ubuntu-usn

USN-3357-1: MySQL vulnerabilities Ubuntu Security Notice USN-3357-1 20th July, 2017 mysql-5.5, mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTSand Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: mysql-server-5.7 5.7.19-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: mysql-server-5.7 5.7.19-0ubuntu0.16.04.1 Ubuntu 14.04 [ more… ]

USN-3356-2: Expat vulnerability Ubuntu Security Notice USN-3356-2 19th July, 2017 expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Expat could be made to hang if it received specially crafted input. Software description expat – XML parsing C library Details USN-3356-1 fix a vulnerability in Expat. This update providesthe corresponding udpate for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libexpat1 2.0.1-7.2ubuntu1.5 lib64expat1 2.0.1-7.2ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-3212-3: LibTIFF vulnerabilities Ubuntu Security Notice USN-3212-3 19th July, 2017 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details USN-3212-1 and USN-3212-2 fixed a vulnerabilitiy in LibTIFF. This update provides a subset ofcorresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package version: [ more… ]

USN-3355-1: Spice vulnerability Ubuntu Security Notice USN-3355-1 19th July, 2017 spice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Spice could be made to crash or run programs if it received specially crafted network traffic. Software description spice – SPICE protocol client and server library Details Frediano Ziglio discovered that Spice incorrectly handled certain invalidmonitor configurations. A remote attacker could use this issue to causeSpice to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libspice-server1 0.12.8-2ubuntu1.1 Ubuntu 16.04 LTS: libspice-server1 0.12.6-4ubuntu0.3 Ubuntu 14.04 LTS: libspice-server1 0.12.4-0nocelt2ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart qemu guests [ more… ]

USN-3356-1: Expat vulnerability Ubuntu Security Notice USN-3356-1 19th July, 2017 expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Expat could be made to hang if it received specially crafted input. Software description expat – XML parsing C library Details It was discovered that Expat incorrectly handled certain external entities.A remote attacker could possibly use this issue to cause Expat to hang,resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libexpat1 2.2.0-2ubuntu0.1 lib64expat1 2.2.0-2ubuntu0.1 Ubuntu 16.10: libexpat1 2.2.0-1ubuntu0.1 lib64expat1 2.2.0-1ubuntu0.1 Ubuntu 16.04 LTS: libexpat1 2.1.0-7ubuntu0.16.04.3 lib64expat1 2.1.0-7ubuntu0.16.04.3 Ubuntu 14.04 LTS: libexpat1 2.1.0-4ubuntu1.4 lib64expat1 2.1.0-4ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]