ubuntu-usn

USN-3103-1: DBD::mysql vulnerabilities Ubuntu Security Notice USN-3103-1 13th October, 2016 libdbd-mysql-perl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary DBD::mysql could be made to crash or run programs if it received specially crafted input. Software description libdbd-mysql-perl – Perl5 database interface to the MySQL database Details It was discovered that DBD::mysql incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause DBD::mysql tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2014-9906) Hanno Böck discovered that DBD::mysql incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause DBD::mysql tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2015-8949) Pali Rohár discovered that DBD::mysql incorrectly handled certain usersupplied data. A remote attacker could use this issue to cause DBD::mysqlto crash, [ more… ]

USN-3102-1: Quagga vulnerabilities Ubuntu Security Notice USN-3102-1 13th October, 2016 quagga vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Quagga. Software description quagga – BGP/OSPF/RIP routing daemon Details It was discovered that Quagga incorrectly handled dumping data. A remoteattacker could possibly use a large BGP packet to cause Quagga to crash,resulting in a denial of service. (CVE-2016-4049) It was discovered that the Quagga package incorrectly set permissions onthe configuration directory. A local user could use this issue to possiblyobtain sensitive information. (CVE-2016-4036) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.1 Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.2 Ubuntu 12.04 LTS: quagga 0.99.20.1-0ubuntu0.12.04.5 To update your system, please follow these [ more… ]

USN-3101-1: Tracker vulnerability Ubuntu Security Notice USN-3101-1 12th October, 2016 tracker vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Tracker could be made to crash if it opened a specially crafted file. Software description tracker – metadata database, indexer and search tool Details It was discovered that Tracker incorrectly handled certain malformed GIFimages. If a user or automated system were tricked into downloading aspecially-crafted GIF image, Tracker could crash, resulting in a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: tracker-extract 1.6.2-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to makeall the necessary changes. References LP: 1178402 Source: USN-3101-1: Tracker vulnerability

USN-3100-1: KDE-PIM Libraries vulnerability Ubuntu Security Notice USN-3100-1 12th October, 2016 kdepimlibs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary KMail could be made to run HTML if it opened a specially crafted email. Software description kdepimlibs – the KDE PIM libraries Details Roland Tapken discovered that the KDE-PIM Libraries incorrectly filteredURLs. A remote attacker could use this issue to perform an HTML injectionattack in the KMail plain text viewer. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libkpimutils4 4:4.8.5-0ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart KMail to make all thenecessary changes. References CVE-2016-7966 Source: USN-3100-1: KDE-PIM Libraries vulnerability

USN-3099-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3099-3 11th October, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Vladimír Beneš discovered an unbounded recursion in the VLAN and TEBGeneric Receive Offload (GRO) processing implementations in the Linuxkernel, A remote attacker could use this to cause a stack corruption,leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCPretransmit queue handling code in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controllerdriver in the Linux kernel [ more… ]