ubuntu-usn

USN-3480-3: Apport regression Ubuntu Security Notice USN-3480-3 3rd January, 2018 apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary USN-3480-2 introduced regressions in Apport. Software description apport – automatically generate crash reports for debugging Details USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource [ more… ]

USN-3514-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3514-1 3rd January, 2018 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.10.1 Ubuntu 17.04: libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3477-4: Firefox regression Ubuntu Security Notice USN-3477-4 3rd January, 2018 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3477-1 caused a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3477-1 fixed vulnerabilities in Firefox. The update introduced acrash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. [ more… ]

USN-3382-2: PHP vulnerabilities Ubuntu Security Notice USN-3382-2 18th December, 2017 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details USN-3382-1 fixed several vulnerabilities in PHP. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A [ more… ]

USN-3509-3: Linux kernel regression Ubuntu Security Notice USN-3509-3 15th December, 2017 linux, linux-aws, linux-kvm, linux-raspi2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3509-1 introduced a regression in the Linux kernel for Ubuntu 16.04 LTS. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. Unfortunately, it also introduced a regression that prevented theCeph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of [ more… ]