ubuntu-usn

USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities Ubuntu Security Notice USN-3000-1 10th June, 2016 linux-lts-utopic vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic for Trusty Details Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linuxkernel incorrectly enables scatter/gather I/O. A remote attacker could usethis to obtain potentially sensitive information from kernel memory.(CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap()handler of a lower filesystem that did not implement one, causing arecursive page fault to occur. A local unprivileged attacker could use tocause a denial of service (system crash) or possibly execute arbitrary codewith administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USBover wifi device [ more… ]

USN-2995-1: Squid vulnerabilities Ubuntu Security Notice USN-2995-1 9th June, 2016 squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Squid. Software description squid3 – Web proxy cache server Details Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly causeSquid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectlyhandled certain crafted data. A remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-4051) It was discovered that Squid incorrectly handled certain Edge Side Includes(ESI) responses. A remote [ more… ]

USN-2993-1: Firefox vulnerabilities Ubuntu Security Notice USN-2993-1 9th June, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, ChristophDiehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawadiscovered multiple memory safety issues in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818) A buffer overflow was discovered when parsing HTML5 fragments in somecircumstances. If a [ more… ]

USN-2994-1: libxml2 vulnerabilities Ubuntu Security Notice USN-2994-1 6th June, 2016 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libxml2. Software description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled certain malformeddocuments. If a user or automated system were tricked into opening aspecially crafted document, an attacker could possibly cause libxml2 tocrash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073,CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformeddocuments. If a user or automated system were tricked into opening aspecially crafted document, an attacker could cause libxml2 to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certainmalformed documents. If a [ more… ]

USN-2992-1: Oxide vulnerabilities Ubuntu Security Notice USN-2992-1 6th June, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details An unspecified security issue was discovered in Blink. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to bypass same-origin restrictions.(CVE-2016-1673) An issue was discovered with Document reattachment in Blink in somecircumstances. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to bypass same-originrestrictions. (CVE-2016-1675) A type confusion bug was discovered in V8. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploitthis to obtain sensitive information. (CVE-2016-1677) [ more… ]