Ubuntu security

USN-2928-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-2928-2 14th March, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash or run programs as an administrator by someone with physical access. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectlyperformed a double-free. A local attacker with physical access could usethis to cause a denial of service (system crash) or possibly executearbitrary code with administrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1479-omap4 3.2.0-1479.105 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to [ more… ]

USN-2927-1: graphite2 vulnerabilities Ubuntu Security Notice USN-2927-1 14th March, 2016 graphite2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. Software description graphite2 – Font rendering engine for Complex Scripts Details It was discovered that graphite2 incorrectly handled certain malformedfonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to causegraphite2 to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgraphite2-3 1.3.6-1ubuntu0.15.10.1 Ubuntu 14.04 LTS: libgraphite2-3 1.3.6-1ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses [ more… ]

USN-2920-1: Oxide vulnerabilities Ubuntu Security Notice USN-2920-1 10th March, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details It was discovered that the ContainerNode::parserRemoveChild function inBlink mishandled widget updates in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to bypass same-origin restrictions.(CVE-2016-1630) It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to bypass same-origin restrictions.(CVE-2016-1631) Multiple use-after-frees were discovered in Blink. If a user were trickedin to opening a specially crafted website, an attacker could potentiallyexploit these to cause a [ more… ]

USN-2926-1: OTR vulnerability Ubuntu Security Notice USN-2926-1 10th March, 2016 libotr vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary OTR could be made to crash or run programs if it received specially crafted network traffic. Software description libotr – Off-the-Record Messaging library Details Markus Vervier discovered that OTR incorrectly handled large incomingmessages. A remote attacker could use this issue to cause OTR to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libotr2 3.2.0-4ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart OTR applications tomake all the necessary changes References CVE-2016-2851 Source: USN-2926-1: OTR vulnerability

USN-2925-1: Bind vulnerabilities Ubuntu Security Notice USN-2925-1 9th March, 2016 bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled input received by the rndccontrol channel. A remote attacker could possibly use this issue to causeBind to crash, resulting in a denial of service. (CVE-2016-1285) It was discovered that Bind incorrectly parsed resource record signaturesfor DNAME resource records. A remote attacker could possibly use this issueto cause Bind to crash, resulting in a denial of service. (CVE-2016-1286) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: bind9 1:9.9.5.dfsg-11ubuntu1.3 Ubuntu 14.04 [ more… ]