ubuntu-usn

USN-3210-1: LibreOffice vulnerability Ubuntu Security Notice USN-3210-1 23rd February, 2017 LibreOffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary LibreOffice could be made to disclose files if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details Ben Hayak discovered that it was possible to make LibreOffice Calc and Writerdisclose arbitrary files to an attacker if a user opened a specially craftedfile with embedded links. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libreoffice-base 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-calc 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-common 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-math 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-writer 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-base-core 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial1 Ubuntu 14.04 LTS: libreoffice-base 1:4.2.8-0ubuntu5 libreoffice-calc 1:4.2.8-0ubuntu5 libreoffice-common 1:4.2.8-0ubuntu5 libreoffice-math 1:4.2.8-0ubuntu5 libreoffice-writer 1:4.2.8-0ubuntu5 libreoffice 1:4.2.8-0ubuntu5 libreoffice-base-core 1:4.2.8-0ubuntu5 libreoffice-core 1:4.2.8-0ubuntu5 Ubuntu 12.04 LTS: [ more… ]

USN-3211-1: PHP vulnerabilities Ubuntu Security Notice USN-3211-1 23rd February, 2017 php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in PHP. Software description php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certainwddxPacket XML documents. A remote attacker could use this issue to causePHP to crash, resulting in a denial of [ more… ]

USN-3142-2: ImageMagick regression Ubuntu Security Notice USN-3142-2 22nd February, 2017 imagemagick regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3142-1 introduced a regression in ImageMagick. Software description imagemagick – Image manipulation programs and library Details USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixesintroduced a regression with text labels and a regression with the textcoder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update instructions The problem can be [ more… ]

USN-3206-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3206-1 21st February, 2017 linux, linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that a use-after-free vulnerability existed in the blockdevice layer of the Linux kernel. A local attacker could use this to causea denial of service (system crash) or possibly gain administrativeprivileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in thesys_ioprio_get() function in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly gainadministrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCPimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (system [ more… ]

USN-3208-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3208-1 22nd February, 2017 linux, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-snapdragon – Linux kernel for Snapdragon Processors Details It was discovered that the generic SCSI block layer in the Linux kernel didnot properly restrict write operations in certain situations. A localattacker could use this to cause a denial of service (system crash) orpossibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel didnot properly perform reference counting in some situations. An unprivilegedattacker could use this to cause a denial of service (system hang).(CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernelmismanages the #BP and #OF exceptions. A local [ more… ]