ubuntu-usn

Ubuntu Security Notice USN-2838-1 16th December, 2015 cups-filters vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary cups-filters could be made to run programs as the lp user if it processed a specially crafted print job. Software description cups-filters – OpenPrinting CUPS Filters Details Adam Chester discovered that the cups-filters foomatic-rip filterincorrectly stripped shell escape characters. A remote attacker couldpossibly use this issue to execute arbitrary code as the lp user. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: cups-filters 1.0.76-1ubuntu0.2 Ubuntu 15.04: cups-filters 1.0.67-0ubuntu2.6 Ubuntu 14.04 LTS: cups-filters 1.0.52-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8560 Source: ubuntu-usn

Ubuntu Security Notice USN-2833-1 15th December, 2015 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman,Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henrettydiscovered multiple memory safety issues in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2015-7201, CVE-2015-7202) Ronald Crane discovered three buffer overflows through code inspection.If a user were tricked in to opening a specially crafted website, [ more… ]

Ubuntu Security Notice USN-2837-1 15th December, 2015 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled responses with malformedclass attributes. A remote attacker could use this issue to cause Bind tocrash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: bind9 1:9.9.5.dfsg-11ubuntu1.1 Ubuntu 15.04: bind9 1:9.9.5.dfsg-9ubuntu0.4 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.6 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8000 Source: ubuntu-usn

Ubuntu Security Notice USN-2836-1 15th December, 2015 grub2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GRUB password protection can be bypassed. Software description grub2 – GRand Unified Bootloader Details Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handledthe backspace key when configured to use authentication. A local attackercould use this issue to bypass GRUB password protection. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: grub2-common 2.02~beta2-29ubuntu0.2 Ubuntu 15.04: grub2-common 2.02~beta2-22ubuntu1.4 Ubuntu 14.04 LTS: grub2-common 2.02~beta2-9ubuntu1.6 Ubuntu 12.04 LTS: grub2-common 1.99-21ubuntu3.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2015-8370 Source: ubuntu-usn

Ubuntu Security Notice USN-2835-1 15th December, 2015 git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Git could be made to run programs as your login if it processed an untrusted repository. Software description git – fast, scalable, distributed revision control system Details Blake Burkhart discovered that the Git git-remote-ext helper incorrectlyhandled recursive clones of git repositories. A remote attacker couldpossibly use this issue to execute arbitrary code by injecting commandsvia crafted URLs. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: git 1:2.5.0-1ubuntu0.1 Ubuntu 15.04: git 1:2.1.4-2.1ubuntu0.1 Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.2 Ubuntu 12.04 LTS: git 1:1.7.9.5-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]