星球

RSS | RDF | ATOM

USN-3083-2: Linux kernel (Trusty HWE) vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3083-2


19th September, 2016


linux-lts-trusty vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 12.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-lts-trusty
    - Linux hardware enablement kernel from Trusty for Precise







Details


USN-3083-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.



Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel
did not properly handle options data, including a use-after-free. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-3841)



It was discovered that a race condition existed when handling heartbeat-
timeout events in the SCTP implementation of the Linux kernel. A remote
attacker could use this to cause a denial of service. (CVE-2015-8767)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 12.04 LTS:




linux-image-3.13.0-96-generic

3.13.0-96.143~precise1






linux-image-3.13.0-96-generic-lpae

3.13.0-96.143~precise1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2015-8767,

CVE-2016-3841


USN-3084-1: Linux kernel vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3084-1


19th September, 2016


linux vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux
    - Linux kernel







Details


Pengfei Wang discovered a race condition in the audit subsystem in the
Linux kernel. A local attacker could use this to corrupt audit logs or
disrupt system-call auditing. (CVE-2016-6136)



It was discovered that the powerpc and powerpc64 hypervisor-mode KVM
implementation in the Linux kernel for did not properly maintain state
about transactional memory. An unprivileged attacker in a guest could cause
a denial of service (CPU lockup) in the host OS. (CVE-2016-5412)



Pengfei Wang discovered a race condition in the Chrome OS embedded
controller device driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2016-6156)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




linux-image-4.4.0-38-powerpc64-emb

4.4.0-38.57






linux-image-4.4.0-38-powerpc64-smp

4.4.0-38.57






linux-image-4.4.0-38-generic

4.4.0-38.57






linux-image-4.4.0-38-powerpc-e500mc

4.4.0-38.57






linux-image-4.4.0-38-powerpc-smp

4.4.0-38.57






linux-image-4.4.0-38-lowlatency

4.4.0-38.57






linux-image-4.4.0-38-generic-lpae

4.4.0-38.57






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5412,

CVE-2016-6136,

CVE-2016-6156


USN-3084-2: Linux kernel (Xenial HWE) vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3084-2


19th September, 2016


linux-lts-xenial vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 14.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-lts-xenial
    - Linux hardware enablement kernel from Xenial for Trusty







Details


USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu
16.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
Ubuntu 14.04 LTS.



Pengfei Wang discovered a race condition in the audit subsystem in the
Linux kernel. A local attacker could use this to corrupt audit logs or
disrupt system-call auditing. (CVE-2016-6136)



It was discovered that the powerpc and powerpc64 hypervisor-mode KVM
implementation in the Linux kernel for did not properly maintain state
about transactional memory. An unprivileged attacker in a guest could cause
a denial of service (CPU lockup) in the host OS. (CVE-2016-5412)



Pengfei Wang discovered a race condition in the Chrome OS embedded
controller device driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2016-6156)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 14.04 LTS:




linux-image-4.4.0-38-powerpc64-emb

4.4.0-38.57~14.04.1






linux-image-4.4.0-38-generic

4.4.0-38.57~14.04.1






linux-image-4.4.0-38-powerpc-e500mc

4.4.0-38.57~14.04.1






linux-image-4.4.0-38-powerpc-smp

4.4.0-38.57~14.04.1






linux-image-4.4.0-38-lowlatency

4.4.0-38.57~14.04.1






linux-image-4.4.0-38-generic-lpae

4.4.0-38.57~14.04.1






linux-image-4.4.0-38-powerpc64-smp

4.4.0-38.57~14.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5412,

CVE-2016-6136,

CVE-2016-6156


USN-3084-3: Linux kernel (Raspberry Pi 2) vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3084-3


19th September, 2016


linux-raspi2 vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-raspi2
    - Linux kernel for Raspberry Pi 2







Details


Pengfei Wang discovered a race condition in the audit subsystem in the
Linux kernel. A local attacker could use this to corrupt audit logs or
disrupt system-call auditing. (CVE-2016-6136)



It was discovered that the powerpc and powerpc64 hypervisor-mode KVM
implementation in the Linux kernel for did not properly maintain state
about transactional memory. An unprivileged attacker in a guest could cause
a denial of service (CPU lockup) in the host OS. (CVE-2016-5412)



