ubuntu-usn

USN-3414-1: QEMU vulnerabilities Ubuntu Security Notice USN-3414-1 13th September, 2017 qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer Details Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control.A guest attacker could use this issue to elevate privileges inside theguest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.A privileged attacker inside the guest could use this issue to cause QEMUto consume resources or crash, resulting in a denial of service.(CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 HostBus Adapter emulation support. A privileged attacker inside the guest coulduse this issue to cause QEMU to crash, resulting in a denial of service, orpossibly to obtain sensitive [ more… ]

USN-3413-1: BlueZ vulnerability Ubuntu Security Notice USN-3413-1 12th September, 2017 bluez vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary BlueZ could be made to expose sensitive information over bluetooth. Software description bluez – Bluetooth tools and daemons Details It was discovered that an information disclosure vulnerability existedin the Service Discovery Protocol (SDP) implementation in BlueZ. Aphysically proximate unauthenticated attacker could use this todisclose sensitive information. (CVE-2017-1000250) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libbluetooth3 5.43-0ubuntu1.1 bluez 5.43-0ubuntu1.1 Ubuntu 16.04 LTS: libbluetooth3 5.37-0ubuntu5.1 bluez 5.37-0ubuntu5.1 Ubuntu 14.04 LTS: libbluetooth3 4.101-0ubuntu13.3 bluez 4.101-0ubuntu13.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000250 Source: USN-3413-1: [ more… ]

USN-3412-1: file vulnerability Ubuntu Security Notice USN-3412-1 7th September, 2017 file vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary The file utility could be made to crash if it opened a specially crafted file. Software description file – Tool to determine file types Details Thomas Jarosch discovered that file incorrectly handled certain ELFfiles. An attacker could use this to cause file to crash, resultingin a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libmagic1 1:5.29-3ubuntu0.1 file 1:5.29-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000249 Source: USN-3412-1: file vulnerability

USN-3411-1: Bazaar vulnerability Ubuntu Security Notice USN-3411-1 5th September, 2017 bzr vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Bazaar could be made run programs as your login if it opened a specially crafted URL. Software description bzr – easy to use distributed version control system Details Adam Collard discovered that Bazaar did not properly handle host namesin 'bzr+ssh://' URLs. A remote attacker could use this to constructa bazaar repository URL that when accessed could run arbitrary codewith the privileges of the user. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: python-bzrlib 2.7.0+bzr6619-7ubuntu0.1 bzr 2.7.0+bzr6619-7ubuntu0.1 Ubuntu 16.04 LTS: python-bzrlib 2.7.0-2ubuntu3.1 bzr 2.7.0-2ubuntu3.1 Ubuntu 14.04 LTS: python-bzrlib 2.6.0+bzr6593-1ubuntu1.6 bzr 2.6.0+bzr6593-1ubuntu1.6 To update your system, please follow these instructions: [ more… ]

USN-3410-2: GD library vulnerability Ubuntu Security Notice USN-3410-2 5th September, 2017 libgd2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary GD library could be made to crash if it opened a specially crafted file. Software description libgd2 – GD Graphics Library Details USN-3410-1 fixed a vulnerability in GD Graphics Library.This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.6 libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.6 libgd-tools 2.0.36~rc1~dfsg-6ubuntu2.6 To update your [ more… ]