ubuntu-usn

USN-3151-2: Linux kernel (Xenial HWE) vulnerability Ubuntu Security Notice USN-3151-2 5th December, 2016 linux-lts-xenial vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Philip Pettersson discovered a race condition in the af_packetimplementation in the Linux kernel. A local unprivileged attacker could usethis to cause a denial of service (system crash) or run arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-powerpc-smp-lts-xenial 4.4.0.53.40 linux-image-generic-lpae-lts-xenial [ more… ]

USN-3152-2: Linux kernel (Raspberry Pi 2) vulnerability Ubuntu Security Notice USN-3152-2 5th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash or run programs as an administrator. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Philip Pettersson discovered a race condition in the af_packetimplementation in the Linux kernel. A local unprivileged attacker could usethis to cause a denial of service (system crash) or run arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-4.8.0-1020-raspi2 4.8.0-1020.23 linux-image-raspi2 4.8.0.1020.23 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI [ more… ]

USN-3150-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-3150-2 5th December, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Philip Pettersson discovered a race condition in the af_packetimplementation in the Linux kernel. A local unprivileged attacker could usethis to cause a denial of service (system crash) or run arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1496-omap4 3.2.0-1496.123 linux-image-omap4 3.2.0.1496.91 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the [ more… ]

USN-3148-1: Ghostscript vulnerabilities Ubuntu Security Notice USN-3148-1 1st December, 2016 ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file. Software description ghostscript – PostScript and PDF interpreter Details Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscriptprocesses certain Postscript files. If a user or automated system were trickedinto opening a specially crafted file, an attacker could cause a denial ofservice or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978,CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in Ghostscript related to informationdisclosure. If a user or automated system were tricked into opening a speciallycrafted file, an attacker could expose sensitive data. (CVE-2013-5653,CVE-2016-7977) Update instructions The problem can be corrected [ more… ]

USN-3133-1: Oxide vulnerabilities Ubuntu Security Notice USN-3133-1 1st December, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple security vulnerabilities were discovered in Chromium. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit these to obtain sensitive information, cause a denialof service via application crash, or execute arbitrary code.(CVE-2016-5198, CVE-2016-5200, CVE-2016-5202) A heap-corruption issue was discovered in FFmpeg. If a user were trickedin to opening a specially crafted website, an attacker could potentiallyexploit this to cause a denial of service via application crash, orexecute arbitrary code. (CVE-2016-5199) Update instructions The problem can be corrected by updating your system to the [ more… ]