Ubuntu security

USN-2950-1: Samba vulnerabilities Ubuntu Security Notice USN-2950-1 18th April, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Jouni Knuutinen discovered that Samba contained multiple flaws in theDCE/RPC implementation. A remote attacker could use this issue to performa denial of service, downgrade secure connections by performing a man inthe middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in theNTLMSSP authentication implementation. A remote attacker could use thisissue to downgrade connections to plain text by performing a man in themiddle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish asecure connection to a server with a [ more… ]

USN-2948-2: Linux kernel (Utopic HWE) regression Ubuntu Security Notice USN-2948-2 11th April, 2016 linux-lts-utopic regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary USN 2948-1 introduced a regression in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic for Trusty Details USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernelbackported to Ubuntu 14.04 LTS. An incorrect reference countingfix in the radeon driver introduced a regression that could cause asystem crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) [ more… ]

USN-2917-2: Firefox regressions Ubuntu Security Notice USN-2917-2 7th April, 2016 firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2917-1 introduced several regressions in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-2917-1 fixed vulnerabilities in Firefox. This update caused severalregressions that could result in search engine settings being lost, thelist of search providers appearing empty or the location bar breakingafter typing an invalid URL. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of [ more… ]

USN-2947-2: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-2947-2 6th April, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily for Trusty Details Ralf Spenneberg discovered that the usbvision driver in the Linux kerneldid not properly sanity check the interfaces and endpoints reported by thedevice. An attacker with physical access could cause a denial of service(system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linuxkernel's CXGB3 driver. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the LinuxExtended Verification Module (EVM). An attacker could use this to affectsystem integrity. (CVE-2016-2085) [ more… ]

USN-2949-1: Linux kernel (Vivid HWE) vulnerabilities Ubuntu Security Notice USN-2949-1 6th April, 2016 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid for Trusty Details Venkatesh Pottem discovered a use-after-free vulnerability in the Linuxkernel's CXGB3 driver. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the LinuxExtended Verification Module (EVM). An attacker could use this to affectsystem integrity. (CVE-2016-2085) David Herrmann discovered that the Linux kernel incorrectly accounted filedescriptors to the original opener for in-flight file descriptors sent overa unix domain socket. A local attacker could use this to cause a denial ofservice (resource [ more… ]