ubuntu-usn

USN-3173-1: NVIDIA graphics drivers vulnerability Ubuntu Security Notice USN-3173-1 17th January, 2017 nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NVIDIA graphics drivers could be made to crash under certain conditions. Software description nvidia-graphics-drivers-304 – NVIDIA binary X.Org driver nvidia-graphics-drivers-340 – NVIDIA binary X.Org driver Details It was discovered that the NVIDIA graphics drivers contained a flaw in thekernel mode layer. A local attacker could use this issue to cause a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: nvidia-331 340.101-0ubuntu0.16.10.1 nvidia-current 304.134-0ubuntu0.16.10.1 nvidia-340-updates 340.101-0ubuntu0.16.10.1 nvidia-340 340.101-0ubuntu0.16.10.1 nvidia-331-updates 340.101-0ubuntu0.16.10.1 nvidia-304-updates 304.134-0ubuntu0.16.10.1 nvidia-304 304.134-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: nvidia-331 340.101-0ubuntu0.16.04.1 nvidia-current 304.134-0ubuntu0.16.04.1 nvidia-340-updates 340.101-0ubuntu0.16.04.1 nvidia-340 340.101-0ubuntu0.16.04.1 nvidia-331-updates 340.101-0ubuntu0.16.04.1 nvidia-304-updates 304.134-0ubuntu0.16.04.1 nvidia-304 [ more… ]

USN-3172-1: Bind vulnerabilities Ubuntu Security Notice USN-3172-1 12th January, 2017 bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Bind. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled certain malformed responsesto an ANY query. A remote attacker could possibly use this issue to causeBind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responsesto an ANY query. A remote attacker could possibly use this issue to causeBind to crash, resulting in a denial of service. (CVE-2016-9147) It was discovered that Bind incorrectly handled certain malformed DS recordresponses. A remote attacker could possibly use this issue to cause Bind tocrash, resulting in [ more… ]

USN-3171-1: LibVNCServer vulnerabilities Ubuntu Security Notice USN-3171-1 11th January, 2017 libvncserver vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in LibVNCServer. Software description libvncserver – vnc server library Details Josef Gajdusek discovered that the LibVNCServer client library incorrectlyhandled certain FrameBufferUpdate messages. If a user were tricked intoconnecting to a malicious server, an attacker could use this issue to causea denial of service, or possibly execute arbitrary code. (CVE-2016-9941,CVE-2016-9942) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libvncserver1 0.9.10+dfsg-3ubuntu0.16.10.1 libvncclient1 0.9.10+dfsg-3ubuntu0.16.10.1 Ubuntu 16.04 LTS: libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.1 libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.1 Ubuntu 14.04 LTS: libvncserver0 0.9.9+dfsg-1ubuntu1.2 Ubuntu 12.04 LTS: libvncserver0 0.9.8.2-2ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3169-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3169-1 11th January, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Dmitry Vyukov discovered that the KVM implementation in the Linux kerneldid not properly initialize the Code Segment (CS) in certain error cases. Alocal attacker could use this to expose sensitive information (kernelmemory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Baozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linuxkernel. A local attacker [ more… ]

USN-3168-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3168-2 11th January, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kerneldid not properly initialize the Code Segment (CS) in certain error cases. Alocal attacker could use this to expose sensitive information (kernelmemory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this [ more… ]