ubuntu-usn

USN-3120-1: Memcached vulnerabilities Ubuntu Security Notice USN-3120-1 2nd November, 2016 memcached vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Memcached could be made to crash or run programs if it received specially crafted network traffic. Software description memcached – A high-performance memory object caching system Details Aleksandar Nikolic discovered that Memcached incorrectly handled certainmalformed commands. A remote attacker could use this issue to causeMemcached to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: memcached 1.4.25-2ubuntu2.1 Ubuntu 16.04 LTS: memcached 1.4.25-2ubuntu1.2 Ubuntu 14.04 LTS: memcached 1.4.14-0ubuntu9.1 Ubuntu 12.04 LTS: memcached 1.4.13-0ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3113-1: Oxide vulnerabilities Ubuntu Security Notice USN-3113-1 2nd November, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details It was discovered that a long running unload handler could cause anincognito profile to be reused in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to obtain sensitive information. (CVE-2016-1586) Multiple security vulnerabilities were discovered in Chromium. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,spoof an application's URL bar, obtain sensitive information, cause adenial of service via application crash, or execute arbitrary code.(CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, [ more… ]

USN-3119-1: Bind vulnerability Ubuntu Security Notice USN-3119-1 1st November, 2016 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details Tony Finch and Marco Davids discovered that Bind incorrectly handledcertain responses containing a DNAME answer. A remote attacker couldpossibly use this issue to cause Bind to crash, resulting in a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3118-1: Mailman vulnerabilities Ubuntu Security Notice USN-3118-1 1st November, 2016 mailman vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Mailman. Software description mailman – Powerful, web-based mailing list manager Details It was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were tricked into visiting a malicious website whilelogged into Mailman, a remote attacker could perform administrativeactions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123) Nishant Agarwala discovered that the Mailman user options page did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were tricked into visiting a malicious website whilelogged into Mailman, a remote attacker could modify user options.(CVE-2016-6893) Update instructions The problem can be corrected [ more… ]

USN-3117-1: GD library vulnerabilities Ubuntu Security Notice USN-3117-1 1st November, 2016 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details Ibrahim El-Sayed discovered that the GD library incorrectly handled certainmalformed Tiff images. If a user or automated system were tricked intoprocessing a specially crafted Tiff image, an attacker could cause a denialof service. (CVE-2016-6911) Ke Liu discovered that the GD library incorrectly handled certain integerswhen processing WebP images. If a user or automated system were trickedinto processing a specially crafted WebP image, an attacker could cause adenial of service, or possibly execute arbitrary code. This issue onlyapplied [ more… ]