Ubuntu security

USN-2903-1: NSS vulnerability Ubuntu Security Notice USN-2903-1 17th February, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to expose sensitive information. Software description nss – Network Security Service library Details Hanno Böck discovered that NSS incorrectly handled certain divisionfunctions, possibly leading to cryptographic weaknesses. (CVE-2015-1938) This update also refreshes the NSS package to version 3.21 which includesthe latest CA certificate bundle, and removes the SPI CA. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.21-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libnss3 2:3.21-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: libnss3 2:3.21-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bugfixes. After a standard system update [ more… ]

USN-2902-1: graphite2 vulnerabilities Ubuntu Security Notice USN-2902-1 17th February, 2016 graphite2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. Software description graphite2 – Font rendering engine for Complex Scripts Details Yves Younan discovered that graphite2 incorrectly handled certain malformedfonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to causegraphite2 to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgraphite2-3 1.2.4-3ubuntu1.1 Ubuntu 14.04 LTS: libgraphite2-3 1.2.4-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-2901-1: xdelta3 vulnerability Ubuntu Security Notice USN-2901-1 17th February, 2016 xdelta3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary xdelta3 could be made to crash or run programs if it opened a specially crafted file. Software description xdelta3 – Diff utility which works with binary files Details It was discovered that xdelta3 incorrectly handled certain files. If a useror automated system were tricked into processing a specially-crafted file,a remote attacker could use this issue to cause xdelta3 to crash, resultingin a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: xdelta3 3.0.8-dfsg-1ubuntu0.15.10.2 Ubuntu 14.04 LTS: xdelta3 3.0.7-dfsg-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-2900-1: GNU C Library vulnerability Ubuntu Security Notice USN-2900-1 16th February, 2016 eglibc, glibc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GNU C Library could be made to crash or run programs if it received specially crafted network traffic. Software description eglibc – GNU C Library glibc – GNU C Library Details It was discovered that the GNU C Library incorrectly handled receivingresponses while performing DNS resolution. A remote attacker could use thisissue to cause the GNU C Library to crash, resulting in a denial ofservice, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libc6 2.21-0ubuntu4.1 Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7 Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13 To update your system, please [ more… ]

USN-2899-1: LibreOffice vulnerabilities Ubuntu Security Notice USN-2899-1 16th February, 2016 libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled LWP document files.If a user were tricked into opening a specially crafted LWP document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libreoffice-core 1:5.0.5~rc2-0ubuntu2 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu4 Ubuntu 12.04 LTS: libreoffice-core 1:3.5.7-0ubuntu10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice [ more… ]