ubuntu-usn

USN-3128-2: Linux kernel (Xenial HWE) vulnerability Ubuntu Security Notice USN-3128-2 11th November, 2016 linux-lts-xenial vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Ondrej Kozina discovered that the keyring interface in the Linux kernelcontained a buffer overflow when displaying timeout events via the/proc/keys interface. A local attacker could use this to cause a denial ofservice (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-powerpc-smp-lts-xenial 4.4.0.47.34 linux-image-4.4.0-47-powerpc64-emb 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-lowlatency [ more… ]

USN-3125-1: QEMU vulnerabilities Ubuntu Security Notice USN-3125-1 9th November, 2016 qemu, qemu-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer qemu-kvm – Machine emulator and virtualizer Details Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. Aprivileged attacker inside the guest could use this issue to cause QEMU toconsume resources, resulting in a denial of service. (CVE-2016-5403) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 networkcard emulation support. A privileged attacker inside the guest could usethis issue to cause QEMU to crash, resulting in a denial of service. Thisissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.(CVE-2016-6833, CVE-2016-6834, CVE-2016-6888) Li Qiang discovered that QEMU [ more… ]

USN-3123-1: curl vulnerabilities Ubuntu Security Notice USN-3123-1 3rd November, 2016 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details It was discovered that curl incorrectly reused client certificates whenbuilt with NSS. A remote attacker could possibly use this issue to hijackthe authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certainstrings. A remote attacker could possibly use this issue to cause curl tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remoteattacker could possibly use this issue to inject cookies for arbitrarydomains in the cookie [ more… ]

USN-3122-1: NVIDIA graphics drivers vulnerabilities Ubuntu Security Notice USN-3122-1 3rd November, 2016 nvidia-graphics-drivers-304, nvidia-graphics-drivers-340, nvidia-graphics-drivers-367 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NVIDIA graphics drivers could be made to run programs as an administrator. Software description nvidia-graphics-drivers-304 – NVIDIA binary X.Org driver nvidia-graphics-drivers-340 – NVIDIA binary X.Org driver nvidia-graphics-drivers-367 – NVIDIA binary X.Org driver Details It was discovered that the NVIDIA graphics drivers incorrectly sanitizeduser mode inputs. A local attacker could use this issue to possibly gainroot privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: nvidia-331 340.98-0ubuntu0.16.04.1 nvidia-current 304.132-0ubuntu0.16.04.2 nvidia-340-updates 340.98-0ubuntu0.16.04.1 nvidia-340 340.98-0ubuntu0.16.04.1 nvidia-331-updates 340.98-0ubuntu0.16.04.1 nvidia-361 367.57-0ubuntu0.16.04.1 nvidia-367 367.57-0ubuntu0.16.04.1 nvidia-304-updates 304.132-0ubuntu0.16.04.2 nvidia-304 304.132-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nvidia-331 340.98-0ubuntu0.14.04.1 nvidia-current 304.132-0ubuntu0.14.04.2 nvidia-352 367.57-0ubuntu0.14.04.1 nvidia-340-updates [ more… ]

USN-3121-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-3121-1 3rd November, 2016 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK did not properlycheck arguments of the System.arraycopy() function in certain cases. Anattacker could use this to bypass Java sandbox restrictions.(CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms usedfor Jar integrity verification. An attacker could use this to modifywithout detection the content of a JAR file, affecting system integrity.(CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficientlyperform classloader consistency checks. An attacker could use this tobypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot [ more… ]