Ubuntu security

USN-2944-1: Libav vulnerabilities Ubuntu Security Notice USN-2944-1 4th April, 2016 libav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Libav could be made to crash or run programs as your login if it opened a specially crafted file. Software description libav – Multimedia player, server, encoder and transcoder Details It was discovered that Libav incorrectly handled certain malformed mediafiles. If a user were tricked into opening a crafted media file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libavformat53 4:0.8.17-0ubuntu0.12.04.2 libavcodec53 4:0.8.17-0ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-2945-1: XChat-GNOME vulnerability Ubuntu Security Notice USN-2945-1 4th April, 2016 xchat-gnome vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary XChat-GNOME could be made to expose sensitive information over the network. Software description xchat-gnome – simple and featureful IRC client for GNOME Details It was discovered that XChat-GNOME incorrectly verified the hostname in anSSL certificate. An attacker could trick XChat-GNOME into trusting a rogueserver's certificate, which was signed by a trusted certificate authority,to perform a man-in-the-middle attack. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: xchat-gnome 1:0.30.0~git20141005.816798-0ubuntu6.2 Ubuntu 14.04 LTS: xchat-gnome 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2 Ubuntu 12.04 LTS: xchat-gnome 1:0.30.0~git20110821.e2a400-0.2ubuntu4.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart XChat-GNOME to makeall [ more… ]

USN-2943-1: PCRE vulnerabilities Ubuntu Security Notice USN-2943-1 29th March, 2016 pcre3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary PCRE could be made to crash or run programs if it processed a specially-crafted regular expression. Software description pcre3 – Perl 5 Compatible Regular Expression Library Details It was discovered that PCRE incorrectly handled certain regularexpressions. A remote attacker could use this issue to cause applicationsusing PCRE to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libpcre3 2:8.35-7.1ubuntu1.3 Ubuntu 14.04 LTS: libpcre3 1:8.31-2ubuntu2.2 Ubuntu 12.04 LTS: libpcre3 8.12-4ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart applications [ more… ]

USN-2942-1: OpenJDK 7 vulnerability Ubuntu Security Notice USN-2942-1 24th March, 2016 openjdk-7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary OpenJDK could be made to crash or run programs as your login if it received specially crafted input. Software description openjdk-7 – Open Source Java implementation Details A vulnerability was discovered in the JRE related to informationdisclosure, data integrity, and availability. An attacker could exploitthese to cause a denial of service, expose sensitive data over the network,or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.10.2 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.10.2 icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.10.2 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.10.2 openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.10.2 Ubuntu 14.04 LTS: openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.14.04.2 icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jdk 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jre 7u95-2.6.4-0ubuntu0.14.04.2 To update your system, please follow [ more… ]

USN-2941-1: Quagga vulnerabilities Ubuntu Security Notice USN-2941-1 24th March, 2016 quagga vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Quagga could be made to crash or run programs if it received specially crafted network traffic. Software description quagga – BGP/OSPF/RIP routing daemon Details Kostya Kortchinsky discovered that Quagga incorrectly handled certain routedata when configured with BGP peers enabled for VPNv4. A remote attackercould use this issue to cause Quagga to crash, resulting in a denial ofservice, or possibly execute arbitrary code. (CVE-2016-2342) It was discovered that Quagga incorrectly handled messages with a largeLSA when used in certain configurations. A remote attacker could use thisissue to cause Quagga to crash, resulting in a denial of service. Thisissue only affected Ubuntu 12.04 LTS. (CVE-2013-2236) Update instructions The problem can [ more… ]