ubuntu-usn

USN-3531-3: intel-microcode update intel-microcode update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The system could be made to expose sensitive information. Software Description intel-microcode – Processor microcode for Intel CPUs Details Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the corrected microcode updates required for the corresponding Linux kernel updates. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 intel-microcode – 3.20180312.0~ubuntu17.10.1 Ubuntu 16.04 LTS intel-microcode – 3.20180312.0~ubuntu16.04.1 Ubuntu 14.04 LTS intel-microcode – 3.20180312.0~ubuntu14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After [ more… ]

USN-3545-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 thunderbird – 1:52.7.0+build1-0ubuntu0.17.10.1 Ubuntu 16.04 LTS thunderbird – 1:52.7.0+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS thunderbird – 1:52.7.0+build1-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]

USN-3612-1: librelp vulnerability librelp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary librelp could be made to crash or run programs if it received specially crafted network traffic. Software Description librelp – Reliable Event Logging Protocol (RELP) library Details Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS librelp0 – 1.2.2-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart rsyslog to make all the necessary changes. References CVE-2018-1000140 Source: USN-3612-1: librelp vulnerability

USN-3611-1: OpenSSL vulnerability openssl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary OpenSSL could be made to crash if it received specially crafted network traffic. Software Description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libssl1.0.0 – 1.0.2g-1ubuntu13.4 Ubuntu 16.04 LTS libssl1.0.0 – 1.0.2g-1ubuntu4.11 Ubuntu 14.04 LTS libssl1.0.0 – 1.0.1f-1ubuntu2.24 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-0739 Source: USN-3611-1: OpenSSL vulnerability

USN-3610-1: ICU vulnerability icu vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary ICU could be made to crash if it received specially crafted input. Software Description icu – International Components for Unicode library Details It was discovered that ICU incorrectly handled certain calendars. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libicu57 – 57.1-6ubuntu0.3 Ubuntu 16.04 LTS libicu55 – 55.1-7ubuntu0.4 Ubuntu 14.04 LTS libicu52 – 52.1-3ubuntu0.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-15422 Source: USN-3610-1: ICU vulnerability