1. Server >
  2. Unix Server

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese
Anzeige

Unix Server


Suchen

USN-3512-1: OpenSSL vulnerabilities

Unix Server vom 11.12.2017 um 21:21 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3512-1

11th December, 2017

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in OpenSSL.

Software description

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

David Benjamin discovered that OpenSSL did not correctly prevent
buggy applications that ignore handshake errors from subsequently calling
certain functions. (CVE-2017-3737)

It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery
multiplication procedure. While unlikely, a remote attacker could possibly
use this issue to recover private keys. (CVE-2017-3738)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libssl1.0.0 1.0.2g-1ubuntu13.3
Ubuntu 17.04:
libssl1.0.0 1.0.2g-1ubuntu11.4
Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2017-3737, CVE-2017-3738


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4063 pdns-recursor - security update

Unix Server vom 11.12.2017 um 01:00 Uhr | Quelle debian.org

Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4061 thunderbird - security update

Unix Server vom 10.12.2017 um 01:00 Uhr | Quelle debian.org

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4062 firefox-esr - security update

Unix Server vom 10.12.2017 um 01:00 Uhr | Quelle debian.org

It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4060 wireshark - security update

Unix Server vom 09.12.2017 um 01:00 Uhr | Quelle debian.org

It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3507-2: Linux kernel (GCP) vulnerabilities

Unix Server vom 08.12.2017 um 05:52 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3507-2

7th December, 2017

linux-gcp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)

Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-gke 4.13.0.1002.4
linux-image-4.13.0-1002-gcp 4.13.0-1002.5
linux-image-gcp 4.13.0.1002.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306, CVE-2017-15951, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3509-1: Linux kernel vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3509-1

7th December, 2017

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-powerpc-e500mc 4.4.0.103.108
linux-image-4.4.0-103-powerpc64-smp 4.4.0-103.126
linux-image-4.4.0-103-generic 4.4.0-103.126
linux-image-4.4.0-103-powerpc-e500mc 4.4.0-103.126
linux-image-4.4.0-1012-kvm 4.4.0-1012.17
linux-image-4.4.0-103-generic-lpae 4.4.0-103.126
linux-image-4.4.0-103-powerpc64-emb 4.4.0-103.126
linux-image-generic 4.4.0.103.108
linux-image-snapdragon 4.4.0.1081.73
linux-image-powerpc64-emb 4.4.0.103.108
linux-image-4.4.0-103-powerpc-smp 4.4.0-103.126
linux-image-4.4.0-1079-raspi2 4.4.0-1079.87
linux-image-aws 4.4.0.1043.45
linux-image-kvm 4.4.0.1012.12
linux-image-4.4.0-103-lowlatency 4.4.0-103.126
linux-image-raspi2 4.4.0.1079.79
linux-image-powerpc-smp 4.4.0.103.108
linux-image-generic-lpae 4.4.0.103.108
linux-image-4.4.0-1043-aws 4.4.0-1043.52
linux-image-powerpc64-smp 4.4.0.103.108
linux-image-4.4.0-1081-snapdragon 4.4.0-1081.86
linux-image-lowlatency 4.4.0.103.108

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3509-2

7th December, 2017

linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial 4.4.0.103.86
linux-image-powerpc64-emb-lts-xenial 4.4.0.103.86
linux-image-4.4.0-1005-aws 4.4.0-1005.5
linux-image-generic-lts-xenial 4.4.0.103.86
linux-image-4.4.0-103-powerpc64-smp 4.4.0-103.126~14.04.1
linux-image-lowlatency-lts-xenial 4.4.0.103.86
linux-image-4.4.0-103-powerpc-smp 4.4.0-103.126~14.04.1
linux-image-powerpc-e500mc-lts-xenial 4.4.0.103.86
linux-image-generic-lpae-lts-xenial 4.4.0.103.86
linux-image-4.4.0-103-powerpc64-emb 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-generic 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-generic-lpae 4.4.0-103.126~14.04.1
linux-image-powerpc64-smp-lts-xenial 4.4.0.103.86
linux-image-aws 4.4.0.1005.5
linux-image-4.4.0-103-powerpc-e500mc 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-lowlatency 4.4.0-103.126~14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3510-1: Linux kernel vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3510-1

7th December, 2017

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux - Linux kernel

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-3.13.0-137-powerpc-smp 3.13.0-137.186
linux-image-powerpc-smp 3.13.0.137.146
linux-image-powerpc-e500mc 3.13.0.137.146
linux-image-generic 3.13.0.137.146
linux-image-3.13.0-137-powerpc64-smp 3.13.0-137.186
linux-image-3.13.0-137-powerpc64-emb 3.13.0-137.186
linux-image-powerpc64-emb 3.13.0.137.146
linux-image-3.13.0-137-generic 3.13.0-137.186
linux-image-generic-lpae 3.13.0.137.146
linux-image-powerpc-e500 3.13.0.137.146
linux-image-powerpc64-smp 3.13.0.137.146
linux-image-3.13.0-137-generic-lpae 3.13.0-137.186
linux-image-3.13.0-137-powerpc-e500mc 3.13.0-137.186
linux-image-3.13.0-137-powerpc-e500 3.13.0-137.186
linux-image-lowlatency 3.13.0.137.146
linux-image-3.13.0-137-lowlatency 3.13.0-137.186

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3508-2: Linux kernel (HWE) vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3508-2

