ubuntu-usn

USN-3524-1: Linux kernel vulnerability Ubuntu Security Notice USN-3524-1 9th January, 2018 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-generic 3.13.0.139.148 linux-image-3.13.0-139-lowlatency 3.13.0-139.188 linux-image-lowlatency 3.13.0.139.148 linux-image-3.13.0-139-generic 3.13.0-139.188 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the [ more… ]

USN-3522-1: Linux kernel vulnerability Ubuntu Security Notice USN-3522-1 9th January, 2018 linux, linux-aws, linux-euclid, linux-kvm vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-euclid – Linux kernel for Intel Euclid systems linux-kvm – Linux kernel for cloud environments Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-108-lowlatency 4.4.0-108.131 linux-image-euclid 4.4.0.9021.21 linux-image-4.4.0-108-generic 4.4.0-108.131 linux-image-4.4.0-9021-euclid 4.4.0-9021.22 linux-image-generic 4.4.0.108.113 linux-image-aws 4.4.0.1047.49 linux-image-kvm [ more… ]

USN-3521-1: NVIDIA graphics drivers vulnerability Ubuntu Security Notice USN-3521-1 9th January, 2018 nvidia-graphics-drivers-384 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The system could be made to expose sensitive information. Software description nvidia-graphics-drivers-384 – NVIDIA binary X.Org driver Details Jann Horn discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory. This update provides mitigations to address the issue, along withcompatibility fixes for the corresponding Linux kernel updates. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: nvidia-384 384.111-0ubuntu0.17.10.1 Ubuntu 17.04: nvidia-384 384.111-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: nvidia-384 384.111-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: nvidia-384 384.111-0ubuntu0.14.04.1 [ more… ]

USN-3519-1: Tomcat vulnerabilities Ubuntu Security Notice USN-3519-1 8th January, 2018 tomcat7, tomcat8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Tomcat. Software description tomcat7 – Servlet and JSP engine tomcat8 – Servlet and JSP engine Details It was discovered that Tomcat incorrectly handled certain pipelinedrequests when sendfile was used. A remote attacker could use this issue toobtain wrong responses possibly containing sensitive information.(CVE-2017-5647) It was discovered that Tomcat incorrectly used the appropriate facadeobject. A malicious application could possibly use this to bypass SecurityManager restrictions. (CVE-2017-5648) It was discovered that Tomcat incorrectly handled error pages. A remoteattacker could possibly use this issue to replace or remove the customerror page. (CVE-2017-5664) It was discovered that Tomcat incorrectly handled the CORS filter. A remoteattacker [ more… ]

USN-3518-1: AWStats vulnerability Ubuntu Security Notice USN-3518-1 8th January, 2018 awstats vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AWStats could be made to run programs if it received specially crafted network traffic. Software description awstats – powerful and featureful web server log analyzer Details It was discovered that AWStats incorrectly filtered certain parameters. Aremote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: awstats 7.6+dfsg-1ubuntu0.17.10.1 Ubuntu 17.04: awstats 7.6+dfsg-1ubuntu0.17.04.1 Ubuntu 16.04 LTS: awstats 7.4+dfsg-1ubuntu0.2 Ubuntu 14.04 LTS: awstats 7.2+dfsg-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000501 Source: USN-3518-1: AWStats [ more… ]