ubuntu-usn

USN-3266-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3266-2 24th April, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the StreamControl Transmission Protocol (SCTP) implementation in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-49-generic 4.8.0-49.52~16.04.1 linux-image-lowlatency-hwe-16.04 4.8.0.49.21 linux-image-generic-hwe-16.04 4.8.0.49.21 linux-image-4.8.0-49-lowlatency 4.8.0-49.52~16.04.1 linux-image-4.8.0-49-generic-lpae 4.8.0-49.52~16.04.1 linux-image-generic-lpae-hwe-16.04 4.8.0.49.21 [ more… ]

USN-3260-1: Firefox vulnerabilities Ubuntu Security Notice USN-3260-1 21st April, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, obtain sensitiveinformation, spoof the addressbar contents or other UI elements, escapethe sandbox to read local files, conduct cross-site scripting (XSS)attacks, cause a denial of service via application crash, or executearbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432,CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437,CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442,CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447,CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454,CVE-2017-5455, CVE-2017-5456, [ more… ]

USN-3263-1: FreeType vulnerability Ubuntu Security Notice USN-3263-1 20th April, 2017 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary FreeType could be made to crash or run programs if it opened a specially crafted font file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that a heap-based buffer overflow existed in theFreeType library. If a user were tricked into using a speciallycrafted font file, a remote attacker could cause FreeType to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libfreetype6 2.6.3-3ubuntu2.1 Ubuntu 16.10: libfreetype6 2.6.3-3ubuntu1.2 Ubuntu 16.04 LTS: libfreetype6 2.6.1-0.1ubuntu2.2 Ubuntu 14.04 LTS: libfreetype6 [ more… ]

USN-3262-1: curl vulnerability Ubuntu Security Notice USN-3262-1 20th April, 2017 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Applications using curl could allow unintended access over the network. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details It was discovered that curl incorrectly handled client certificates whenresuming a TLS session. A remote attacker could use this to hijack apreviously authenticated connection. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libcurl3-nss 7.52.1-4ubuntu1.1 curl 7.52.1-4ubuntu1.1 libcurl3-gnutls 7.52.1-4ubuntu1.1 libcurl3 7.52.1-4ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-7468 Source: USN-3262-1: curl vulnerability

USN-3261-1: QEMU vulnerabilities Ubuntu Security Notice USN-3261-1 20th April, 2017 qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer Details Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPUdevice. An attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. This issue only affected Ubuntu16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029) Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. Aprivileged attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. (CVE-2016-10155) Li Qiang discovered that QEMU incorrectly handled the i.MX Fast EthernetController. A privileged attacker inside the guest could use this issue tocause [ more… ]