星球
Blog:Ubuntu security notices
最後更新: 2016/10/4 19:54:36
USN-3088-1: Bind vulnerability
Ubuntu Security Notice USN-3088-1
27th September, 2016
bind9 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Bind could be made to crash if it received specially crafted network
traffic.
Software description
- bind9
- Internet Domain Name Server
Details
It was discovered that Bind incorrectly handled building responses to
certain specially crafted requests. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
bind9
1:9.10.3.dfsg.P4-8ubuntu1.1
- Ubuntu 14.04 LTS:
bind9
1:9.9.5.dfsg-3ubuntu0.9
- Ubuntu 12.04 LTS:
bind9
1:9.8.1.dfsg.P1-4ubuntu0.17
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-3089-1: Django vulnerability
Ubuntu Security Notice USN-3089-1
27th September, 2016
python-django vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Django could be made to set arbitrary cookies.
Software description
- python-django
- High-level Python web development framework
Details
Sergey Bobrov discovered that Django incorrectly parsed cookies when being
used with Google Analytics. A remote attacker could possibly use this issue
to set arbitrary cookies leading to a CSRF protection bypass.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
python3-django
1.8.7-1ubuntu5.2
python-django
1.8.7-1ubuntu5.2
- Ubuntu 14.04 LTS:
python-django
1.6.1-2ubuntu0.15
- Ubuntu 12.04 LTS:
python-django
1.3.1-4ubuntu1.21
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-3090-1: Pillow vulnerabilities
Ubuntu Security Notice USN-3090-1
27th September, 2016
Pillow vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
Pillow could be made to crash if it received specially crafted input or opened
a specially crafted file.
Software description
- pillow
- Python Imaging Library compatibility layer
Details
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
python-imaging
2.3.0-1ubuntu3.2
python3-pil
2.3.0-1ubuntu3.2
python-pil
2.3.0-1ubuntu3.2
python3-imaging
2.3.0-1ubuntu3.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
CVE-2014-3589,
CVE-2014-9601,
CVE-2016-0740,
CVE-2016-0775,
CVE-2016-2533
USN-3090-2: Pillow regresssion
Ubuntu Security Notice USN-3090-2
30th September, 2016
Pillow regression
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Software description
- pillow
- Python Imaging Library compatibility layer
Details
USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
python-imaging
2.3.0-1ubuntu3.3
python3-pil
2.3.0-1ubuntu3.3
python-pil
2.3.0-1ubuntu3.3
python3-imaging
2.3.0-1ubuntu3.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
None
References
USN-3092-1: Samba vulnerability
Ubuntu Security Notice USN-3092-1
28th September, 2016
samba vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Samba could be tricked into connecting to impersonated servers.
Software description
- samba
- SMB/CIFS file, print, and login server for Unix
Details
Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a man in the
middle attack.
Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
samba
2:4.3.11+dfsg-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS:
samba
2:4.3.11+dfsg-0ubuntu0.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
USN-3093-1: ClamAV vulnerabilities
Ubuntu Security Notice USN-3093-1
28th September, 2016
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
ClamAV could be made to crash or run programs if it processed a specially
crafted file.
Software description
- clamav
- Anti-virus utility for Unix
Details
It was discovered that ClamAV incorrectly handled certain malformed files.
A remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
clamav
0.99.2+dfsg-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS:
clamav
0.99.2+addedllvm-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
clamav
0.99.2+addedllvm-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
USN-3094-1: Systemd vulnerability
Ubuntu Security Notice USN-3094-1
29th September, 2016
systemd vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
Summary
The system could be made unavailable under certain conditions.
Software description
- systemd
- system and service manager
Details
Andrew Ayer discovered that Systemd improperly handled zero-length
notification messages. A local unprivileged attacker could use
this to cause a denial of service (init crash leading to system
unavailability).
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
systemd
229-4ubuntu10
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-3073-1: Thunderbird vulnerabilities
Ubuntu Security Notice USN-3073-1
22nd September, 2016
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Thunderbird could be made to crash or run programs as your login if it
opened a malicious message.
