ubuntu-usn

USN-3225-1: libarchive vulnerabilities Ubuntu Security Notice USN-3225-1 9th March, 2017 libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file. Software description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled hardlink entries whenextracting archives. A remote attacker could possibly use this issue tooverwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered thatlibarchive incorrectly handled filename lengths when writing ISO9660archives. A remote attacker could use this issue to cause libarchive tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS andUbuntu 16.04 LTS. [ more… ]

USN-3223-1: KDE-Libs vulnerability Ubuntu Security Notice USN-3223-1 9th March, 2017 kde4libs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary KDE-Libs could be made to expose sensitive information over the network. Software description kde4libs – KDE 4 core applications and libraries Details Itzik Kotler, Yonatan Fridburg, and Amit Klein discovered that KDE-Libsincorrectly handled certain PAC files. A remote attacker could possibly usethis issue to obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: kdelibs5-plugins 4:4.13.3-0ubuntu0.4 Ubuntu 12.04 LTS: kdelibs5-plugins 4:4.8.5-0ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2017-6410 Source: USN-3223-1: KDE-Libs vulnerability

USN-3224-1: LXC vulnerability Ubuntu Security Notice USN-3224-1 9th March, 2017 lxc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LXC could be made to create arbitrary virtual network interfaces as an administrator. Software description lxc – Linux Containers userspace tools Details Jann Horn discovered that LXC incorrectly verified permissions when creatingvirtual network interfaces. A local attacker could possibly use this issue tocreate virtual network interfaces in network namespaces that they do not own. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: lxc-common 2.0.7-0ubuntu1~16.10.2 Ubuntu 16.04 LTS: lxc-common 2.0.7-0ubuntu1~16.04.2 Ubuntu 14.04 LTS: lxc 1.0.9-0ubuntu3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-5985 Source: [ more… ]

USN-3220-3: Linux kernel (AWS) vulnerability Ubuntu Security Notice USN-3220-3 8th March, 2017 linux-aws vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details USN-3220-1 fixed a vulnerability in the Linux kernel. This updateprovides the corresponding updates for the Linux kernel for AmazonWeb Services (AWS). Alexander Popov discovered that the N_HDLC line discipline implementationin the Linux kernel contained a double-free vulnerability. A local attackercould use this to cause a denial of service (system crash) or possibly gainadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1007-aws 4.4.0-1007.16 linux-image-aws 4.4.0.1007.8 To update your system, please follow these instructions: [ more… ]

USN-3222-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3222-1 8th March, 2017 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.4 imagemagick 8:6.8.9.9-7ubuntu8.4 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.4 imagemagick-6.q16 8:6.8.9.9-7ubuntu8.4 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.4 Ubuntu 16.04 LTS: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.5 imagemagick 8:6.8.9.9-7ubuntu5.5 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.5 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.5 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.5 [ more… ]