Ubuntu security

Ubuntu Security Notice USN-2893-1 11th February, 2016 firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary A same-origin-policy bypass was discovered in Firefox. Software description firefox – Mozilla Open Source web browser Details Jason Pang discovered that service workers intercept responses to pluginnetwork requests made through the browser. An attacker could potentiallyexploit this to bypass same origin restrictions using the Flash plugin.(CVE-2016-1949) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: firefox 44.0.2+build1-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: firefox 44.0.2+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 44.0.2+build1-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to makeall the necessary changes. References CVE-2016-1949 Source: ubuntu-usn

Ubuntu Security Notice USN-2894-1 11th February, 2016 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary PostgreSQL could be made to crash or run programs if it handled specially crafted data. Software description postgresql-9.1 – Object-relational SQL database postgresql-9.3 – Object-relational SQL database postgresql-9.4 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causePostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configurationsettings (GUCS) for users of PL/Java. A remote attacker could possibly usethis issue to escalate privileges. (CVE-2016-0766) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: postgresql-9.4 9.4.6-0ubuntu0.15.10 Ubuntu 14.04 LTS: [ more… ]

Ubuntu Security Notice USN-2892-1 9th February, 2016 nginx vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in nginx. Software description nginx – small, powerful, scalable web/proxy server Details It was discovered that nginx incorrectly handled certain DNS serverresponses when the resolver is enabled. A remote attacker could possiblyuse this issue to cause nginx to crash, resulting in a denial of service.(CVE-2016-0742) It was discovered that nginx incorrectly handled CNAME response processingwhen the resolver is enabled. A remote attacker could use this issue tocause nginx to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-0746) It was discovered that nginx incorrectly handled CNAME resolution whenthe resolver is enabled. A remote attacker could possibly use this issue tocause nginx to consume resources, resulting in [ more… ]

Ubuntu Security Notice USN-2880-2 8th February, 2016 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2880-1 introduced a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-2880-1 fixed vulnerabilities in Firefox. This update introduced aregression which caused Firefox to crash on startup with some configurations.This update fixes the problem. We apologize for the inconvenience. Original advisory details: Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges [ more… ]

Ubuntu Security Notice USN-2891-1 3rd February, 2016 qemu, qemu-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer qemu-kvm – Machine emulator and virtualizer Details Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. Anattacker inside the guest could use this issue to cause QEMU to crash,resulting in a denial of service. This issue only affected Ubuntu 14.04 LTSand Ubuntu 15.10. (CVE-2015-7549) Lian Yihan discovered that QEMU incorrectly handled the VNC server. Aremote attacker could use this issue to cause QEMU to crash, resulting in adenial of service. (CVE-2015-8504) Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit [ more… ]