Pengfei Wang discovered a race condition in the Chrome OS embedded
controller device driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2016-6156)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




linux-image-4.4.0-1023-raspi2

4.4.0-1023.29






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5412,

CVE-2016-6136,

CVE-2016-6156


USN-3084-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3084-4


19th September, 2016


linux-snapdragon vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-snapdragon
    - Linux kernel for Snapdragon Processors







Details


Pengfei Wang discovered a race condition in the audit subsystem in the
Linux kernel. A local attacker could use this to corrupt audit logs or
disrupt system-call auditing. (CVE-2016-6136)



It was discovered that the powerpc and powerpc64 hypervisor-mode KVM
implementation in the Linux kernel for did not properly maintain state
about transactional memory. An unprivileged attacker in a guest could cause
a denial of service (CPU lockup) in the host OS. (CVE-2016-5412)



Pengfei Wang discovered a race condition in the Chrome OS embedded
controller device driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2016-6156)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




linux-image-4.4.0-1026-snapdragon

4.4.0-1026.29






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5412,

CVE-2016-6136,

CVE-2016-6156


USN-3085-1: GDK-PixBuf vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3085-1


21st September, 2016


gdk-pixbuf vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.





Software description





  • gdk-pixbuf
    - GDK-Pixbuf library











Details


It was discovered that the GDK-PixBuf library did not properly handle specially
crafted bmp images, leading to a heap-based buffer overflow. If a user or
automated system were tricked into opening a specially crafted bmp file, a
remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552)



It was discovered that the GDK-PixBuf library contained an integer overflow
when handling certain images. If a user or automated system were tricked into
opening a crafted image file, a remote attacker could use this flaw to cause
GDK-PixBuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8875)



Franco Costantini discovered that the GDK-PixBuf library contained an
out-of-bounds write error when parsing an ico file. If a user or automated
system were tricked into opening a crafted ico file, a remote attacker could
use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6352)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




libgdk-pixbuf2.0-0

2.32.2-1ubuntu1.2





Ubuntu 14.04 LTS:




libgdk-pixbuf2.0-0

2.30.7-0ubuntu1.6





Ubuntu 12.04 LTS:




libgdk-pixbuf2.0-0

2.26.1-1ubuntu1.5






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to restart your session to make
all the necessary changes.





References




CVE-2015-7552,

CVE-2015-8875,

CVE-2016-6352


USN-3086-1: Irssi vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3086-1


21st September, 2016


irssi vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Irssi could be made to crash if it received specially crafted network
traffic.





Software description





  • irssi
    - terminal based IRC client







Details


Gabriel Campana and Adrien Guinet discovered that the format parsing code
in Irssi did not properly verify 24bit color codes. A remote attacker could
use this to cause a denial of service (application crash). (CVE-2016-7044)



Gabriel Campana and Adrien Guinet discovered that a buffer overflow existed
in the format parsing code in Irssi. A remote attacker could use this to
cause a denial of service (application crash). (CVE-2016-7045)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




irssi

0.8.19-1ubuntu1.2






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to restart Irssi to make
all the necessary changes.





References




CVE-2016-7044,

CVE-2016-7045


USN-3087-1: OpenSSL vulnerabilities

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3087-1


22nd September, 2016


openssl vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


Several security issues were fixed in OpenSSL.





Software description





  • openssl
    - Secure Socket Layer (SSL) cryptographic library and tools











Details


Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)



Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)



César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-2016-2178)



Quan Luo discovered that OpenSSL did not properly restrict the lifetime
of queue entries in the DTLS implementation. A remote attacker could
possibly use this issue to consume memory, resulting in a denial of
service. (CVE-2016-2179)



Shi Lei discovered that OpenSSL incorrectly handled memory in the
TS_OBJ_print_bio() function. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2016-2180)



It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
feature. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-2181)



Shi Lei discovered that OpenSSL incorrectly validated division results. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-2182)



Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update moves DES from the HIGH cipher list to MEDIUM.
(CVE-2016-2183)



Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
A remote attacker could use this issue to cause a denial of service.
(CVE-2016-6302)



Shi Lei discovered that OpenSSL incorrectly handled memory in the
MDC2_Update() function. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-6303)



Shi Lei discovered that OpenSSL incorrectly performed certain message
length checks. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-6306)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




libssl1.0.0

1.0.2g-1ubuntu4.4





Ubuntu 14.04 LTS:




libssl1.0.0

1.0.1f-1ubuntu2.20





Ubuntu 12.04 LTS:




libssl1.0.0

1.0.1-4ubuntu5.37






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.





