ubuntu-usn

USN-3196-1: PHP vulnerabilities Ubuntu Security Notice USN-3196-1 14th February, 2017 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain arguments to thelocale_get_display_name function. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tohang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or [ more… ]

USN-3195-1: Nova-LXD vulnerability Ubuntu Security Notice USN-3195-1 9th February, 2017 nova-lxd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Nova-LXD could allow unintended access to LXD instances over the network. Software description nova-lxd – Openstack Compute – LXD container hypervisor support Details James Page discovered that Nova-LXD incorrectly set up virtual network deviceswhen creating LXD instances. This could result in an unintended firewallconfiguration. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: python-nova-lxd 13.2.0-0ubuntu1.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes fornew instances. However, existing instances will still be affected and must bemanually updated. References CVE-2017-5936, LP: 1656847 Source: USN-3195-1: Nova-LXD vulnerability

USN-3190-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3190-2 9th February, 2017 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Mikulas Patocka discovered that the asynchronous multibuffer cryptographicdaemon (mcryptd) in the Linux kernel did not properly handle being invokedwith incompatible algorithms. A local attacker could use this to cause adenial of service (system crash). (CVE-2016-10147) It was discovered that a use-after-free existed in the KVM susbsystem ofthe Linux kernel when creating devices. A local attacker could use this tocause a denial of service (system crash). (CVE-2016-10150) Qidan He discovered that the ICMP implementation in the Linux kernel didnot properly check the size of an ICMP header. A local attacker withCAP_NET_ADMIN could [ more… ]

USN-3187-2: Linux kernel (OMAP4) vulnerabilities Ubuntu Security Notice USN-3187-2 9th February, 2017 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFSimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (memory consumption). (CVE-2016-9685) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-omap4 3.2.0.1499.94 linux-image-3.2.0-1499-omap4 3.2.0-1499.126 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-3194-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-3194-1 8th February, 2017 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details Karthik Bhargavan and Gaetan Leurent discovered that the DES andTriple DES ciphers were vulnerable to birthday attacks. A remoteattacker could possibly use this flaw to obtain clear text data fromlong encrypted sessions. This update moves those algorithms to thelegacy algorithm set and causes them to be used only if no non-legacyalgorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures usingnon-canonical DER encoding. An attacker could use this to modify orexpose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify objectidentifier (OID) length when reading Distinguished [ more… ]