ubuntu-usn

USN-3340-1: Apache HTTP Server vulnerabilities Ubuntu Security Notice USN-3340-1 26th June, 2017 apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Apache HTTP Server. Software description apache2 – Apache HTTP server Details Emmanuel Dreyfus discovered that third-party modules using theap_get_basic_auth_pw() function outside of the authentication phase maylead to authentication requirements being bypassed. This update adds a newap_get_basic_auth_components() function for use by third-party modules.(CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crashwhen third-party modules call ap_hook_process_connection() during an HTTPrequest to an HTTPS port. (CVE-2017-3169) Javier Jiménez discovered that the Apache HTTP Server incorrectly handledparsing certain requests. A remote attacker could possibly use this issueto cause the Apache HTTP Server to crash, resulting in a denial of service.(CVE-2017-7668) ChenQin [ more… ]

USN-3339-1: OpenVPN vulnerabilities Ubuntu Security Notice USN-3339-1 22nd June, 2017 openvpn vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenVPN. Software description openvpn – virtual private network software Details Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit blockciphers are vulnerable to a birthday attack. A remote attacker couldpossibly use this issue to recover cleartext data. Fixing this issuerequires a configuration change to switch to a different cipher. Thisupdate adds a warning to the log file when a 64-bit block cipher is in use.This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS andUbuntu 16.10. (CVE-2016-6329) It was discovered that OpenVPN incorrectly handled rollover of packet ids.An authenticated remote attacker could use this issue to cause OpenVPN tocrash, resulting in [ more… ]

USN-3335-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3335-2 21st June, 2017 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: [ more… ]

USN-3338-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3338-1 21st June, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Update instructions The problem can be corrected by updating your system to [ more… ]

USN-3337-1: Valgrind vulnerabilities Ubuntu Security Notice USN-3337-1 21st June, 2017 valgrind vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Valgrind could be made to crash or run programs if it opened a specially crafted file. Software description valgrind – instrumentation framework for building dynamic analysis tools Details It was discovered that Valgrind incorectly handled certain stringoperations. If a user or automated system were tricked into processing aspecially crafted binary, a remote attacker could possibly executearbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04LTS and Ubuntu 16.10. (CVE-2016-2226) It was discovered that Valgrind incorrectly handled parsing certainbinaries. If a user or automated system were tricked into processing aspecially crafted binary, a remote attacker could use this issue to causeValgrind to crash, resulting in a [ more… ]