ubuntu-usn

USN-3259-1: Bind vulnerabilities Ubuntu Security Notice USN-3259-1 17th April, 2017 bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Bind. Software description bind9 – Internet Domain Name Server Details It was discovered that the resolver in Bind made incorrectassumptions about ordering when processing responses containinga CNAME or DNAME. An attacker could use this cause a denial ofservice. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properlyhandle DNS64 queries. An attacker could use this to cause a denialof service. (CVE-2017-3136) Mike Lalumiere discovered that in some situations, Bind didnot properly handle invalid operations requested via its controlchannel. An attacker with access to the control channel could causea denial of service. (CVE-2017-3138) Update instructions The [ more… ]

USN-3258-2: Dovecot regression Ubuntu Security Notice USN-3258-2 11th April, 2017 dovecot regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary USN-3258-1 introduced a regression in Dovecot. Software description dovecot – IMAP and POP3 email server Details USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigationrevealed that only Dovecot versions 2.2.26 and newer were affected by thevulnerability. Additionally, the change introduced a regression when Dovecotwas configured to use the "dict" authentication database. This update revertsthe change. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: [ more… ]

USN-3258-1: Dovecot vulnerability Ubuntu Security Notice USN-3258-1 10th April, 2017 dovecot vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Dovecot could be made to crash if it received specially crafted input. Software description dovecot – IMAP and POP3 email server Details It was discovered that Dovecot incorrectly handled some usernames. An attackercould possibly use this issue to cause Dovecot to hang or crash, resulting in adenial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: dovecot-core 1:2.2.24-1ubuntu1.2 Ubuntu 16.04 LTS: dovecot-core 1:2.2.22-1ubuntu2.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-2669 Source: USN-3258-1: Dovecot vulnerability

USN-3257-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3257-1 10th April, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libwebkit2gtk-4.0-37 2.16.1-0ubuntu0.16.10.1 libjavascriptcoregtk-4.0-18 2.16.1-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.16.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.16.1-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3256-1: Linux kernel vulnerability Ubuntu Security Notice USN-3256-1 4th April, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors linux-ti-omap4 – Linux kernel for OMAP4 Details Andrey Konovalov discovered that the AF_PACKET implementation in the Linuxkernel did not properly validate certain block-size data. A local attackercould use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system [ more… ]