ubuntu-usn

USN-2986-1: dosfstools vulnerabilities Ubuntu Security Notice USN-2986-1 31st May, 2016 dosfstools vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary dosfstools could be made to crash or run programs if it processed a specially crafted filesystem. Software description dosfstools – utilities for making and checking MS-DOS FAT filesystems Details Hanno Böck discovered that dosfstools incorrectly handled certain malformedfilesystems. A local attacker could use this issue to cause dosfstools tocrash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: dosfstools 3.0.28-2ubuntu0.1 Ubuntu 15.10: dosfstools 3.0.28-1ubuntu0.1 Ubuntu 14.04 LTS: dosfstools 3.0.26-1ubuntu0.1 Ubuntu 12.04 LTS: dosfstools 3.0.12-1ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]

USN-2985-2: GNU C Library regression Ubuntu Security Notice USN-2985-2 26th May, 2016 eglibc, glibc regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2985-1 introduced a regression in the GNU C Library. Software description eglibc – GNU C Library glibc – GNU C Library Details USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix forCVE-2014-9761 introduced a regression which affected applications thatuse the libm library but were not fully restarted after the upgrade.This update removes the fix for CVE-2014-9761 and a future updatewill be provided to address this issue. We apologize for the inconvenience. Original advisory details: Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose [ more… ]

USN-2985-1: GNU C Library vulnerabilities Ubuntu Security Notice USN-2985-1 25th May, 2016 eglibc, glibc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in the GNU C Library. Software description eglibc – GNU C Library glibc – GNU C Library Details Martin Carpenter discovered that pt_chown in the GNU C Library did notproperly check permissions for tty files. A local attacker could use thisto gain administrative privileges or expose sensitive information.(CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation inthe GNU C Library did not properly manage its file descriptors. An attackercould use this to cause a denial of service (infinite loop).(CVE-2014-8121) Joseph Myers discovered that the GNU C Library did not properly handle longarguments to functions returning a representation [ more… ]

USN-2950-5: Samba regression Ubuntu Security Notice USN-2950-5 25th May, 2016 samba regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary USN-2950-1 introduced a regression in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba toversion 4.3.9, which introduced a regression when using the ntlm_auth tool.This update fixes the problem. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to [ more… ]

USN-2984-1: PHP vulnerabilities Ubuntu Security Notice USN-2984-1 24th May, 2016 php5, php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that the PHP Fileinfo component incorrectly handledcertain magic files. An attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP Zip extension incorrectlyhandled certain malformed Zip archives. A remote attacker could use thisissue to cause PHP to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS.(CVE-2016-3078) [ more… ]