No Image

USN-2881-1: MySQL vulnerabilities

2016-01-27 KENNETH 0

Ubuntu Security Notice USN-2881-1 26th January, 2016 mysql-5.5, mysql-5.6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.6 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: mysql-server-5.6 5.6.28-0ubuntu0.15.10.1 Ubuntu 15.04: mysql-server-5.6 5.6.28-0ubuntu0.15.04.1 Ubuntu [ more… ]

No Image

USN-2879-1: rsync vulnerability

2016-01-22 KENNETH 0

Ubuntu Security Notice USN-2879-1 21st January, 2016 rsync vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary rsync could be made to write files outside of the expected directory. Software description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync incorrectly handled invalid filenames. Amalicious server could use this issue to write files outside of theintended destination directory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: rsync 3.1.1-3ubuntu0.15.10.1 Ubuntu 15.04: rsync 3.1.1-3ubuntu0.15.04.1 Ubuntu 14.04 LTS: rsync 3.1.0-2ubuntu0.2 Ubuntu 12.04 LTS: rsync 3.0.9-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2014-9512 Source: ubuntu-usn

No Image

USN-2878-1: Perl vulnerability

2016-01-22 KENNETH 0

Ubuntu Security Notice USN-2878-1 21st January, 2016 perl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Summary Perl incorrectly handled the taint attribute. Software description perl – Practical Extraction and Report Language Details David Golden discovered that the canonpath function in the Perl File::Specmodule did not properly preserve the taint attribute. An attacker couldpossibly use this issue to bypass the taint protection mechanism. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: perl 5.20.2-6ubuntu0.1 Ubuntu 15.04: perl 5.20.2-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8607 Source: ubuntu-usn

No Image

USN-2876-1: eCryptfs vulnerability

2016-01-21 KENNETH 0

Ubuntu Security Notice USN-2876-1 20th January, 2016 ecryptfs-utils vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary mount.ecryptfs_private could be used to run programs as an administrator. Software description ecryptfs-utils – eCryptfs cryptographic filesystem utilities Details Jann Horn discovered that mount.ecryptfs_private would mount over certaindirectories in the proc filesystem. A local attacker could use this to escalatetheir privileges. (CVE-2016-1572) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: ecryptfs-utils 108-0ubuntu1.1 Ubuntu 15.04: ecryptfs-utils 107-0ubuntu1.3 Ubuntu 14.04 LTS: ecryptfs-utils 104-0ubuntu1.14.04.4 Ubuntu 12.04 LTS: ecryptfs-utils 96-0ubuntu3.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1572 Source: ubuntu-usn

No Image

USN-2875-1: libxml2 vulnerabilities

2016-01-20 KENNETH 0

Ubuntu Security Notice USN-2875-1 19th January, 2016 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libxml2 could be made to crash if it opened a specially crafted file. Software description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled certain malformeddocuments. If a user or automated system were tricked into opening aspecially crafted document, an attacker could possibly cause libxml2 tocrash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.3 Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.3 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.7 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your [ more… ]