Ubuntu security

Ubuntu Security Notice USN-2880-1 27th January, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith,and Gabor Krizsanits discovered multiple memory safety issues in Firefox.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit these to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1930, CVE-2016-1931) Gustavo Grieco discovered an out-of-memory crash when loading GIF imagesin some circumstances. If a user were [ more… ]

Ubuntu Security Notice USN-2881-1 26th January, 2016 mysql-5.5, mysql-5.6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.6 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: mysql-server-5.6 5.6.28-0ubuntu0.15.10.1 Ubuntu 15.04: mysql-server-5.6 5.6.28-0ubuntu0.15.04.1 Ubuntu [ more… ]

Ubuntu Security Notice USN-2879-1 21st January, 2016 rsync vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary rsync could be made to write files outside of the expected directory. Software description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync incorrectly handled invalid filenames. Amalicious server could use this issue to write files outside of theintended destination directory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: rsync 3.1.1-3ubuntu0.15.10.1 Ubuntu 15.04: rsync 3.1.1-3ubuntu0.15.04.1 Ubuntu 14.04 LTS: rsync 3.1.0-2ubuntu0.2 Ubuntu 12.04 LTS: rsync 3.0.9-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2014-9512 Source: ubuntu-usn

Ubuntu Security Notice USN-2878-1 21st January, 2016 perl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Summary Perl incorrectly handled the taint attribute. Software description perl – Practical Extraction and Report Language Details David Golden discovered that the canonpath function in the Perl File::Specmodule did not properly preserve the taint attribute. An attacker couldpossibly use this issue to bypass the taint protection mechanism. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: perl 5.20.2-6ubuntu0.1 Ubuntu 15.04: perl 5.20.2-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8607 Source: ubuntu-usn

Ubuntu Security Notice USN-2876-1 20th January, 2016 ecryptfs-utils vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary mount.ecryptfs_private could be used to run programs as an administrator. Software description ecryptfs-utils – eCryptfs cryptographic filesystem utilities Details Jann Horn discovered that mount.ecryptfs_private would mount over certaindirectories in the proc filesystem. A local attacker could use this to escalatetheir privileges. (CVE-2016-1572) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: ecryptfs-utils 108-0ubuntu1.1 Ubuntu 15.04: ecryptfs-utils 107-0ubuntu1.3 Ubuntu 14.04 LTS: ecryptfs-utils 104-0ubuntu1.14.04.4 Ubuntu 12.04 LTS: ecryptfs-utils 96-0ubuntu3.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1572 Source: ubuntu-usn