No Image

USN-3272-2: Ghostscript regression

2017-05-17 KENNETH 0

USN-3272-2: Ghostscript regression Ubuntu Security Notice USN-3272-2 16th May, 2017 ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3272-1 introduced a regression in Ghostscript. Software description ghostscript – PostScript and PDF interpreter Details USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduceda regression when the DELAYBIND feature is used with the eqproccommand. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker [ more… ]

No Image

USN-3278-1: Thunderbird vulnerabilities

2017-05-17 KENNETH 0

USN-3278-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3278-1 16th May, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted message, an attacker couldpotentially exploit these to read uninitialized memory, cause a denial ofservice via application crash, or execute arbitrary code. (CVE-2017-5429,CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445,CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467) Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing context,an attacker could potentially exploit these to spoof the addressbarcontents, conduct cross-site scripting (XSS) attacks, cause a denial ofservice via [ more… ]

No Image

USN-3290-1: Linux kernel vulnerability

2017-05-17 KENNETH 0

USN-3290-1: Linux kernel vulnerability Ubuntu Security Notice USN-3290-1 16th May, 2017 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel Details Marco Grassi discovered that the TCP implementation in the Linux kernelmishandles socket buffer (skb) truncation. A local attacker could use thisto cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.13.0-119-powerpc64-smp 3.13.0-119.166 linux-image-powerpc-smp 3.13.0.119.129 linux-image-powerpc-e500mc 3.13.0.119.129 linux-image-3.13.0-119-powerpc-e500mc 3.13.0-119.166 linux-image-3.13.0-119-powerpc-e500 3.13.0-119.166 linux-image-generic 3.13.0.119.129 linux-image-3.13.0-119-generic-lpae 3.13.0-119.166 linux-image-3.13.0-119-powerpc-smp 3.13.0-119.166 linux-image-3.13.0-119-lowlatency 3.13.0-119.166 linux-image-powerpc-e500 3.13.0.119.129 linux-image-powerpc64-smp 3.13.0.119.129 linux-image-generic-lpae 3.13.0.119.129 linux-image-3.13.0-119-generic 3.13.0-119.166 linux-image-lowlatency 3.13.0.119.129 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer [ more… ]

No Image

USN-3291-1: Linux kernel vulnerabilities

2017-05-17 KENNETH 0

USN-3291-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3291-1 16th May, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linuxkernel contained a stack-based buffer overflow. A local attacker withaccess to an sg device could use this to cause a denial of service (systemcrash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the DirectRendering Manager (DRM) driver for VMWare devices in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash).(CVE-2017-7261) Li Qiang discovered that an integer overflow vulnerability existed in theDirect Rendering Manager (DRM) driver for VMWare devices in the Linuxkernel. [ more… ]

No Image

USN-3292-1: Linux kernel vulnerability

2017-05-17 KENNETH 0

USN-3292-1: Linux kernel vulnerability Ubuntu Security Notice USN-3292-1 16th May, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jason Donenfeld discovered a heap overflow in the MACsec module in theLinux kernel. An attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.52.64 linux-image-powerpc-e500mc 4.8.0.52.64 linux-image-4.8.0-52-lowlatency 4.8.0-52.55 linux-image-generic-lpae 4.8.0.52.64 linux-image-4.8.0-52-generic 4.8.0-52.55 linux-image-4.8.0-52-generic-lpae 4.8.0-52.55 linux-image-4.8.0-52-powerpc64-emb 4.8.0-52.55 linux-image-generic 4.8.0.52.64 linux-image-4.8.0-52-powerpc-e500mc 4.8.0-52.55 linux-image-4.8.0-1036-raspi2 4.8.0-1036.39 linux-image-lowlatency 4.8.0.52.64 linux-image-powerpc64-emb 4.8.0.52.64 linux-image-raspi2 4.8.0.1036.40 linux-image-4.8.0-52-powerpc-smp 4.8.0-52.55 To update your system, please follow these instructions: [ more… ]