ubuntu-usn

USN-3498-1: curl vulnerabilities Ubuntu Security Notice USN-3498-1 29th November, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Alex Nichols discovered that curl incorrectly handled NTLM authenticationcredentials. A remote attacker could use this issue to cause curl to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.(CVE-2017-8816) It was discovered that curl incorrectly handled FTP wildcard matching. Aremote attacker could use this issue to cause curl to crash, resulting in adenial of service, or possibly obtain sensitive information.(CVE-2017-8817) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3497-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-3497-1 29th November, 2017 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details It was discovered that the Smart Card IO subsystem in OpenJDK did notproperly maintain state. An attacker could use this to specially constructan untrusted Java application or applet to gain access to a smart card,bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK didnot properly limit the amount of memory allocated when performingdeserializations. An attacker could use this to cause a denial of service(memory exhaustion). (CVE-2017-10281) It was discovered that the Remote Method Invocation (RMI) component inOpenJDK did not properly handle unreferenced objects. An attacker could usethis to specially construct an [ more… ]

USN-3496-3: Python vulnerability Ubuntu Security Notice USN-3496-3 28th November, 2017 python3.4, python3.5 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Python could be made to run arbitrary code. Software description python3.4 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details USN-3496-1 fixed a vulnerability in Python2.7. This update providesthe corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: python3.5 3.5.3-1ubuntu0~17.04.2 python3.5-minimal 3.5.3-1ubuntu0~17.04.2 Ubuntu 16.04 LTS: python3.5 3.5.2-2ubuntu0~16.04.4 python3.5-minimal 3.5.2-2ubuntu0~16.04.4 Ubuntu 14.04 LTS: python3.4 3.4.3-1ubuntu1~14.04.6 python3.4-minimal 3.4.3-1ubuntu1~14.04.6 To update your system, please follow [ more… ]

USN-3496-1: Python vulnerability Ubuntu Security Notice USN-3496-1 28th November, 2017 python2.7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Python could be made to run arbitrary code. Software description python2.7 – An interactive high-level object-oriented language Details It was discovered that Python incorrectly handled decoding certain strings.An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: python2.7-minimal 2.7.13-2ubuntu0.1 python2.7 2.7.13-2ubuntu0.1 Ubuntu 16.04 LTS: python2.7-minimal 2.7.12-1ubuntu0~16.04.2 python2.7 2.7.12-1ubuntu0~16.04.2 Ubuntu 14.04 LTS: python2.7-minimal 2.7.6-8ubuntu0.4 python2.7 2.7.6-8ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000158 Source: USN-3496-1: Python vulnerability

USN-3496-2: Python vulnerability Ubuntu Security Notice USN-3496-2 28th November, 2017 python2.7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Python could be made to run arbitrary code. Software description python2.7 – An interactive high-level object-oriented language Details USN-3496-1 fixed a vulnerability in Python. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: python2.7-minimal 2.7.3-0ubuntu3.10 python2.7 2.7.3-0ubuntu3.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000158 Source: USN-3496-2: Python vulnerability