Ubuntu security

USN-2855-2: Samba regression Ubuntu Security Notice USN-2855-2 16th February, 2016 samba regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2855-1 introduced a regression in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-2855-1 fixed vulnerabilities in Samba. The upstream fix forCVE-2015-5252 introduced a regression in certain specific environments.This update fixes the problem. Original advisory details: Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A remote attacker could use this issue to access files outside [ more… ]

Ubuntu Security Notice USN-2898-2 15th February, 2016 eog vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. Software description eog – Eye of GNOME graphics viewer program Details It was discovered that Eye of GNOME incorrectly handled certain largeimages. If a user were tricked into opening a specially-crafted image, aremote attacker could use this issue to cause Eye of GNOME to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: eog 3.16.3-1ubuntu2.1 Ubuntu 14.04 LTS: eog 3.10.2-0ubuntu5.1 Ubuntu 12.04 LTS: eog 3.4.2-0ubuntu1.2 To update your system, please [ more… ]

Ubuntu Security Notice USN-2898-1 15th February, 2016 gtk+2.0, gtk+3.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GTK+ could be made to crash or run programs as your login if it processed a specially crafted image. Software description gtk+2.0 – GTK+ graphical user interface library gtk+3.0 – GTK+ graphical user interface library Details It was discovered that GTK+ incorrectly handled certain large images. Aremote attacker could use this issue to cause GTK+ applications to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgtk2.0-0 2.24.28-1ubuntu1.1 Ubuntu 14.04 LTS: libgtk2.0-0 2.24.23-0ubuntu1.4 Ubuntu 12.04 LTS: libgtk2.0-0 2.24.10-0ubuntu6.3 libgtk-3-0 3.4.2-0ubuntu0.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After [ more… ]

Ubuntu Security Notice USN-2897-1 15th February, 2016 nettle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Nettle. Software description nettle – low level cryptographic library (public-key cryptos) Details Hanno Böck discovered that Nettle incorrectly handled carry propagation inthe NIST P-256 elliptic curve. (CVE-2015-8803) Hanno Böck discovered that Nettle incorrectly handled carry propagation inthe NIST P-384 elliptic curve. (CVE-2015-8804) Niels Moeller discovered that Nettle incorrectly handled carry propagationin the NIST P-256 elliptic curve. (CVE-2015-8805) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnettle6 3.1.1-4ubuntu0.1 Ubuntu 14.04 LTS: libnettle4 2.7.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8803, CVE-2015-8804, CVE-2015-8805 Source: [ more… ]

Ubuntu Security Notice USN-2896-1 15th February, 2016 libgcrypt11, libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt11 – LGPL Crypto library libgcrypt20 – LGPL Crypto library Details Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discoveredthat Libgcrypt was susceptible to an attack via physical side channels. Alocal attacker could use this attack to possibly recover private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgcrypt20 1.6.3-2ubuntu1.1 Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.3 Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-7511 Source: ubuntu-usn