ubuntu-usn

USN-3142-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3142-1 30th November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.2 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.2 imagemagick 8:6.8.9.9-7ubuntu8.2 imagemagick-6.q16 8:6.8.9.9-7ubuntu8.2 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.2 Ubuntu 16.04 LTS: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.3 imagemagick 8:6.8.9.9-7ubuntu5.3 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.3 [ more… ]

USN-3139-1: Vim vulnerability Ubuntu Security Notice USN-3139-1 28th November, 2016 vim vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Vim could be made to run programs as your login if it opened a specially crafted file. Software description vim – Vi IMproved – enhanced vi editor Details Florian Larysch discovered that the Vim text editor did not properlyvalidate values for the 'filetype', 'syntax', and 'keymap' options. Anattacker could trick a user into opening a file with specially craftedmodelines and possibly execute arbitrary code with the user's privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: vim-common 2:7.4.1829-1ubuntu2.1 vim-runtime 2:7.4.1829-1ubuntu2.1 vim-gui-common 2:7.4.1829-1ubuntu2.1 vim 2:7.4.1829-1ubuntu2.1 Ubuntu 16.04 LTS: vim-common 2:7.4.1689-3ubuntu1.2 vim-runtime 2:7.4.1689-3ubuntu1.2 vim-gui-common 2:7.4.1689-3ubuntu1.2 vim 2:7.4.1689-3ubuntu1.2 [ more… ]

USN-3138-1: python-cryptography vulnerability Ubuntu Security Notice USN-3138-1 28th November, 2016 python-cryptography vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary python-cryptography could generate incorrect keys. Software description python-cryptography – Cryptography Python library Details Markus Döring discovered that python-cryptography incorrectly handledcertain HKDF lengths. This could result in python-cryptography returning anempty string instead of the expected derived key. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python3-cryptography 1.5-2ubuntu0.1 python-cryptography 1.5-2ubuntu0.1 Ubuntu 16.04 LTS: python3-cryptography 1.2.3-1ubuntu0.1 python-cryptography 1.2.3-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-9243 Source: USN-3138-1: python-cryptography vulnerability

USN-3135-2: GStreamer Good Plugins vulnerability Ubuntu Security Notice USN-3135-2 28th November, 2016 gst-plugins-good0.10, gst-plugins-good1.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer could be made to crash or run programs as your login if it opened a specially crafted file. Software description gst-plugins-good0.10 – GStreamer plugins gst-plugins-good1.0 – GStreamer plugins Details USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The originalsecurity fix was incomplete. This update fixes the problem. Original advisory details: Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the [ more… ]

USN-3137-1: MoinMoin vulnerabilities Ubuntu Security Notice USN-3137-1 23rd November, 2016 moin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in MoinMoin. Software description moin – Collaborative hypertext environment Details It was discovered that MoinMoin did not properly sanitize certain inputs,resulting in cross-site scripting (XSS) vulnerabilities. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploitthis to modify the contents, or steal confidential data, within the samedomain. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python-moinmoin 1.9.8-1ubuntu1.16.10.1 Ubuntu 16.04 LTS: python-moinmoin 1.9.8-1ubuntu1.16.04.1 Ubuntu 14.04 LTS: python-moinmoin 1.9.7-1ubuntu2.1 Ubuntu 12.04 LTS: python-moinmoin 1.9.3-1ubuntu2.3 To update your system, please follow these [ more… ]