Ubuntu security

Ubuntu Security Notice USN-2885-1 1st February, 2016 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto information disclosure, data integrity, and availability. Anattacker could exploit these to cause a denial of service, exposesensitive data over the network, or possibly execute arbitrary code.(CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive dataover the network or possibly execute arbitrary code. (CVE-2016-0402) A vulnerability was discovered in the OpenJDK JRE related toinformation disclosure. An attacker could exploit this to exposesensitive data over the network. (CVE-2016-0448) A vulnerability was discovered in the OpenJDK JRE related toavailability. An attacker [ more… ]

Ubuntu Security Notice USN-2884-1 1st February, 2016 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto information disclosure, data integrity, and availability. Anattacker could exploit these to cause a denial of service, exposesensitive data over the network, or possibly execute arbitrary code.(CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive dataover the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be usedfor TLS connections. If a remote attacker were able to perform aman-in-the-middle attack, this flaw could be exploited to exposesensitive [ more… ]

Ubuntu Security Notice USN-2883-1 28th January, 2016 openssl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary OpenSSL could be made to expose sensitive information over the network. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Antonio Sanso discovered that OpenSSL reused the same private DH exponentfor the life of a server process when configured with a X9.42 styleparameter file. This could allow a remote attacker to possibly discover theserver's private DH exponent when being used with non-safe primes. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2016-0701 Source: ubuntu-usn

Ubuntu Security Notice USN-2882-1 27th January, 2016 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary curl would incorrectly re-use credentials. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Isaac Boukris discovered that curl could incorrectly re-use NTLM proxycredentials when subsequently connecting to the same host. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libcurl3-nss 7.43.0-1ubuntu2.1 libcurl3-gnutls 7.43.0-1ubuntu2.1 libcurl3 7.43.0-1ubuntu2.1 Ubuntu 15.04: libcurl3-nss 7.38.0-3ubuntu2.3 libcurl3-gnutls 7.38.0-3ubuntu2.3 libcurl3 7.38.0-3ubuntu2.3 Ubuntu 14.04 LTS: libcurl3-nss 7.35.0-1ubuntu2.6 libcurl3-gnutls 7.35.0-1ubuntu2.6 libcurl3 7.35.0-1ubuntu2.6 Ubuntu 12.04 LTS: libcurl3-nss 7.22.0-3ubuntu4.15 libcurl3-gnutls 7.22.0-3ubuntu4.15 libcurl3 7.22.0-3ubuntu4.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-0755 Source: [ more… ]

Ubuntu Security Notice USN-2877-1 27th January, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A bad cast was discovered in V8. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tocause a denial of service via renderer crash or execute arbitrary codewith the privileges of the sandboxed render process. (CVE-2016-1612) An issue was discovered when initializing the UnacceleratedImageBufferSurfaceclass in Blink. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to obtain sensitiveinformation. (CVE-2016-1614) An issue was discovered with the CSP implementation in Blink. If a userwere tricked in to opening [ more… ]