ubuntu-usn

USN-3550-1: ClamAV vulnerabilities Ubuntu Security Notice USN-3550-1 30th January, 2018 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled parsing certain mailmessages. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain PDFfiles. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12376) It was discovered that ClamAV incorrectly handled parsing certain mewpacket files. A remote attacker could use this issue to cause ClamAV tocrash, resulting in a [ more… ]

USN-3529-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3529-1 29th January, 2018 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that a From address encoded with a null character iscut off in the message header display. An attacker could potentiallyexploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feedsin some circumstances. If a user were tricked in to opening a speciallycrafted RSS feed, an attacker could potentially exploit this incombination with another vulnerability, in order to cause unspecifiedproblems. (CVE-2017-7846) It was discovered that the RSS feed can leak local path names. If a userwere tricked [ more… ]

USN-3549-1: Linux kernel (KVM) vulnerabilities Ubuntu Security Notice USN-3549-1 29th January, 2018 linux-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-kvm – Linux kernel for cloud environments Details Jann Horn discovered that microprocessors utilizing speculativeexecution and branch prediction may allow unauthorized memoryreads via sidechannel attacks. This flaw is known as Spectre. Alocal attacker could use this to expose sensitive information,including kernel memory. (CVE-2017-5715, CVE-2017-5753) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1017-kvm 4.4.0-1017.22 linux-image-kvm 4.4.0.1017.16 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)requires corresponding processor microcode/firmware updates or,in virtual environments, hypervisor updates. On i386 and amd64architectures, the IBRS [ more… ]

USN-3548-1: Linux kernel vulnerability Ubuntu Security Notice USN-3548-1 26th January, 2018 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel Details Jay Vosburgh discovered a logic error in the x86-64 syscall entryimplementation in the Linux kernel, introduced as part of themitigations for the Spectre vulnerability. A local attacker could usethis to cause a denial of service or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: linux-image-4.13.0-32-lowlatency 4.13.0-32.35 linux-image-generic 4.13.0.32.34 linux-image-4.13.0-32-generic 4.13.0-32.35 linux-image-lowlatency 4.13.0.32.34 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due [ more… ]

USN-3548-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3548-2 26th January, 2018 linux-hwe, linux-azure, linux-gcp, linux-oem vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors Details USN-3548-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu16.04 LTS. Jay Vosburgh discovered a logic error in the x86-64 syscall entryimplementation in the Linux kernel, introduced as part of themitigations for the Spectre vulnerability. A local attacker could usethis to cause a [ more… ]