ubuntu-usn

USN-3184-1: Irssi vulnerabilities Ubuntu Security Notice USN-3184-1 1st February, 2017 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Irssi. Software description irssi – terminal based IRC client Details It was discovered that the Irssi buf.pl script set incorrect permissions. Alocal attacker could use this issue to retrieve another user's windowcontents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5193) It was discovered that Irssi incorrectly handled invalid nick messages. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5194) Joseph Bisch discovered [ more… ]

USN-3182-1: NTFS-3G vulnerability Ubuntu Security Notice USN-3182-1 1st February, 2017 ntfs-3g vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary NTFS-3G could be made to load kernel modules as an administrator. Software description ntfs-3g – read/write NTFS driver for FUSE Details Jann Horn discovered that NTFS-3G incorrectly filtered environment variableswhen using the modprobe utility. A local attacker could possibly use this issueto load arbitrary kernel modules. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: ntfs-3g 1:2016.2.22AR.1-3ubuntu0.1 Ubuntu 16.04 LTS: ntfs-3g 1:2015.3.14AR.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-0358 Source: USN-3182-1: NTFS-3G vulnerability

USN-3181-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-3181-1 31st January, 2017 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Guido Vranken discovered that OpenSSL used undefined behaviour whenperforming pointer arithmetic. A remote attacker could possibly use thisissue to cause OpenSSL to crash, resulting in a denial of service. Thisissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as otherreleases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomerymultiplication, resulting in incorrect results leading to transientfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10.(CVE-2016-7055) It was discovered that OpenSSL did not [ more… ]

USN-3165-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3165-1 27th January, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple memory safety issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted message, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on <marquee> elementswere executed despite a Content Security Policy (CSP) that disallowedinline JavaScript. If a user were tricked in to opening a speciallycrafted website in a browsing context, an attacker could potentiallyexploit this to conduct cross-site scripting (XSS) attacks.(CVE-2016-9895) A memory corruption [ more… ]

USN-3175-1: Firefox vulnerabilities Ubuntu Security Notice USN-3175-1 27th January, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple memory safety issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in somecircumstances. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to cause a denial ofservice via application crash, or execute [ more… ]