ubuntu-usn

USN-3243-1: Git vulnerability Ubuntu Security Notice USN-3243-1 23rd March, 2017 git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Git could be made to run programs as your login if it explored a specially crafted repository. Software description git – fast, scalable, distributed revision control system Details It was discovered that Git incorrectly sanitized branch names in the PS1variable when configured to display the repository status in the shellprompt. If a user were tricked into exploring a malicious repository, aremote attacker could use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-3242-1: Samba vulnerability Ubuntu Security Notice USN-3242-1 23rd March, 2017 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details Jann Horn discovered that Samba incorrectly handled symlinks. Anauthenticated remote attacker could use this issue to access files on theserver outside of the exported directories. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: samba 2:4.4.5+dfsg-2ubuntu5.4 Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.5 Ubuntu 14.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.14.04.6 Ubuntu 12.04 LTS: samba 2:3.6.25-0ubuntu0.12.04.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3241-1: audiofile vulnerabilities Ubuntu Security Notice USN-3241-1 22nd March, 2017 audiofile vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary audiofile could be made to crash or run programs if it opened a specially crafted file. Software description audiofile – Open-source version of the SGI audiofile library Details Agostino Sarubbo discovered that audiofile incorrectly handled certainmalformed audio files. If a user or automated system were tricked intoprocessing a specially crafted audio file, a remote attacker could causeapplications linked against audiofile to crash, leading to a denial ofservice, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libaudiofile1 0.3.6-2ubuntu0.14.04.2 Ubuntu 12.04 LTS: libaudiofile1 0.3.3-2ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3239-2: GNU C Library Regression Ubuntu Security Notice USN-3239-2 21st March, 2017 eglibc, glibc regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3239-1 introduced a regression in the GNU C Library. Software description eglibc – GNU C Library glibc – GNU C Library Details USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,the fix for CVE-2015-5180 introduced an internal ABI change withinthe resolver library. This update reverts the change. We apologizefor the inconvenience. Please note that long-running services that were restarted to compensatefor the USN-3239-1 update may need to be restarted again. Original advisory details: It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This [ more… ]

USN-3239-1: GNU C Library vulnerabilities Ubuntu Security Notice USN-3239-1 20th March, 2017 eglibc, glibc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in the GNU C Library. Software description eglibc – GNU C Library glibc – GNU C Library Details It was discovered that the GNU C Library incorrectly handled thestrxfrm() function. An attacker could use this issue to cause a denialof service or possibly execute arbitrary code. This issue only affectedUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the_IO_wstr_overflow() function of the GNU C Library. An attacker coulduse this to cause a denial of service or possibly execute arbitrarycode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04LTS. (CVE-2015-8983) It [ more… ]