ubuntu-usn

USN-3215-1: Munin vulnerability Ubuntu Security Notice USN-3215-1 2nd March, 2017 munin vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Munin could be made to overwrite files. Software description munin – Network-wide graphing framework Details It was discovered that Munin incorrectly handled CGI graphs. A remoteattacker could use this issue to overwrite arbitrary files as the www-datauser. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: munin 2.0.19-3ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-6188 Source: USN-3215-1: Munin vulnerability

USN-3214-1: w3m vulnerabilities Ubuntu Security Notice USN-3214-1 2nd March, 2017 w3m vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in w3m. Software description w3m – WWW browsable pager with excellent tables/frames support Details A large number of security issues were discovered in the w3m browser. If auser were tricked into viewing a malicious website, a remote attacker couldexploit a variety of issues related to web browser security, includingcross-site scripting attacks, denial of service attacks, and arbitrary codeexecution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: w3m 0.5.3-15ubuntu0.1 Ubuntu 12.04 LTS: w3m 0.5.3-5ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3211-2: PHP regression Ubuntu Security Notice USN-3211-2 2nd March, 2017 php7.0 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary USN-3211-1 introduced a regression in PHP. Software description php7.0 – HTML-embedded scripting language interpreter Details USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15upstream release. PHP 7.0.15 introduced a regression when using MySQL withlarge blobs. This update fixes the problem with a backported fix. Original advisory details: It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, [ more… ]

USN-3213-1: GD library vulnerabilities Ubuntu Security Notice USN-3213-1 28th February, 2017 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details Stefan Esser discovered that the GD library incorrectly handled memory whenprocessing certain images. If a user or automated system were tricked intoprocessing a specially crafted image, an attacker could cause a denial ofservice, or possibly execute arbitrary code. This issue only affectedUbuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166) It was discovered that the GD library incorrectly handled certain malformedimages. If a user or automated system were tricked into processing aspecially crafted image, an attacker [ more… ]

USN-3212-1: LibTIFF vulnerabilities Ubuntu Security Notice USN-3212-1 27th February, 2017 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformedimages. If a user or automated system were tricked into opening a speciallycrafted image, a remote attacker could crash the application, leading to adenial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libtiff5 4.0.6-2ubuntu0.1 libtiff-tools 4.0.6-2ubuntu0.1 Ubuntu 16.04 LTS: libtiff5 4.0.6-1ubuntu0.1 libtiff-tools 4.0.6-1ubuntu0.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.6 libtiff-tools 4.0.3-7ubuntu0.6 [ more… ]