ubuntu-usn

USN-3047-1: QEMU vulnerabilities Ubuntu Security Notice USN-3047-1 4th August, 2016 qemu, qemu-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer qemu-kvm – Machine emulator and virtualizer Details Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSIcontroller emulation. A privileged attacker inside the guest could use thisissue to cause QEMU to crash, resulting in a denial of service, or possiblyexecute arbitrary code on the host. In the default installation, when QEMUis used with libvirt, attackers would be isolated by the libvirt AppArmorprofile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351) Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled theVMWare VGA module. [ more… ]

USN-3046-1: LibreOffice vulnerability Ubuntu Security Notice USN-3046-1 4th August, 2016 libreoffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details Yves Younan and Richard Johnson discovered that LibreOffice incorrectlyhandled presentation files. If a user were tricked into opening aspecially crafted presentation file, a remote attacker could causeLibreOffice to crash, and possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libreoffice-core 1:3.5.7-0ubuntu12 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice to makeall the necessary changes. References CVE-2016-1513 Source: USN-3046-1: LibreOffice vulnerability

USN-3045-1: PHP vulnerabilities Ubuntu Security Notice USN-3045-1 2nd August, 2016 php5, php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain SplMinHeap::compareoperations. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. Aremote attacker could use this issue to cause PHP to crash, resulting in adenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu14.04 LTS. (CVE-2015-8873) It was discovered that PHP [ more… ]

USN-3043-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-3043-1 27th July, 2016 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service, expose sensitive dataover the network, or possibly execute arbitrary code. (CVE-2016-3587,CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive dataover the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto availability. An attacker could exploit these to cause a denialof service. (CVE-2016-3500, CVE-2016-3508) A vulnerability was discovered in the OpenJDK [ more… ]

USN-3042-1: KDE-Libs vulnerability Ubuntu Security Notice USN-3042-1 26th July, 2016 kde4libs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary KDE-Libs could be made to overwrite files. Software description kde4libs – KDE 4 core applications and libraries Details Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handledextracting certain archives. If a user were tricked into extracting aspecially-crafted archive, a remote attacker could use this issue tooverwrite arbitrary files out of the extraction directory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libkdecore5 4:4.14.13-0ubuntu1.1 Ubuntu 14.04 LTS: libkdecore5 4:4.13.3-0ubuntu0.3 Ubuntu 12.04 LTS: libkdecore5 4:4.8.5-0ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2016-6232 [ more… ]