ubuntu-usn

USN-3428-1: Emacs vulnerability Ubuntu Security Notice USN-3428-1 21st September, 2017 emacs25 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Emacs could be made to run programs as your login if it opened a specially crafted file. Software description emacs25 – GNU Emacs editor Details Charles A. Roelli discovered that Emacs incorrectly handled certainfiles. If a user were tricked into opening a specially crafted file, anattacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: emacs25 25.1+1-3ubuntu4.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14482 Source: USN-3428-1: Emacs vulnerability

USN-3427-1: Emacs vulnerability Ubuntu Security Notice USN-3427-1 21st September, 2017 emacs24 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Emacs could be made to run programs as your login if it opened a specially crafted file. Software description emacs24 – GNU Emacs editor Details Charles A. Roelli discovered that Emacs incorrectly handled certainfiles. If a user were tricked into opening a specially crafted file, anattacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: emacs24 24.5+1-6ubuntu1.1 Ubuntu 14.04 LTS: emacs24 24.3+1-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14482 Source: USN-3427-1: Emacs vulnerability

USN-3426-1: Samba vulnerabilities Ubuntu Security Notice USN-3426-1 21st September, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing incertain situations. A remote attacker could use this issue to perform a manin the middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryptionacross DFS redirects. A remote attacker could use this issue to perform aman in the middle attack. (CVE-2017-12151) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memorywhen SMB1 is being used. A remote attacker could possibly use this issue toobtain server memory contents. (CVE-2017-12163) Update instructions The problem can [ more… ]

USN-3414-2: QEMU regression Ubuntu Security Notice USN-3414-2 20th September, 2017 qemu regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3414-1 introduced a regression in QEMU. Software description qemu – Machine emulator and virtualizer Details USN-3414-1 fixed vulnerabilities in QEMU. The patch backport forCVE-2017-9375 was incomplete and caused a regression in the USB xHCIcontroller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) [ more… ]

USN-3425-1: Apache HTTP Server vulnerability Ubuntu Security Notice USN-3425-1 19th September, 2017 apache2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Apache HTTP Server could be made to expose sensitive information over the network. Software description apache2 – Apache HTTP server Details Hanno Böck discovered that the Apache HTTP Server incorrectly handledLimit directives in .htaccess files. In certain configurations, a remoteattacker could possibly use this issue to read arbitrary server memory,including sensitive information. This issue is known as Optionsbleed. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: apache2-bin 2.4.25-3ubuntu2.3 Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.5 Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.18 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]