ubuntu-usn

USN-3246-1: Eject vulnerability Ubuntu Security Notice USN-3246-1 27th March, 2017 eject vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Eject could be made to run programs as an administrator. Software description eject – ejects CDs and operates CD-Changers under Linux Details Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuidand setgid return values. A local attacker could use this issue to execute codeas an administrator. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 Ubuntu 16.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 Ubuntu 14.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 Ubuntu 12.04 LTS: eject 2.1.5+deb1+cvs20081104-9ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-6964 Source: [ more… ]

USN-3245-1: GStreamer Good Plugins vulnerabilities Ubuntu Security Notice USN-3245-1 27th March, 2017 gst-plugins-good0.10, gst-plugins-good1.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer Good Plugins could be made to crash if it opened a specially crafted file. Software description gst-plugins-good0.10 – GStreamer plugins gst-plugins-good1.0 – GStreamer plugins Details Hanno Böck discovered that GStreamer Good Plugins did not correctly handlecertain malformed media files. If a user were tricked into opening acrafted media file with a GStreamer application, an attacker could cause adenial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: gstreamer1.0-plugins-good 1.8.3-1ubuntu1.3 Ubuntu 16.04 LTS: gstreamer1.0-plugins-good 1.8.3-1ubuntu0.4 Ubuntu 14.04 LTS: gstreamer0.10-plugins-good 0.10.31-3+nmu1ubuntu5.3 gstreamer1.0-plugins-good 1.2.4-1~ubuntu1.4 Ubuntu 12.04 LTS: gstreamer0.10-plugins-good 0.10.31-1ubuntu1.5 To [ more… ]

USN-3244-1: GStreamer Base Plugins vulnerabilities Ubuntu Security Notice USN-3244-1 27th March, 2017 gst-plugins-base0.10, gst-plugins-base1.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer Base Plugins could be made to crash if it opened a specially crafted file. Software description gst-plugins-base0.10 – GStreamer Plugins gst-plugins-base1.0 – GStreamer Plugins Details Hanno Böck discovered that GStreamer Base Plugins did not correctly handlecertain malformed media files. If a user were tricked into opening acrafted media file with a GStreamer application, an attacker could cause adenial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: gstreamer1.0-plugins-base 1.8.3-1ubuntu1.1 Ubuntu 16.04 LTS: gstreamer1.0-plugins-base 1.8.3-1ubuntu0.2 Ubuntu 14.04 LTS: gstreamer1.0-plugins-base 1.2.4-1~ubuntu2.1 gstreamer0.10-plugins-base 0.10.36-1.1ubuntu2.1 Ubuntu 12.04 LTS: gstreamer0.10-plugins-base 0.10.36-1ubuntu0.2 To [ more… ]

USN-3233-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3233-1 24th March, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing context,an attacker could potentially exploit these to bypass same originrestrictions, obtain sensitive information, cause a denial of service viaapplication crash or hang, or execute arbitrary code. (CVE-2017-5398,CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405,CVE-2017-5407, CVE-2017-5408, CVE-2017-5410) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: thunderbird 1:45.8.0+build1-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: thunderbird 1:45.8.0+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: thunderbird 1:45.8.0+build1-0ubuntu0.14.04.1 Ubuntu 12.04 [ more… ]

USN-3239-3: GNU C Library regression Ubuntu Security Notice USN-3239-3 24th March, 2017 eglibc regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-3239-1 introduced a regression in the GNU C Library. Software description eglibc – GNU C Library Details USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,the fix for CVE-2016-3706 introduced a regression that in somecircumstances prevented IPv6 addresses from resolving. This updatereverts the change in Ubuntu 12.04 LTS. We apologize for the error. Original advisory details: It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of [ more… ]