ubuntu-usn

USN-3156-1: APT vulnerability Ubuntu Security Notice USN-3156-1 13th December, 2016 apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary An attacker could trick APT into installing altered packages. Software description apt – Advanced front-end for dpkg Details Jann Horn discovered that APT incorrectly handled InRelease files.If a remote attacker were able to perform a man-in-the-middle attack, thisflaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: apt 1.3.2ubuntu0.1 Ubuntu 16.04 LTS: apt 1.2.15ubuntu0.2 Ubuntu 14.04 LTS: apt 1.0.1ubuntu2.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1252 Source: USN-3156-1: APT vulnerability

USN-3153-1: Oxide vulnerabilities Ubuntu Security Notice USN-3153-1 9th December, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple vulnerabilities were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,read uninitialized memory, obtain sensitive information, spoof thewebview URL, bypass same origin restrictions, cause a denial of servicevia application crash, or execute arbitrary code. (CVE-2016-5204,CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212,CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226,CVE-2016-9650, CVE-2016-9652) Multiple vulnerabilities were discovered in V8. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit these to obtain sensitive information, cause a [ more… ]

USN-3154-1: OpenJDK 6 vulnerabilities Ubuntu Security Notice USN-3154-1 7th December, 2016 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details It was discovered that OpenJDK did not restrict the set of algorithms usedfor Jar integrity verification. An attacker could use this to modifywithout detection the content of a JAR file, affecting system integrity.(CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficientlyperform classloader consistency checks. An attacker could use this tobypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properlycheck received Java Debug Wire Protocol (JDWP) packets. An attacker coulduse this to send debugging commands to a Java application with debuggingenabled. (CVE-2016-5573) [ more… ]

USN-3151-1: Linux kernel vulnerability Ubuntu Security Notice USN-3151-1 5th December, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel Details Philip Pettersson discovered a race condition in the af_packetimplementation in the Linux kernel. A local unprivileged attacker could usethis to cause a denial of service (system crash) or run arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-powerpc-smp 4.4.0.53.56 linux-image-4.4.0-53-generic 4.4.0-53.74 linux-image-4.4.0-53-generic-lpae 4.4.0-53.74 linux-image-generic 4.4.0.53.56 linux-image-powerpc-e500mc 4.4.0.53.56 linux-image-lowlatency 4.4.0.53.56 linux-image-4.4.0-53-lowlatency 4.4.0-53.74 linux-image-4.4.0-53-powerpc-smp 4.4.0-53.74 linux-image-powerpc64-smp 4.4.0.53.56 linux-image-generic-lpae 4.4.0.53.56 linux-image-4.4.0-53-powerpc64-emb 4.4.0-53.74 linux-image-4.4.0-53-powerpc64-smp 4.4.0-53.74 linux-image-powerpc64-emb 4.4.0.53.56 linux-image-4.4.0-53-powerpc-e500mc 4.4.0-53.74 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-3150-1: Linux kernel vulnerability Ubuntu Security Notice USN-3150-1 5th December, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel Details Philip Pettersson discovered a race condition in the af_packetimplementation in the Linux kernel. A local unprivileged attacker could usethis to cause a denial of service (system crash) or run arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-118-powerpc-smp 3.2.0-118.161 linux-image-powerpc-smp 3.2.0.118.133 linux-image-3.2.0-118-highbank 3.2.0-118.161 linux-image-3.2.0-118-powerpc64-smp 3.2.0-118.161 linux-image-3.2.0-118-virtual 3.2.0-118.161 linux-image-3.2.0-118-generic-pae 3.2.0-118.161 linux-image-3.2.0-118-generic 3.2.0-118.161 linux-image-generic-pae 3.2.0.118.133 linux-image-highbank 3.2.0.118.133 linux-image-3.2.0-118-omap 3.2.0-118.161 linux-image-virtual 3.2.0.118.133 linux-image-powerpc64-smp 3.2.0.118.133 linux-image-generic 3.2.0.118.133 linux-image-omap 3.2.0.118.133 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]