Ubuntu security

Ubuntu Security Notice USN-2866-1 8th January, 2016 firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to expose sensitive information over the network. Software description firefox – Mozilla Open Source web browser Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: firefox 43.0.4+build3-0ubuntu0.15.10.1 Ubuntu 15.04: firefox 43.0.4+build3-0ubuntu0.15.04.1 Ubuntu 14.04 LTS: firefox 43.0.4+build3-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 43.0.4+build3-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox [ more… ]

Ubuntu Security Notice USN-2865-1 8th January, 2016 gnutls26, gnutls28 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GnuTLS could be made to expose sensitive information over the network. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.04: libgnutls-openssl27 3.3.8-3ubuntu3.2 libgnutls-deb0-28 3.3.8-3ubuntu3.2 libgnutlsxx28 3.3.8-3ubuntu3.2 Ubuntu 14.04 LTS: libgnutlsxx27 2.12.23-12ubuntu2.4 libgnutls-openssl27 2.12.23-12ubuntu2.4 libgnutls26 2.12.23-12ubuntu2.4 Ubuntu 12.04 LTS: libgnutlsxx27 2.12.14-5ubuntu3.11 libgnutls-openssl27 2.12.14-5ubuntu3.11 libgnutls26 2.12.14-5ubuntu3.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

Ubuntu Security Notice USN-2864-1 7th January, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to expose sensitive information over the network. Software description nss – Network Security Service library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.19.2.1-0ubuntu0.15.10.2 Ubuntu 15.04: libnss3 2:3.19.2.1-0ubuntu0.15.04.2 Ubuntu 14.04 LTS: libnss3 2:3.19.2.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.19.2.1-0ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications [ more… ]

Ubuntu Security Notice USN-2863-1 7th January, 2016 openssl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary OpenSSL could be made to expose sensitive information over the network. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSLincorrectly allowed MD5 to be used for TLS 1.2 connections. If a remoteattacker were able to perform a man-in-the-middle attack, this flaw couldbe exploited to view sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.33 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2015-7575 Source: ubuntu-usn

Ubuntu Security Notice USN-2862-1 7th January, 2016 pygments vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Pygments could be made to crash or run programs if it processed a specially crafted font request. Software description pygments – syntax highlighting package written in Python Details It was discovered that Pygments incorrectly sanitized strings used tosearch system fonts. An attacker could possibly use this issue to executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: python3-pygments 2.0.1+dfsg-1.1svn1.1 python-pygments 2.0.1+dfsg-1.1svn1.1 Ubuntu 15.04: python3-pygments 2.0.1+dfsg-1svn1.1 python-pygments 2.0.1+dfsg-1svn1.1 Ubuntu 14.04 LTS: python3-pygments 1.6+dfsg-1ubuntu1.1 python-pygments 1.6+dfsg-1ubuntu1.1 Ubuntu 12.04 LTS: python3-pygments 1.4+dfsg-2ubuntu0.1 python-pygments 1.4+dfsg-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]