ubuntu-usn

USN-3307-2: OpenLDAP vulnerability Ubuntu Security Notice USN-3307-2 19th July, 2017 openldap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary OpenLDAP could be made to crash if it received specially crafted network traffic. Software description openldap – OpenLDAP utilities Details USN-3307-1 fixed a vulnerability in OpenLDAP. This update provides thecorresponding update for ubuntu 12.04 ESM. Original advisory details: Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: slapd 2.4.28-1.1ubuntu4.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-9287 Source: USN-3307-2: OpenLDAP [ more… ]

USN-3309-2: Libtasn1 vulnerability Ubuntu Security Notice USN-3309-2 18th July, 2017 libtasn1-3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. Software description libtasn1-3 – Library to manage ASN.1 structures Details Jakub Jirasek discovered that GnuTLS incorrectly handled certainassignments files. If a user were tricked into processing a speciallycrafted assignments file, a remote attacker could possibly execute arbirarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libtasn1-3 2.10-1ubuntu1.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-6891 Source: USN-3309-2: Libtasn1 vulnerability

USN-3354-1: Apport vulnerability Ubuntu Security Notice USN-3354-1 18th July, 2017 apport vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user. Software description apport – automatically generate crash reports for debugging Details Felix Wilhelm discovered a path traversal vulnerability in Apportwhen handling the ExecutablePath field in crash files. An attackercould trick a user into opening a specially crafted crash file andexecute arbitrary code with the user's privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: apport 2.20.4-0ubuntu4.5 python-apport 2.20.4-0ubuntu4.5 python3-apport 2.20.4-0ubuntu4.5 Ubuntu 16.10: apport 2.20.3-0ubuntu8.7 python-apport 2.20.3-0ubuntu8.7 python3-apport 2.20.3-0ubuntu8.7 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.10 python-apport 2.20.1-0ubuntu2.10 python3-apport 2.20.1-0ubuntu2.10 [ more… ]

USN-3274-2: ICU vulnerabilities Ubuntu Security Notice USN-3274-2 18th July, 2017 icu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in ICU. Software description icu – International Components for Unicode library Details USN-3274-1 fixed a vulnerability in icu. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libicu48 4.8.1.1-3ubuntu0.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3347-2: Libgcrypt vulnerability Ubuntu Security Notice USN-3347-2 17th July, 2017 libgcrypt11 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Libgcrypt. Software description libgcrypt11 – LGPL Crypto library Details USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]