ubuntu-usn

USN-3159-1: Linux kernel vulnerability Ubuntu Security Notice USN-3159-1 20th December, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to expose sensitive information. Software description linux – Linux kernel Details It was discovered that a race condition existed in the procfsenviron_read function in the Linux kernel, leading to an integerunderflow. A local attacker could use this to expose sensitiveinformation (kernel memory). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-119-generic-pae 3.2.0-119.162 linux-image-3.2.0-119-omap 3.2.0-119.162 linux-image-powerpc-smp 3.2.0.119.134 linux-image-3.2.0-119-powerpc-smp 3.2.0-119.162 linux-image-generic-pae 3.2.0.119.134 linux-image-highbank 3.2.0.119.134 linux-image-3.2.0-119-powerpc64-smp 3.2.0-119.162 linux-image-virtual 3.2.0.119.134 linux-image-powerpc64-smp 3.2.0.119.134 linux-image-generic 3.2.0.119.134 linux-image-3.2.0-119-generic 3.2.0-119.162 linux-image-3.2.0-119-virtual 3.2.0-119.162 linux-image-omap 3.2.0.119.134 linux-image-3.2.0-119-highbank 3.2.0-119.162 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]

USN-3158-1: Samba vulnerabilities Ubuntu Security Notice USN-3158-1 19th December, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Frederic Besler and others discovered that the ndr_pull_dnsp_namfunction in Samba contained an integer overflow. An authenticatedattacker could use this to gain administrative privileges. This issueonly affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.(CVE-2016-2123) Simo Sorce discovered that that Samba clients always requesteda forwardable ticket when using Kerberos authentication. Anattacker could use this to impersonate an authenticated user orservice. (CVE-2016-2125) Volker Lendecke discovered that Kerberos PAC validation implementationin Samba contained multiple vulnerabilities. An authenticated attackercould use this to cause a denial of service or [ more… ]

USN-3156-2: APT regression Ubuntu Security Notice USN-3156-2 16th December, 2016 apt regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary USN-3156-1 introduced a regression in unattended-upgrades that may require manual intervention to repair. Software description apt – Advanced front-end for dpkg Details USN-3156-1 fixed vulnerabilities in APT. It also caused a bug inunattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at aterminal: sudo dpkg –configure –pendingsudo apt-get -f install This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to [ more… ]

USN-3157-1: Apport vulnerabilities Ubuntu Security Notice USN-3157-1 14th December, 2016 apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Apport could be made to run programs as your login if it opened a specially crafted file. Software description apport – automatically generate crash reports for debugging Details Donncha O Cearbhaill discovered that the crash file parser in Apportimproperly treated the CrashDB field as python code. An attacker coulduse this to convince a user to open a maliciously crafted crash fileand execute arbitrary code with the privileges of that user. This issueonly affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949) Donncha O Cearbhaill discovered that Apport did not properly sanitize thePackage and SourcePackage fields in crash files before processing packagespecific hooks. An attacker could [ more… ]

USN-3155-1: Firefox vulnerabilities Ubuntu Security Notice USN-3155-1 13th December, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security vulnerabilities were discovered in Firefox. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,obtain sensitive information, cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893,CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898,CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903,CVE-2016-9904) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: firefox 50.1.0+build2-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: firefox 50.1.0+build2-0ubuntu0.16.04.1 [ more… ]