Ubuntu security

Ubuntu Security Notice USN-2869-1 14th January, 2016 openssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary OpenSSH could be made to expose sensitive information over the network. Software description openssh – secure shell (SSH) for secure access to remote machines Details It was discovered that the OpenSSH client experimental support for resumingconnections contained multiple security issues. A malicious server coulduse this issue to leak client memory to the server, including privateclient user keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: openssh-client 1:6.9p1-2ubuntu0.1 Ubuntu 15.04: openssh-client 1:6.7p1-5ubuntu1.4 Ubuntu 14.04 LTS: openssh-client 1:6.6p1-2ubuntu2.4 Ubuntu 12.04 LTS: openssh-client 1:5.9p1-5ubuntu1.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

Ubuntu Security Notice USN-2859-1 13th January, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Rudermandiscovered multiple memory safety issues in Thunderbird. If a user weretricked in to opening a specially crafted message, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingThunderbird. (CVE-2015-7201) Ronald Crane discovered a buffer overflow through code inspection. If auser were tricked in to opening a specially crafted website in a browsingcontext, an attacker could potentially exploit this to cause a denial ofservice via application crash, or execute [ more… ]

Ubuntu Security Notice USN-2868-1 13th January, 2016 isc-dhcp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary DHCP server, client, or relay could be made to crash if they received specially crafted network traffic. Software description isc-dhcp – DHCP server and client Details Sebastian Poehn discovered that the DHCP server, client, and relayincorrectly handled certain malformed UDP packets. A remote attacker coulduse this issue to cause the DHCP server, client, or relay to stopresponding, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: isc-dhcp-server 4.3.1-5ubuntu3.1 isc-dhcp-relay 4.3.1-5ubuntu3.1 isc-dhcp-client 4.3.1-5ubuntu3.1 isc-dhcp-server-ldap 4.3.1-5ubuntu3.1 Ubuntu 15.04: isc-dhcp-server 4.3.1-5ubuntu2.3 isc-dhcp-relay 4.3.1-5ubuntu2.3 isc-dhcp-client 4.3.1-5ubuntu2.3 isc-dhcp-server-ldap 4.3.1-5ubuntu2.3 Ubuntu 14.04 LTS: isc-dhcp-server 4.2.4-7ubuntu12.4 isc-dhcp-relay 4.2.4-7ubuntu12.4 isc-dhcp-client 4.2.4-7ubuntu12.4 isc-dhcp-server-ldap [ more… ]

Ubuntu Security Notice USN-2867-1 12th January, 2016 libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libvirt. Software description libvirt – Libvirt virtualization toolkit Details It was discovered that libvirt incorrectly handled the firewall rules onbridge networks when the daemon was restarted. This could result in anunintended firewall configuration. This issue only applied to Ubuntu 12.04LTS. (CVE-2011-4600) Peter Krempa discovered that libvirt incorrectly handled locking whencertain ACL checks failed. A local attacker could use this issue to causelibvirt to stop responding, resulting in a denial of service. This issueonly applied to Ubuntu 14.04 LTS. (CVE-2014-8136) Luyao Huang discovered that libvirt incorrectly handled VNC passwords inshapshot and image files. A remote authenticated user could use this issueto possibly obtain VNC [ more… ]

Ubuntu Security Notice USN-2860-1 11th January, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A race condition was discovered in the MutationObserver implementation inBlink. If a user were tricked in to opening a specially crafted website,an attacker could potentially exploit this to cause a denial of servicevia renderer crash, or execute arbitrary code with the privileges of thesandboxed render process. (CVE-2015-6789) An issue was discovered with the page serializer in Blink. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to inject arbitrary script or HTML.(CVE-2015-6790) Multiple security issues were discovered in Chromium. If a user weretricked in to [ more… ]