ubuntu-usn

USN-3353-2: Samba vulnerability Ubuntu Security Notice USN-3353-2 14th July, 2017 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could allow unintended access to network services. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-3353-1 fixed a vulnerability in Heimdal. This update providesthe corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discoveredthat Samba clients incorrectly trusted unauthenticated portions ofKerberos tickets. A remote attacker could use this to impersonatetrusted network servers or perform other attacks. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: samba-libs 2:4.5.8+dfsg-0ubuntu0.17.04.4 Ubuntu 16.10: samba-libs 2:4.4.5+dfsg-2ubuntu5.8 Ubuntu 16.04 LTS: samba-libs 2:4.3.11+dfsg-0ubuntu0.16.04.9 Ubuntu 14.04 LTS: samba-libs 2:4.3.11+dfsg-0ubuntu0.14.04.10 To update your system, please follow these instructions: [ more… ]

USN-3353-1: Heimdal vulnerability Ubuntu Security Notice USN-3353-1 14th July, 2017 heimdal vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Heimdal could allow unintended access to network services. Software description heimdal – Heimdal Kerberos Network Authentication Protocol Details Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discoveredthat Heimdal clients incorrectly trusted unauthenticated portionsof Kerberos tickets. A remote attacker could use this to impersonatetrusted network services or perform other attacks. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libkrb5-26-heimdal 7.1.0+dfsg-9ubuntu1.1 Ubuntu 16.10: libkrb5-26-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.10.1 Ubuntu 16.04 LTS: libkrb5-26-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.04.1 Ubuntu 14.04 LTS: libkrb5-26-heimdal 1.6~git20131207+dfsg-1ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applicationsusing Heimdal libraries to make [ more… ]

USN-3352-1: nginx vulnerability Ubuntu Security Notice USN-3352-1 13th July, 2017 nginx vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary nginx could be made to expose sensitive information over the network. Software description nginx – small, powerful, scalable web/proxy server Details It was discovered that an integer overflow existed in the range filterfeature of nginx. A remote attacker could use this to exposesensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-common 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 Ubuntu 16.10: nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-common 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 Ubuntu 16.04 LTS: nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-common 1.4.6-1ubuntu3.8 [ more… ]

USN-3351-1: Evince vulnerability Ubuntu Security Notice USN-3351-1 13th July, 2017 evince vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Evince could be made run programs as your login if it opened a specially crafted file. Software description evince – Document viewer Details Felix Wilhelm discovered that Evince did not safely invoke tar whenhandling tar comic book (cbt) files. An attacker could use this toconstruct a malicious cbt comic book format file that, when openedin Evince, executes arbitrary code. Please note that this updatedisables support for cbt files in Evince. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: evince 3.24.0-0ubuntu1.1 evince-common 3.24.0-0ubuntu1.1 Ubuntu 16.10: evince 3.22.0-0ubuntu1.1 evince-common 3.22.0-0ubuntu1.1 Ubuntu 16.04 LTS: evince 3.18.2-1ubuntu4.1 evince-common 3.18.2-1ubuntu4.1 Ubuntu [ more… ]

USN-3350-1: poppler vulnerabilities Ubuntu Security Notice USN-3350-1 7th July, 2017 poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary poppler could be made to crash or run programs as your login if it opened a specially crafted file. Software description poppler – PDF rendering library Details Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000images. If a user or automated system were tricked into opening a craftedPDF file, an attacker could cause a denial of service or possibly executearbitrary code with privileges of the user invoking the program.(CVE-2017-2820) Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsedcertain malformed PDF documents. If a user or automated system were trickedinto opening a crafted PDF file, an attacker could cause poppler to crash,resulting in a denial of [ more… ]