Ubuntu security

USN-2915-3: Django regression Ubuntu Security Notice USN-2915-3 7th March, 2016 python-django regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary USN-2915-1 introduced a regression in Django. Software description python-django – High-level Python web development framework Details USN-2915-1 fixed vulnerabilities in Django. The upstream fix forCVE-2016-2512 introduced a regression for certain applications. This updatefixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. (CVE-2016-2513) Update instructions The problem can be [ more… ]

USN-2921-1: Squid vulnerabilities Ubuntu Security Notice USN-2921-1 7th March, 2016 squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Squid. Software description squid3 – Web proxy cache server Details Sebastian Krahmer discovered that Squid incorrectly handled certain SNMPrequests. If SNMP is enabled, a remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2014-6270) Alex Rousskov discovered that Squid incorrectly handled certain malformedresponses. A remote attacker could possibly use this issue to cause Squidto crash, resulting in a denial of service. (CVE-2016-2571) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: squid3 3.3.8-1ubuntu16.2 Ubuntu 14.04 LTS: squid3 3.3.8-1ubuntu6.6 Ubuntu 12.04 LTS: squid3 [ more… ]

USN-2915-2: Django regression Ubuntu Security Notice USN-2915-2 7th March, 2016 python-django regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary USN-2915-1 introduced a regression in Django. Software description python-django – High-level Python web development framework Details USN-2915-1 fixed vulnerabilities in Django. The upstream fix forCVE-2016-2512 introduced a regression for certain applications. This updatefixes the problem. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. (CVE-2016-2513) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-2919-1: JasPer vulnerabilities Ubuntu Security Notice USN-2919-1 3rd March, 2016 jasper vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in JasPer. Software description jasper – Library for manipulating JPEG-2000 files Details Jacob Baines discovered that JasPer incorrectly handled ICC color profilesin JPEG-2000 image files. If a user were tricked into opening a speciallycrafted JPEG-2000 image file, a remote attacker could cause JasPer tocrash or possibly execute arbitrary code with user privileges.(CVE-2016-1577) Tyler Hicks discovered that JasPer incorrectly handled memory whenprocessing JPEG-2000 image files. If a user were tricked into opening aspecially crafted JPEG-2000 image file, a remote attacker could causeJasPer to consume memory, resulting in a denial of service.(CVE-2016-2116) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-2918-1: pixman vulnerability Ubuntu Security Notice USN-2918-1 3rd March, 2016 pixman vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary pixman could be made to crash or run programs as your login if it processed specially crafted data. Software description pixman – pixel-manipulation library for X and cairo Details Vincent LE GARREC discovered an integer underflow in pixman. If a user weretricked into opening a specially crafted file, a remote attacker couldcause pixman to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libpixman-1-0 0.30.2-2ubuntu1.1 Ubuntu 12.04 LTS: libpixman-1-0 0.30.2-1ubuntu0.0.0.0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your [ more… ]