ubuntu-usn

USN-3251-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3251-2 29th March, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the xfrm framework for transforming packets in theLinux kernel did not properly validate data received from user space. Alocal attacker could use this to cause a denial of service (system crash)or execute arbitrary code with administrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 [ more… ]

USN-3249-2: Linux kernel (Xenial HWE) vulnerability Ubuntu Security Notice USN-3249-2 29th March, 2017 linux-lts-xenial vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that the xfrm framework for transforming packets in theLinux kernel did not properly validate data received from user space. Alocal attacker could use this to cause a denial of service (system crash)or execute arbitrary code with administrative privileges. Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3250-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3250-2 29th March, 2017 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. It was discovered that the xfrm framework for transforming packets in theLinux kernel did not properly validate data received from user space. Alocal attacker could use this to cause a denial of service (system crash)or execute arbitrary code with administrative privileges. Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3236-1: Oxide vulnerabilities Ubuntu Security Notice USN-3236-1 29th March, 2017 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple vulnerabilities were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to obtain sensitive information, spoofapplication UI by causing the security status API or webview URL toindicate the wrong values, bypass security restrictions, cause a denialof service via application crash, or execute arbitrary code.(CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033,CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044,CVE-2017-5045, CVE-2017-5046) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: liboxideqtcore0 1.21.5-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: liboxideqtcore0 1.21.5-0ubuntu0.16.04.1 Ubuntu [ more… ]

USN-3247-1: AppArmor vulnerability Ubuntu Security Notice USN-3247-1 28th March, 2017 apparmor vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary AppArmor could remove the confinement from some programs. Software description apparmor – Linux security system Details Stéphane Graber discovered that AppArmor incorrectly unloaded some profileswhen restarted or upgraded, contrary to expected behavior. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: apparmor 2.10.95-4ubuntu5.3 Ubuntu 16.04 LTS: apparmor 2.10.95-0ubuntu2.6 Ubuntu 14.04 LTS: apparmor 2.10.95-0ubuntu2.6~14.04.1 Ubuntu 12.04 LTS: apparmor 2.7.102-0ubuntu3.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. A new utility, called aa-remove-unknown, was added to assist with profiles thatwould have [ more… ]