ubuntu-usn

USN-3456-1: X.Org X server vulnerabilities Ubuntu Security Notice USN-3456-1 17th October, 2017 xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the X.Org X server. Software description xorg-server – X.Org X11 server xorg-server-hwe-16.04 – X.Org X11 server xorg-server-lts-xenial – X.Org X11 server Details It was discovered that the X.Org X server incorrectly handled certainlengths. An attacker able to connect to an X server, either locally orremotely, could use these issues to crash the server, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: xserver-xorg-core 2:1.19.3-1ubuntu1.3 Ubuntu 16.04 LTS: xserver-xorg-core 2:1.18.4-0ubuntu0.7 xserver-xorg-core-hwe-16.04 2:1.19.3-1ubuntu1~16.04.4 Ubuntu 14.04 LTS: xserver-xorg-core 2:1.15.1-0ubuntu2.11 xserver-xorg-core-lts-xenial 2:1.18.3-1ubuntu2.3~trusty4 To update your system, please follow these [ more… ]

USN-3455-1: wpa_supplicant and hostapd vulnerabilities Ubuntu Security Notice USN-3455-1 16th October, 2017 wpa vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in wpa_supplicant. Software description wpa – client support for WPA and WPA2 Details Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectlyhandled WPA2. A remote attacker could use this issue with keyreinstallation attacks to obtain sensitive information. (CVE-2017-13077,CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handledinvalid characters in passphrase parameters. A remote attacker could usethis issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handledinvalid characters in passphrase parameters. A local attacker could usethis issue to cause a denial of service, or possibly execute arbitrarycode. (CVE-2016-4477) Update instructions [ more… ]

USN-3454-1: libffi vulnerability Ubuntu Security Notice USN-3454-1 12th October, 2017 libffi vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary A security issue was fixed in libffi. Software description libffi – Foreign Function Interface library Details It was discovered that libffi incorrectly enforced an executable stack. Anattacker could possibly use this issue, in combination with anothervulnerability, to facilitate executing arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libffi6 3.1~rc1+r3.0.13-12ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000376 Source: USN-3454-1: libffi vulnerability

USN-3453-1: X.Org X server vulnerabilities Ubuntu Security Notice USN-3453-1 12th October, 2017 xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the X.Org X server. Software description xorg-server – X.Org X11 server xorg-server-hwe-16.04 – X.Org X11 server xorg-server-lts-xenial – X.Org X11 server Details Michal Srb discovered that the X.Org X server incorrectly handled sharedmemory segments. An attacker able to connect to an X server, either locallyor remotely, could use this issue to crash the server, or possibly replaceshared memory segments of other X clients in the same session.(CVE-2017-13721) Michal Srb discovered that the X.Org X server incorrectly handled XKBbuffers. An attacker able to connect to an X server, either locally orremotely, could use this issue to crash the server, [ more… ]

USN-3447-1: OpenStack Horizon vulnerability Ubuntu Security Notice USN-3447-1 11th October, 2017 horizon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary OpenStack Horizon could be made to expose sensitive information over the network. Software description horizon – Web interface for OpenStack cloud infrastructure Details Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon wasincorrect protected against cross-site scripting (XSS) attacks. A remoteauthenticated user could use this issue to inject web script or HTML ina dashboard form. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: openstack-dashboard 1:2014.1.5-0ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-4428 Source: USN-3447-1: OpenStack Horizon vulnerability