ubuntu-usn

USN-3533-1: Transmission vulnerability Ubuntu Security Notice USN-3533-1 16th January, 2018 transmission vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Transmission could be made to run arbitraty code. Software description transmission – lightweight BitTorrent client Details It was discovered that Transmission incorrectly handled certain POST requests tothe RPC server and allowed DNS rebinding attack. An attacker could possibly use thisissue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: transmission 2.92-2ubuntu3.1 Ubuntu 16.04 LTS: transmission 2.84-3ubuntu3.1 Ubuntu 14.04 LTS: transmission 2.82-1.1ubuntu3.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-5702 Source: USN-3533-1: Transmission vulnerability

USN-3532-1: GDK-PixBuf vulnerabilities Ubuntu Security Notice USN-3532-1 15th January, 2018 gdk-pixbuf vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in GDK-PixBuf. Software description gdk-pixbuf – GDK Pixbuf library Details It was discoreved that GDK-PixBuf incorrectly handled certain gif images.An attacker could use this to execute arbitrary code. This issue only affectedUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images.An attacker could use this to cause a denial of service.(CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files.An attacker could use this to cause a denial of service. (CVE-2017-6314) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libgdk-pixbuf2.0-0 2.36.11-1ubuntu0.1 Ubuntu 16.04 LTS: [ more… ]

USN-3531-1: Intel Microcode update Ubuntu Security Notice USN-3531-1 11th January, 2018 intel-microcode update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The system could be made to expose sensitive information. Software description intel-microcode – Processor microcode for Intel CPUs Details It was discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the correspondingLinux kernel updates. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: intel-microcode 3.20180108.0~ubuntu17.10.1 Ubuntu 17.04: intel-microcode 3.20180108.0~ubuntu17.04.1 Ubuntu 16.04 LTS: intel-microcode 3.20180108.0~ubuntu16.04.2 Ubuntu 14.04 LTS: intel-microcode 3.20180108.0~ubuntu14.04.2 To update your system, [ more… ]

USN-3530-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3530-1 11th January, 2018 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary WebKitGTK+ could be made to expose sensitive information. Software description webkit2gtk – Web content engine library for GTK+ Details It was discovered that speculative execution performed by modern CPUscould leak information through a timing side-channel attack, and thatthis could be exploited in web browser JavaScript engines. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to obtain sensitive information from otherdomains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.5-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.5-0ubuntu0.17.10.1 Ubuntu 17.04: libwebkit2gtk-4.0-37 2.18.5-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.18.5-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.5-0ubuntu0.16.04.1 To [ more… ]

USN-3522-3: Linux kernel regression Ubuntu Security Notice USN-3522-3 10th January, 2018 linux regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3522-1 introduced a regression in the Linux kernel. Software description linux – Linux kernel Details USN-3522-1 fixed a vulnerability in the Linux kernel to addressMeltdown (CVE-2017-5754). Unfortunately, that update introduceda regression where a few systems failed to boot successfully. Thisupdate fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-generic 4.4.0.109.114 linux-image-4.4.0-109-lowlatency [ more… ]