ubuntu-usn

USN-3543-1: rsync vulnerabilities Ubuntu Security Notice USN-3543-1 23rd January, 2018 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync incorrectly handled certain data input.An attacker could possibly use this to cause a denial of service orexecute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attackercould possibly use this to bypass arguments and execute arbitrary code.(CVE-2018-5764) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: rsync 3.1.2-2ubuntu0.2 Ubuntu 16.04 LTS: rsync 3.1.1-3ubuntu1.2 Ubuntu 14.04 LTS: rsync 3.1.0-2ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3536-1: GNU C Library vulnerability Ubuntu Security Notice USN-3536-1 17th January, 2018 eglibc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The GNU C library could be made to run programs as an administrator. Software description eglibc – GNU C Library Details It was discovered that the GNU C library did not properly handle all ofthe possible return values from the kernel getcwd(2) syscall. A localattacker could potentially exploit this to execute arbitrary code in setuidprograms and gain administrative privileges. (CVE-2018-1000001) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.21 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2018-1000001 Source: USN-3536-1: GNU [ more… ]

USN-3535-2: Bind vulnerability Ubuntu Security Notice USN-3535-2 17th January, 2018 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details USN-3535-1 fixed a vulnerability in Bind. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.24 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3535-1: Bind vulnerability Ubuntu Security Notice USN-3535-1 17th January, 2018 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details Jayachandran Palanisamy discovered that the Bind resolver incorrectlyhandled fetch cleanup sequencing. A remote attacker could possibly use thisissue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: bind9 1:9.10.3.dfsg.P4-12.6ubuntu1.1 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.10 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-3145 Source: USN-3535-1: Bind vulnerability

USN-3534-1: GNU C Library vulnerabilities Ubuntu Security Notice USN-3534-1 17th January, 2018 eglibc, glibc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the GNU C library. Software description eglibc – GNU C Library glibc – GNU C Library Details It was discovered that the GNU C library did not properly handle all ofthe possible return values from the kernel getcwd(2) syscall. A localattacker could potentially exploit this to execute arbitrary code in setuidprograms and gain administrative privileges. (CVE-2018-1000001) A memory leak was discovered in the _dl_init_paths() function in the GNUC library dynamic loader. A local attacker could potentially exploit thiswith a specially crafted value in the LD_HWCAP_MASK environment variable,in combination with CVE-2017-1000409 and another vulnerability on a systemwith hardlink protections disabled, [ more… ]