Ubuntu security

USN-2913-2: glib-networking update Ubuntu Security Notice USN-2913-2 24th February, 2016 glib-networking update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Updated glib-networking packages are required for the USN-2913-1 update. Software description glib-networking – network-related giomodules for GLib Details USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificatespackage. This update adds support for alternate certificate chains to theglib-networking package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: glib-networking 2.46.0-1ubuntu0.1 Ubuntu 14.04 LTS: glib-networking 2.40.0-1ubuntu0.1 Ubuntu 12.04 LTS: [ more… ]

USN-2903-2: NSS regression Ubuntu Security Notice USN-2903-2 23rd February, 2016 nss regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-2903-1 introduced a regression in NSS. Software description nss – Network Security Service library Details USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioningchange in Ubuntu 12.04 LTS caused a regression when building softwareagainst NSS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hanno Böck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. (CVE-2016-1938) This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libnss3-dev 2:3.21-0ubuntu0.12.04.2 To update your system, please [ more… ]

USN-2912-1: libssh vulnerabilities Ubuntu Security Notice USN-2912-1 23rd February, 2016 libssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libssh. Software description libssh – A tiny C SSH library Details Mariusz Ziulek discovered that libssh incorrectly handled certain packets.A remote attacker could possibly use this issue to cause libssh to crash,resulting in a denial of service.(CVE-2015-3146) Aris Adamantiadis discovered that libssh incorrectly generated ephemeralsecret keys of 128 bits instead of the recommended 1024 or 2048 bits whenusing the diffie-hellman-group1 and diffie-hellman-group14 methods. If aremote attacker were able to perform a man-in-the-middle attack, this flawcould be exploited to view sensitive information. (CVE-2016-0739) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libssh-4 0.6.3-3ubuntu3.2 [ more… ]

USN-2905-1: Oxide vulnerability Ubuntu Security Notice USN-2905-1 23rd February, 2016 oxide-qt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Oxide could be made to bypass same-origin restrictions. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A security issue was discovered in Chromium. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploitthis to bypass same-origin restrictions or a sandbox protection mechanism.(CVE-2016-1629) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: liboxideqtcore0 1.12.7-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.12.7-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1629 Source: USN-2905-1: Oxide vulnerability

USN-2911-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-2911-2 22nd February, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1477-omap4 3.2.0-1477.100 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which [ more… ]