ubuntu-usn

USN-3589-1: PostgreSQL vulnerability postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary PostgreSQL could be made to execute arbitrary code. Software Description postgresql-9.6 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database postgresql-9.3 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 postgresql-9.6 – 9.6.8-0ubuntu0.17.10 Ubuntu 16.04 LTS postgresql-9.5 – 9.5.12-0ubuntu0.16.04 Ubuntu 14.04 LTS postgresql-9.3 – 9.3.22-0ubuntu0.14.04 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all [ more… ]

USN-3585-1: Twisted vulnerability Ubuntu Security Notice USN-3585-1 5th March, 2018 twisted vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Twisted could be made to run programs if it received specially crafted network traffic. Software description twisted – Event-based framework for internet applications Details It was discovered that Twisted incorrectly handled certain HTTP requests.An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: python3-twisted 16.0.0-1ubuntu0.2 python-twisted-web 16.0.0-1ubuntu0.2 python-twisted 16.0.0-1ubuntu0.2 python-twisted-bin 16.0.0-1ubuntu0.2 Ubuntu 14.04 LTS: python-twisted-web 13.2.0-1ubuntu1.2 python-twisted 13.2.0-1ubuntu1.2 python-twisted-bin 13.2.0-1ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1000111 Source: USN-3585-1: Twisted vulnerability

USN-3588-1: Memcached vulnerabilities Ubuntu Security Notice USN-3588-1 5th March, 2018 memcached vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Memcached. Software description memcached – high-performance memory object caching system Details Daniel Shapira discovered an integer overflow issue in Memcached. A remoteattacker could use this to cause a denial of service (daemon crash).(CVE-2017-9951) It was discovered that Memcached listened to UDP by default. A remoteattacker could use this as part of a distributed denial of service attack.(CVE-2018-1000115) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: memcached 1.4.33-1ubuntu3.2 Ubuntu 16.04 LTS: memcached 1.4.25-2ubuntu1.3 Ubuntu 14.04 LTS: memcached 1.4.14-0ubuntu9.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-3587-1: Dovecot vulnerabilities Ubuntu Security Notice USN-3587-1 5th March, 2018 dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Dovecot. Software description dovecot – IMAP and POP3 email server Details It was discovered that Dovecot incorrectly handled parsing certain emailaddresses. A remote attacker could use this issue to cause Dovecot tocrash, resulting in a denial of service, or possibly obtain sensitiveinformation. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups.A remote attacker could possibly use this issue to cause Dovecot to crash,resulting in a denial of service. (CVE-2017-15130) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: dovecot-core 1:2.2.27-3ubuntu1.3 Ubuntu 16.04 LTS: dovecot-core 1:2.2.22-1ubuntu2.7 Ubuntu 14.04 LTS: dovecot-core 1:2.2.9-1ubuntu2.4 [ more… ]

USN-3575-2: QEMU regression Ubuntu Security Notice USN-3575-2 5th March, 2018 qemu regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3575-1 introduced a regression in QEMU. Software description qemu – Machine emulator and virtualizer Details USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 causeda regression in Xen environments. This update removes the problematic fixpending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU [ more… ]