ubuntu-usn

USN-3235-1: libxml2 vulnerabilities Ubuntu Security Notice USN-3235-1 16th March, 2017 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libxml2. Software description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled format strings. If auser or automated system were tricked into opening a specially crafteddocument, an attacker could possibly cause libxml2 to crash, resulting in adenial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformeddocuments. If a user or automated system were tricked into opening aspecially crafted document, an attacker could cause libxml2 to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2016-4658) Nick Wellnhofer discovered [ more… ]

USN-3234-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3234-2 15th March, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kerneldid not properly validate meta block groups. An attacker with physicalaccess could use this to specially craft an ext4 image that causes a denialof service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit duringa setxattr call on a tmpfs filesystem. A local [ more… ]

USN-3234-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3234-1 15th March, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors Details Ralf Spenneberg discovered that the ext4 implementation in the Linux kerneldid not properly validate meta block groups. An attacker with physicalaccess could use this to specially craft an ext4 image that causes a denialof service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit duringa setxattr call on a tmpfs filesystem. [ more… ]

USN-3232-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3232-1 14th March, 2017 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.5 imagemagick 8:6.8.9.9-7ubuntu8.5 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.5 imagemagick-6.q16 8:6.8.9.9-7ubuntu8.5 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.5 Ubuntu 16.04 LTS: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.6 imagemagick 8:6.8.9.9-7ubuntu5.6 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.6 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.6 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.6 [ more… ]

USN-3231-1: Pidgin vulnerability Ubuntu Security Notice USN-3231-1 14th March, 2017 pidgin vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Pidgin could be made to crash or run programs if it received specially crafted network traffic. Software description pidgin – graphical multi-protocol instant messaging client for X Details Joseph Bisch discovered that Pidgin incorrectly handled certain xmlmessages. A remote attacker could use this issue to cause Pidgin to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libpurple0 1:2.10.9-0ubuntu3.4 Ubuntu 12.04 LTS: libpurple0 1:2.10.3-0ubuntu1.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Pidgin to make all thenecessary changes. References [ more… ]