linux-image-3.13.0-86-lowlatency 3.13.0-86.131 linux-image-3.13.0-86-powerpc64-smp 3.13.0-86.131 linux-image-3.13.0-86-generic 3.13.0-86.131 linux-image-3.13.0-86-powerpc-smp 3.13.0-86.131 linux-image-3.13.0-86-powerpc-e500 3.13.0-86.131 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-2976-1: Linux kernel (Utopic HWE) vulnerability Ubuntu Security Notice USN-2976-1 16th May, 2016 linux-lts-utopic vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic for Trusty Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.16.0-71-powerpc-smp 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-generic-lpae 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc-e500mc 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-lowlatency 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc64-emb 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc64-smp 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-generic 3.16.0-71.92~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]