ubuntu-usn

USN-3187-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3187-1 3rd February, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFSimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (memory consumption). (CVE-2016-9685) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-121-powerpc-smp 3.2.0-121.164 linux-image-powerpc-smp 3.2.0.121.136 linux-image-3.2.0-121-highbank 3.2.0-121.164 linux-image-3.2.0-121-powerpc64-smp 3.2.0-121.164 linux-image-3.2.0-121-virtual 3.2.0-121.164 linux-image-3.2.0-121-generic 3.2.0-121.164 linux-image-3.2.0-121-generic-pae 3.2.0-121.164 linux-image-generic-pae 3.2.0.121.136 linux-image-highbank 3.2.0.121.136 linux-image-3.2.0-121-omap [ more… ]

USN-3177-2: Tomcat regression Ubuntu Security Notice USN-3177-2 2nd February, 2017 tomcat6, tomcat7 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3177-1 introduced a regression in Tomcat. Software description tomcat6 – Servlet and JSP engine tomcat7 – Servlet and JSP engine Details USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced aregression in environments where Tomcat is started with a security manager.This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain [ more… ]

USN-3183-1: GnuTLS vulnerabilities Ubuntu Security Notice USN-3183-1 1st February, 2017 gnutls26, gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GnuTLS. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Stefan Buehler discovered that GnuTLS incorrectly verified the seriallength of OCSP responses. A remote attacker could possibly use this issueto bypass certain certificate validation measures. This issue only appliedto Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts.A remote attacker could possibly use this issue to cause GnuTLS to hang,resulting in a denial of service. This issue has only been addressed inUbuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with aProxy [ more… ]

USN-3186-1: iucode-tool vulnerability Ubuntu Security Notice USN-3186-1 1st February, 2017 iucode-tool vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary iucode-tool could be made to crash or run programs if it opened a specially crafted file. Software description iucode-tool – Intel processor microcode tool Details It was discovered that iucode-tool incorrectly handled certain microcodeswhen using the -tr loader. If a user were tricked into processing aspecially crafted microcode, a remote attacker could use this issue tocause iucode-tool to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: iucode-tool 1.6.1-1ubuntu0.1 Ubuntu 16.04 LTS: iucode-tool 1.5.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-3185-1: libXpm vulnerability Ubuntu Security Notice USN-3185-1 1st February, 2017 libxpm vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libXpm could be made to crash or run programs if it opened a specially crafted file. Software description libxpm – X11 pixmap library Details It was discovered that libXpm incorrectly handled certain XPM files. If auser or automated system were tricked into opening a specially crafted XPMfile, a remote attacker could use this issue to cause libXpm to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libxpm4 1:3.5.11-1ubuntu0.16.10.1 Ubuntu 16.04 LTS: libxpm4 1:3.5.11-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: libxpm4 1:3.5.10-1ubuntu0.1 Ubuntu 12.04 LTS: libxpm4 1:3.5.9-4ubuntu0.1 To [ more… ]