Ubuntu security

USN-2954-1: MySQL vulnerabilities Ubuntu Security Notice USN-2954-1 25th April, 2016 mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: mysql-server-5.7 5.7.12-0ubuntu1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-0639, CVE-2016-0642, CVE-2016-0643, CVE-2016-0647, CVE-2016-0648, [ more… ]

USN-2953-1: MySQL vulnerabilities Ubuntu Security Notice USN-2953-1 21st April, 2016 mysql-5.5, mysql-5.6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.6 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: mysql-server-5.6 5.6.30-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: mysql-server-5.5 5.5.49-0ubuntu0.14.04.1 Ubuntu 12.04 [ more… ]

USN-2952-1: PHP vulnerabilities Ubuntu Security Notice USN-2952-1 21st April, 2016 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details It was discovered that the PHP Zip extension incorrectly handleddirectories when processing certain zip files. A remote attacker couldpossibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated datatypes. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2015-8835, CVE-2016-3185) It was discovered that the PHP MySQL native driver incorrectly handled TLSconnections to MySQL databases. A man in the middle attacker could possiblyuse this issue to downgrade and snoop on TLS [ more… ]

USN-2917-3: Firefox regressions Ubuntu Security Notice USN-2917-3 19th April, 2016 firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2917-1 introduced several regressions in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-2917-1 fixed vulnerabilities in Firefox. This update caused severalweb compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo [ more… ]

USN-2951-1: OptiPNG vulnerabilities Ubuntu Security Notice USN-2951-1 18th April, 2016 optipng vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. Software description optipng – advanced PNG (Portable Network Graphics) optimizer Details Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remoteattacker could use this issue with a specially crafted image file to causeOptiPNG to crash, resulting in a denial of service. (CVE-2015-7801) Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remoteattacker could use this issue with a specially crafted image file to causeOptiPNG to crash, resulting in a denial of service. (CVE-2015-7802) Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. Aremote attacker could use this issue with [ more… ]