Ubuntu security

USN-2939-1: LibTIFF vulnerabilities Ubuntu Security Notice USN-2939-1 23rd March, 2016 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformedimages. If a user or automated system were tricked into opening a speciallycrafted image, a remote attacker could crash the application, leading to adenial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libtiff5 4.0.3-12.3ubuntu2.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.4 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.9 To update your system, please follow [ more… ]

USN-2938-1: Git vulnerabilities Ubuntu Security Notice USN-2938-1 21st March, 2016 git vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository. Software description git – fast, scalable, distributed revision control system Details Laël Cellier discovered that Git incorrectly handled path strings incrafted Git repositories. A remote attacker could use this issue to causea denial of service or possibly execute arbitrary code with theprivileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: git 1:2.5.0-1ubuntu0.2 Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.3 Ubuntu 12.04 LTS: git 1:1.7.9.5-1ubuntu0.3 To update your system, please follow these [ more… ]

USN-2937-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-2937-1 21st March, 2016 webkitgtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkitgtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.15.10.1 libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-2935-3: PAM regression Ubuntu Security Notice USN-2935-3 17th March, 2016 pam regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-2935-1 introduced a regression in PAM. Software description pam – Pluggable Authentication Modules Details USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packagingchange that prevented upgrades in certain multiarch environments. USN-2935-2intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. Thisupdate fixes the problem in Ubuntu 12.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. [ more… ]

USN-2935-2: PAM regression Ubuntu Security Notice USN-2935-2 16th March, 2016 pam regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2935-1 introduced a regression in PAM. Software description pam – Pluggable Authentication Modules Details USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packagingchange that prevented upgrades in certain multiarch environments. Thisupdate fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, [ more… ]