ubuntu-usn

USN-3256-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3256-2 4th April, 2017 linux-hwe, linux-lts-trusty, linux-lts-xenial vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-hwe – Linux hardware enablement (HWE) kernel linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update providesthe corresponding updates for the Linux Hardware Enablement (HWE)kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linuxkernel did not properly validate certain block-size data. A local attackercould use this to cause a denial of [ more… ]

USN-3255-1: LightDM vulnerability Ubuntu Security Notice USN-3255-1 4th April, 2017 lightdm vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary LightDM could be made to run programs as an administrator. Software description lightdm – Display Manager Details It was discovered that LightDM incorrectly handled home directory creation forguest users. A local attacker could use this issue to gain ownership ofarbitrary directory paths and possibly gain administrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: lightdm 1.19.5-0ubuntu1.1 Ubuntu 16.04 LTS: lightdm 1.18.3-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-7358 Source: USN-3255-1: LightDM vulnerability

USN-3254-1: Django vulnerabilities Ubuntu Security Notice USN-3254-1 4th April, 2017 python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Django. Software description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled numeric redirect URLs. Aremote attacker could possibly use this issue to perform XSS attacks, andto use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs whenthe jango.views.static.serve() view is being used. A remote attacker couldpossibly use a Django server as an open redirect. (CVE-2017-7234) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python3-django 1.8.7-1ubuntu8.2 python-django 1.8.7-1ubuntu8.2 Ubuntu 16.04 LTS: python3-django 1.8.7-1ubuntu5.5 python-django 1.8.7-1ubuntu5.5 [ more… ]

USN-3253-1: Nagios vulnerabilities Ubuntu Security Notice USN-3253-1 3rd April, 2017 nagios3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Nagios. Software description nagios3 – host/service/network monitoring and management system Details It was discovered that Nagios incorrectly handled certain long strings. Aremote authenticated attacker could use this issue to cause Nagios tocrash, resulting in a denial of service, or possibly obtain sensitiveinformation. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages tocmd.cgi. A remote attacker could possibly use this issue to cause Nagios tocrash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks whenaccessing log files. A local attacker could possibly use this issue toelevate privileges. In the default installation of Ubuntu, this [ more… ]

USN-3216-2: Firefox regression Ubuntu Security Notice USN-3216-2 30th March, 2017 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3216-1 introduced a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in astartup crash when Firefox is used with XRDP. This update fixes theproblem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, [ more… ]