References




CVE-2016-2177,

CVE-2016-2178,

CVE-2016-2179,

CVE-2016-2180,

CVE-2016-2181,

CVE-2016-2182,

CVE-2016-2183,

CVE-2016-6302,

CVE-2016-6303,

CVE-2016-6304,

CVE-2016-6306


USN-3087-2: OpenSSL regression

2016/9/24 4:42:54 | Ubuntu security notices

Ubuntu Security Notice USN-3087-2


23rd September, 2016


openssl regression


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


USN-3087-1 introduced a regression in OpenSSL.





Software description





  • openssl
    - Secure Socket Layer (SSL) cryptographic library and tools











Details


USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was
incomplete and caused a regression when parsing certificates. This update
fixes the problem.



We apologize for the inconvenience.



Original advisory details:



Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)

Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)

César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-2016-2178)

Quan Luo discovered that OpenSSL did not properly restrict the lifetime
of queue entries in the DTLS implementation. A remote attacker could
possibly use this issue to consume memory, resulting in a denial of
service. (CVE-2016-2179)

Shi Lei discovered that OpenSSL incorrectly handled memory in the
TS_OBJ_print_bio() function. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2016-2180)

It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
feature. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-2181)

Shi Lei discovered that OpenSSL incorrectly validated division results. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-2182)

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update moves DES from the HIGH cipher list to MEDIUM.
(CVE-2016-2183)

Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
A remote attacker could use this issue to cause a denial of service.
(CVE-2016-6302)

Shi Lei discovered that OpenSSL incorrectly handled memory in the
MDC2_Update() function. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-6303)

Shi Lei discovered that OpenSSL incorrectly performed certain message
length checks. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-6306)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




libssl1.0.0

1.0.2g-1ubuntu4.5





Ubuntu 14.04 LTS:




libssl1.0.0

1.0.1f-1ubuntu2.21





Ubuntu 12.04 LTS:




libssl1.0.0

1.0.1-4ubuntu5.38






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.





References




LP: 1626883


USN-3058-1: Oxide vulnerabilities

2016/9/19 12:55:43 | Ubuntu security notices

Ubuntu Security Notice USN-3058-1


14th September, 2016


oxide-qt vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS





Summary


Several security issues were fixed in Oxide.





Software description





  • oxide-qt
    - Web browser engine for Qt (QML plugin)









Details


An issue was discovered in Blink involving the provisional URL for an
initially empty document. An attacker could potentially exploit this to
spoof the currently displayed URL. (CVE-2016-5141)



A use-after-free was discovered in the WebCrypto implementation in Blink.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5142)



It was discovered that the devtools subsystem in Blink mishandles various
parameters. An attacker could exploit this to bypass intended access
restrictions. (CVE-2016-5143, CVE-2016-5144)



It was discovered that Blink does not ensure that a taint property is
preserved after a structure-clone operation on an ImageBitmap object
derived from a cross-origin image. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass same origin restrictions. (CVE-2016-5145)



Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5146, CVE-2016-5167)



It was discovered that Blink mishandles deferred page loads. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-5147)



An issue was discovered in Blink related to widget updates. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-5148)



A use-after-free was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5150)



A use-after-free was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5153)



It was discovered that Chromium does not correctly validate access to the
initial document. An attacker could potentially exploit this to spoof the
currently displayed URL. (CVE-2016-5155)



A use-after-free was discovered in the event bindings in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5156)



A type confusion bug was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5161)



An issue was discovered with the devtools implementation. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2016-5164)



An issue was discovered with the devtools implementation. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2016-5165)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




liboxideqtcore0

1.17.7-0ubuntu0.16.04.1





Ubuntu 14.04 LTS:




liboxideqtcore0

1.17.7-0ubuntu0.14.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


In general, a standard system update will make all the necessary changes.





References




CVE-2016-5141,

CVE-2016-5142,

CVE-2016-5143,

CVE-2016-5144,

CVE-2016-5145,

CVE-2016-5146,

CVE-2016-5147,

CVE-2016-5148,

CVE-2016-5150,

CVE-2016-5153,

CVE-2016-5155,

CVE-2016-5156,

CVE-2016-5161,

CVE-2016-5164,

CVE-2016-5165,

CVE-2016-5167