星球

RSS | RDF | ATOM

USN-3090-2: Pillow regresssion

2016/10/4 5:28:40 | Ubuntu security notices

Ubuntu Security Notice USN-3090-2


30th September, 2016


Pillow regression


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 14.04 LTS







Software description





  • pillow
    - Python Imaging Library compatibility layer







Details


USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.



We apologize for the inconvenience.



Original advisory details:



It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)



Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)



Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 14.04 LTS:




python-imaging

2.3.0-1ubuntu3.3






python3-pil

2.3.0-1ubuntu3.3






python-pil

2.3.0-1ubuntu3.3






python3-imaging

2.3.0-1ubuntu3.3






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


None





References




CVE-2014-9601,

LP: 1628351


USN-3092-1: Samba vulnerability

2016/10/4 5:28:40 | Ubuntu security notices

Ubuntu Security Notice USN-3092-1


28th September, 2016


samba vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS





Summary


Samba could be tricked into connecting to impersonated servers.





Software description





  • samba
    - SMB/CIFS file, print, and login server for Unix









Details


Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a man in the
middle attack.



Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




samba

2:4.3.11+dfsg-0ubuntu0.16.04.1





Ubuntu 14.04 LTS:




samba

2:4.3.11+dfsg-0ubuntu0.14.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.





References




CVE-2016-2119


USN-3093-1: ClamAV vulnerabilities

2016/10/4 5:28:40 | Ubuntu security notices

Ubuntu Security Notice USN-3093-1


28th September, 2016


clamav vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


ClamAV could be made to crash or run programs if it processed a specially
crafted file.





Software description





  • clamav
    - Anti-virus utility for Unix











Details


It was discovered that ClamAV incorrectly handled certain malformed files.
A remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.



In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




clamav

0.99.2+dfsg-0ubuntu0.16.04.1





Ubuntu 14.04 LTS:




clamav

0.99.2+addedllvm-0ubuntu0.14.04.1





Ubuntu 12.04 LTS:




clamav

0.99.2+addedllvm-0ubuntu0.12.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.





References




CVE-2016-1371,

CVE-2016-1372,

CVE-2016-1405


USN-3094-1: Systemd vulnerability

2016/10/4 5:28:40 | Ubuntu security notices

Ubuntu Security Notice USN-3094-1


29th September, 2016


systemd vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


The system could be made unavailable under certain conditions.





Software description





  • systemd
    - system and service manager







Details


Andrew Ayer discovered that Systemd improperly handled zero-length
notification messages. A local unprivileged attacker could use
this to cause a denial of service (init crash leading to system
unavailability).



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




systemd

229-4ubuntu10






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


In general, a standard system update will make all the necessary changes.





References




LP: 1628687


USN-3073-1: Thunderbird vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3073-1


22nd September, 2016


thunderbird vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


Thunderbird could be made to crash or run programs as your login if it
opened a malicious message.





Software description





  • thunderbird
    - Mozilla Open Source mail and newsgroup client











Details


Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew
McCreight, and Phil Ringnalda discovered multiple memory safety issues in
Thunderbird. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2836)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




thunderbird

1:45.3.0+build1-0ubuntu0.16.04.2





Ubuntu 14.04 LTS:




thunderbird

1:45.3.0+build1-0ubuntu0.14.04.4





Ubuntu 12.04 LTS:




thunderbird

1:45.3.0+build1-0ubuntu0.12.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to restart Thunderbird to make
all the necessary changes.





References




CVE-2016-2836


USN-3076-1: Firefox vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3076-1


22nd September, 2016


firefox vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


Firefox could be made to crash or run programs as your login if it
opened a malicious website.





Software description





  • firefox
    - Mozilla Open Source web browser











Details


Atte Kettunen discovered an out-of-bounds read when handling certain
Content Security Policy (CSP) directives in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2016-2827)



Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas,
Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon
Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5256, CVE-2016-5257)



Atte Kettunen discovered a heap buffer overflow during text conversion
with some unicode characters. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5270)



Abhishek Arya discovered an out of bounds read during the processing of
text runs in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash. (CVE-2016-5271)



Abhishek Arya discovered a bad cast when processing layout with input
elements in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5272)



A crash was discovered in accessibility. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to execute arbitrary code. (CVE-2016-5273)



A use-after-free was discovered in web animations during restyling. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5274)



A buffer overflow was discovered when working with empty filters during
canvas rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5275)



A use-after-free was discovered in accessibility. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5276)



A use-after-free was discovered in web animations when destroying a
timeline. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5277)



A buffer overflow was discovered when encoding image frames to images in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5278)



Rafael Gieschke discovered that the full path of files is available to web
pages after a drag and drop operation. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2016-5279)



Mei Wang discovered a use-after-free when changing text direction. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5280)



Brian Carpenter discovered a use-after-free when manipulating SVG content
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5281)



Richard Newman discovered that favicons can be loaded through
non-whitelisted protocols, such as jar:. (CVE-2016-5282)



Gavin Sharp discovered a timing attack vulnerability involving document
resizes and link colours. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5283)



An issue was discovered with the preloaded Public Key Pinning (HPKP). If
a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
certificate for a Mozilla site, they could exploit this by providing
malicious addon updates. (CVE-2016-5284)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




firefox

49.0+build4-0ubuntu0.16.04.1





Ubuntu 14.04 LTS:




firefox

49.0+build4-0ubuntu0.14.04.1





Ubuntu 12.04 LTS:




firefox

49.0+build4-0ubuntu0.12.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to restart Firefox to make
all the necessary changes.





