Ubuntu security

USN-2936-2: Oxygen-GTK3 update Ubuntu Security Notice USN-2936-2 2nd May, 2016 oxygen-gtk3 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme Software description oxygen-gtk3 – Oxygen widget theme for GTK3-based applications Details USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox tocrash on startup with the Oxygen GTK theme due to a pre-existing bug inthe Oxygen-GTK3 theme engine. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to [ more… ]

USN-2957-2: Libtasn1 vulnerability Ubuntu Security Notice USN-2957-2 2nd May, 2016 libtasn1-6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Libtasn1 could be made to hang if it processed specially crafted data. Software description libtasn1-6 – Library to manage ASN.1 structures Details USN-2957-1 fixed a vulnerability in Libtasn1. This update provides thecorresponding update for Ubuntu 16.04 LTS. Original advisory details: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libtasn1-6 4.7-3ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-2958-1: poppler vulnerabilities Ubuntu Security Notice USN-2958-1 2nd May, 2016 poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary poppler could be made to crash or run programs if it opened a specially crafted file. Software description poppler – PDF rendering library Details It was discovered that the poppler pdfseparate tool incorrectly handledcertain filenames. A local attacker could use this issue to cause the toolto crash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,CVE-2013-4474) It was discovered that poppler incorrectly parsed certain malformed PDFdocuments. If a user or automated system were tricked into opening acrafted PDF file, an attacker could cause a denial of service or possiblyexecute arbitrary code with privileges of the user invoking the [ more… ]

USN-2957-1: Libtasn1 vulnerability Ubuntu Security Notice USN-2957-1 2nd May, 2016 libtasn1-3, libtasn1-6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libtasn1 could be made to hang if it processed specially crafted data. Software description libtasn1-3 – Library to manage ASN.1 structures libtasn1-6 – Library to manage ASN.1 structures Details Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handledcertain malformed DER certificates. A remote attacker could possibly usethis issue to cause applications using Libtasn1 to hang, resulting in adenial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libtasn1-6 4.5-2ubuntu0.1 Ubuntu 14.04 LTS: libtasn1-6 3.4-3ubuntu0.4 Ubuntu 12.04 LTS: libtasn1-3 2.10-1ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-2956-1: ubuntu-core-launcher vulnerability Ubuntu Security Notice USN-2956-1 29th April, 2016 ubuntu-core-launcher vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary ubuntu-core-launcher did not properly isolate snaps from one another. Software description ubuntu-core-launcher – Snap application launcher Details Zygmunt Krynicki discovered that ubuntu-core-launcher did not properlysanitize its input and contained a logic error when determining themountpoint of bind mounts when using snaps on traditional Ubuntu systems(eg, desktop and server). If a user were tricked into installing amalicious snap with a crafted snap name, an attacker could perform adelayed attack to steal data or execute code within the security context ofanother snap. This issue did not affect Ubuntu Core systems. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: ubuntu-core-launcher 1.0.27.1 To update your system, [ more… ]