ubuntu-usn

USN-3199-1: Python Crypto vulnerability Ubuntu Security Notice USN-3199-1 16th February, 2017 Python Crypto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Programs using the Python Cryptography Toolkit could be made to crash or run programs if they receive specially crafted network traffic or other input. Software description python-crypto – cryptographic algorithms and protocols for Python Details It was discovered that the ALGnew function in block_templace.c in the PythonCryptography Toolkit contained a heap-based buffer overflow vulnerability.A remote attacker could use this flaw to execute arbitrary code by usinga crafted initialization vector parameter. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python3-crypto 2.6.1-6ubuntu0.16.10.2 python-crypto 2.6.1-6ubuntu0.16.10.2 Ubuntu 16.04 LTS: python3-crypto 2.6.1-6ubuntu0.16.04.1 python-crypto 2.6.1-6ubuntu0.16.04.1 Ubuntu 14.04 LTS: python3-crypto 2.6.1-4ubuntu0.1 python-crypto 2.6.1-4ubuntu0.1 [ more… ]

USN-3201-1: Bind vulnerabilities Ubuntu Security Notice USN-3201-1 16th February, 2017 bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled rewriting certain queryresponses when using both DNS64 and RPZ. A remote attacker could possiblyuse this issue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.3 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.5 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.13 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.21 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3200-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3200-1 16th February, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1 libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3198-1: OpenJDK 6 vulnerabilities Ubuntu Security Notice USN-3198-1 15th February, 2017 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details Karthik Bhargavan and Gaetan Leurent discovered that the DES andTriple DES ciphers were vulnerable to birthday attacks. A remoteattacker could possibly use this flaw to obtain clear text data fromlong encrypted sessions. This update moves those algorithms to thelegacy algorithm set and causes them to be used only if no non-legacyalgorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures usingnon-canonical DER encoding. An attacker could use this to modify orexpose sensitive data. (CVE-2016-5546) It was discovered that covert timing channel vulnerabilities existedin the DSA implementations in OpenJDK. A remote attacker could [ more… ]

USN-3197-1: libgc vulnerability Ubuntu Security Notice USN-3197-1 15th February, 2017 libgc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Applications using libgc could be made to crash or run programs as your login. Software description libgc – Boehm-Demers-Weiser garbage collecting storage allocator library Details Kuang-che Wu discovered that multiple integer overflow vulnerabilitiesexisted in libgc. An attacker could use these to cause a denial ofservice (application crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libgc1c2 1:7.4.2-8ubuntu0.1 Ubuntu 16.04 LTS: libgc1c2 1:7.4.2-7.3ubuntu0.1 Ubuntu 14.04 LTS: libgc1c2 1:7.2d-5ubuntu2.1 Ubuntu 12.04 LTS: libgc1c2 1:7.1-8ubuntu0.12.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]