References




CVE-2016-2827,

CVE-2016-5256,

CVE-2016-5257,

CVE-2016-5270,

CVE-2016-5271,

CVE-2016-5272,

CVE-2016-5273,

CVE-2016-5274,

CVE-2016-5275,

CVE-2016-5276,

CVE-2016-5277,

CVE-2016-5278,

CVE-2016-5279,

CVE-2016-5280,

CVE-2016-5281,

CVE-2016-5282,

CVE-2016-5283,

CVE-2016-5284


USN-3081-1: Tomcat vulnerability

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3081-1


19th September, 2016


tomcat6, tomcat7, tomcat8 vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


The system could be made to run programs as an administrator.





Software description





  • tomcat6
    - Servlet and JSP engine





  • tomcat7
    - Servlet and JSP engine





  • tomcat8
    - Servlet and JSP engine







Details


Dawid Golunski discovered that the Tomcat init script incorrectly handled
creating log files. A remote attacker could possibly use this issue to
obtain root privileges. (CVE-2016-1240)



This update also reverts a change in behaviour introduced in USN-3024-1 by
setting mapperContextRootRedirectEnabled to True by default.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




libtomcat8-java

8.0.32-1ubuntu1.2






tomcat8

8.0.32-1ubuntu1.2





Ubuntu 14.04 LTS:




tomcat7

7.0.52-1ubuntu0.7






libtomcat7-java

7.0.52-1ubuntu0.7





Ubuntu 12.04 LTS:




libtomcat6-java

6.0.35-1ubuntu3.8






tomcat6

6.0.35-1ubuntu3.8






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


In general, a standard system update will make all the necessary changes.





References




CVE-2016-1240,

LP: 1609819


USN-3082-1: Linux kernel vulnerability

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3082-1


19th September, 2016


linux vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 12.04 LTS





Summary


The system could be made to run programs as an administrator.





Software description





  • linux
    - Linux kernel







Details


Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI
for ARM (OABI) had incomplete access checks for epoll_wait(2) and
semtimedop(2). A local attacker could use this to possibly execute
arbitrary code.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 12.04 LTS:




linux-image-3.2.0-110-generic

3.2.0-110.151






linux-image-3.2.0-110-omap

3.2.0-110.151






linux-image-3.2.0-110-powerpc-smp

3.2.0-110.151






linux-image-3.2.0-110-highbank

3.2.0-110.151






linux-image-3.2.0-110-powerpc64-smp

3.2.0-110.151






linux-image-3.2.0-110-virtual

3.2.0-110.151






linux-image-3.2.0-110-generic-pae

3.2.0-110.151






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-3857


USN-3082-2: Linux kernel (OMAP4) vulnerability

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3082-2


19th September, 2016


linux-ti-omap4 vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 12.04 LTS





Summary


The system could be made to run programs as an administrator.





Software description





  • linux-ti-omap4
    - Linux kernel for OMAP4







Details


Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI
for ARM (OABI) had incomplete access checks for epoll_wait(2) and
semtimedop(2). A local attacker could use this to possibly execute
arbitrary code.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 12.04 LTS:




linux-image-3.2.0-1488-omap4

3.2.0-1488.115






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-3857


USN-3083-1: Linux kernel vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3083-1


19th September, 2016


linux vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 14.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux
    - Linux kernel







Details


Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel
did not properly handle options data, including a use-after-free. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-3841)



It was discovered that a race condition existed when handling heartbeat-
timeout events in the SCTP implementation of the Linux kernel. A remote
attacker could use this to cause a denial of service. (CVE-2015-8767)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 14.04 LTS:




linux-image-3.13.0-96-powerpc-smp

3.13.0-96.143






linux-image-3.13.0-96-powerpc-e500mc

3.13.0-96.143






linux-image-3.13.0-96-powerpc64-smp

3.13.0-96.143






linux-image-3.13.0-96-generic

3.13.0-96.143






linux-image-3.13.0-96-generic-lpae

3.13.0-96.143






linux-image-3.13.0-96-powerpc-e500

3.13.0-96.143






linux-image-3.13.0-96-powerpc64-emb

3.13.0-96.143






linux-image-3.13.0-96-lowlatency

3.13.0-96.143






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2015-8767,

CVE-2016-3841