Software description
- thunderbird
- Mozilla Open Source mail and newsgroup client
Details
Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew
McCreight, and Phil Ringnalda discovered multiple memory safety issues in
Thunderbird. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2836)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
thunderbird
1:45.3.0+build1-0ubuntu0.16.04.2
- Ubuntu 14.04 LTS:
thunderbird
1:45.3.0+build1-0ubuntu0.14.04.4
- Ubuntu 12.04 LTS:
thunderbird
1:45.3.0+build1-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References
USN-3076-1: Firefox vulnerabilities
Ubuntu Security Notice USN-3076-1
22nd September, 2016
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software description
- firefox
- Mozilla Open Source web browser
Details
Atte Kettunen discovered an out-of-bounds read when handling certain
Content Security Policy (CSP) directives in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2016-2827)
Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas,
Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon
Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5256, CVE-2016-5257)
Atte Kettunen discovered a heap buffer overflow during text conversion
with some unicode characters. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5270)
Abhishek Arya discovered an out of bounds read during the processing of
text runs in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash. (CVE-2016-5271)
Abhishek Arya discovered a bad cast when processing layout with input
elements in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5272)
A crash was discovered in accessibility. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to execute arbitrary code. (CVE-2016-5273)
A use-after-free was discovered in web animations during restyling. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5274)
A buffer overflow was discovered when working with empty filters during
canvas rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5275)
A use-after-free was discovered in accessibility. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5276)
A use-after-free was discovered in web animations when destroying a
timeline. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5277)
A buffer overflow was discovered when encoding image frames to images in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5278)
Rafael Gieschke discovered that the full path of files is available to web
pages after a drag and drop operation. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2016-5279)
Mei Wang discovered a use-after-free when changing text direction. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5280)
Brian Carpenter discovered a use-after-free when manipulating SVG content
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5281)
Richard Newman discovered that favicons can be loaded through
non-whitelisted protocols, such as jar:. (CVE-2016-5282)
Gavin Sharp discovered a timing attack vulnerability involving document
resizes and link colours. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5283)
An issue was discovered with the preloaded Public Key Pinning (HPKP). If
a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
certificate for a Mozilla site, they could exploit this by providing
malicious addon updates. (CVE-2016-5284)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
firefox
49.0+build4-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS:
firefox
49.0+build4-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
firefox
49.0+build4-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References
CVE-2016-2827,
CVE-2016-5256,
CVE-2016-5257,
CVE-2016-5270,
CVE-2016-5271,
CVE-2016-5272,
CVE-2016-5273,
CVE-2016-5274,
CVE-2016-5275,
CVE-2016-5276,
CVE-2016-5277,
CVE-2016-5278,
CVE-2016-5279,
CVE-2016-5280,
CVE-2016-5281,
CVE-2016-5282,
CVE-2016-5283,
CVE-2016-5284
USN-3081-1: Tomcat vulnerability
Ubuntu Security Notice USN-3081-1
19th September, 2016
tomcat6, tomcat7, tomcat8 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
The system could be made to run programs as an administrator.
Software description
- tomcat6
- Servlet and JSP engine
- tomcat7
- Servlet and JSP engine
- tomcat8
- Servlet and JSP engine
Details
Dawid Golunski discovered that the Tomcat init script incorrectly handled
creating log files. A remote attacker could possibly use this issue to
obtain root privileges. (CVE-2016-1240)
This update also reverts a change in behaviour introduced in USN-3024-1 by
setting mapperContextRootRedirectEnabled to True by default.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
libtomcat8-java
8.0.32-1ubuntu1.2
tomcat8
8.0.32-1ubuntu1.2
- Ubuntu 14.04 LTS:
tomcat7
7.0.52-1ubuntu0.7
libtomcat7-java
7.0.52-1ubuntu0.7
- Ubuntu 12.04 LTS:
libtomcat6-java
6.0.35-1ubuntu3.8
tomcat6
6.0.35-1ubuntu3.8
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.