7th December, 2017

linux-hwe vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Yonggang Guo discovered that a race condition existed in the driver
subsystem in the Linux kernel. A local attacker could use this to possibly
gain administrative privileges. (CVE-2017-12146)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-4.10.0-42-generic-lpae 4.10.0-42.46~16.04.1
linux-image-4.10.0-42-generic 4.10.0-42.46~16.04.1
linux-image-generic-hwe-16.04 4.10.0.42.44
linux-image-lowlatency-hwe-16.04 4.10.0.42.44
linux-image-4.10.0-42-lowlatency 4.10.0-42.46~16.04.1
linux-image-generic-lpae-hwe-16.04 4.10.0.42.44

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3508-1: Linux kernel vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3508-1

7th December, 2017

linux, linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux - Linux kernel
  • linux-raspi2 - Linux kernel for Raspberry Pi 2

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Yonggang Guo discovered that a race condition existed in the driver
subsystem in the Linux kernel. A local attacker could use this to possibly
gain administrative privileges. (CVE-2017-12146)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
linux-image-4.10.0-42-generic-lpae 4.10.0-42.46
linux-image-generic-lpae 4.10.0.42.42
linux-image-4.10.0-42-generic 4.10.0-42.46
linux-image-4.10.0-1023-raspi2 4.10.0-1023.26
linux-image-generic 4.10.0.42.42
linux-image-4.10.0-42-lowlatency 4.10.0-42.46
linux-image-lowlatency 4.10.0.42.42
linux-image-raspi2 4.10.0.1023.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3510-2: Linux kernel (Trusty HWE) vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3510-2

7th December, 2017

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM

Details

USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-137-generic 3.13.0-137.186~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.137.127
linux-image-3.13.0-137-generic-lpae 3.13.0-137.186~precise1
linux-image-generic-lts-trusty 3.13.0.137.127

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3511-1: Linux kernel (Azure) vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3511-1

7th December, 2017

linux-azure vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-azure - Linux kernel for Microsoft Azure Cloud systems

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-azure 4.11.0.1016.16
linux-image-4.11.0-1016-azure 4.11.0-1016.16

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3507-1: Linux kernel vulnerabilities

Unix Server vom 08.12.2017 um 01:54 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3507-1

7th December, 2017

linux, linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux - Linux kernel
  • linux-raspi2 - Linux kernel for Raspberry Pi 2

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)

Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did
not properly validate USB BOS metadata. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16535)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
linux-image-4.13.0-19-generic 4.13.0-19.22
linux-image-4.13.0-19-generic-lpae 4.13.0-19.22
linux-image-generic-lpae 4.13.0.19.20
linux-image-4.13.0-19-lowlatency 4.13.0-19.22
linux-image-generic 4.13.0.19.20
linux-image-4.13.0-1008-raspi2 4.13.0-1008.8
linux-image-lowlatency 4.13.0.19.20
linux-image-raspi2 4.13.0.1008.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306, CVE-2017-15951, CVE-2017-16535, CVE-2017-16643, CVE-2017-16939


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4057 erlang - security update

Unix Server vom 08.12.2017 um 01:00 Uhr | Quelle debian.org

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4058 optipng - security update

Unix Server vom 08.12.2017 um 01:00 Uhr | Quelle debian.org

Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4059 libxcursor - security update

Unix Server vom 08.12.2017 um 01:00 Uhr | Quelle debian.org

It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

StorageCrypt: Ransomware infiziert NAS-Geräte via SambaCry-Lücke

Unix Server vom 07.12.2017 um 17:34 Uhr | Quelle google.com
SambaCry (CVE-2017-7494) ist eine Schwachstelle in der Unix-Umsetzung des Filesharing-Protokolls SMB in Samba-Versionen ab 3.5.0. ... StorageCrypt ist nicht die erste Malware, die SambaCry als Angriffsvektor nutzt: Unter anderem brach bereits im Juni ein Trojaner in Linux-Server ein, um deren ...
1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3506-2: rsync vulnerabilities

Unix Server vom 07.12.2017 um 16:10 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3506-2

7th December, 2017

rsync vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in rsync.

Software description

  • rsync - fast, versatile, remote (and local) file-copying tool

Details

USN-3506-1 fixed two vulnerabilities in rsync. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that rsync proceeds with certain file metadata updates
before checking for a filename. An attacker could use this to bypass access
restrictions. (CVE-2017-17433)

It was discovered that rsync does not check for fnamecmp filenames and also
does not apply the sanitize_paths protection mechanism to pathnames. An attacker
could use this to bypass access restrictions. (CVE-2017-17434)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
rsync 3.0.9-1ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-17433, CVE-2017-17434


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3506-1: rsync vulnerabilities

Unix Server vom 07.12.2017 um 14:53 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3506-1

7th December, 2017

rsync vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in rsync.

Software description

  • rsync - fast, versatile, remote (and local) file-copying tool

Details

It was discovered that rsync proceeds with certain file metadata updates
before checking for a filename. An attacker could use this to bypass access
restrictions. (CVE-2017-17433)

It was discovered that rsync does not check for fnamecmp filenames and also
does not apply the sanitize_paths protection mechanism to pathnames. An attacker
could use this to bypass access restrictions. (CVE-2017-17434)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
rsync 3.1.2-2ubuntu0.1
Ubuntu 17.04:
rsync 3.1.2-1ubuntu0.1
Ubuntu 16.04 LTS:
rsync 3.1.1-3ubuntu1.1
Ubuntu 14.04 LTS:
rsync 3.1.0-2ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-17433, CVE-2017-17434


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4055 heimdal - security update

Unix Server vom 07.12.2017 um 01:00 Uhr | Quelle debian.org

Michael Eder and Thomas Kittel discovered that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service (crash of the KDC daemon) by sending maliciously crafted packets.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4056 nova - security update

Unix Server vom 07.12.2017 um 01:00 Uhr | Quelle debian.org

George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3505-1: Linux firmware vulnerabilities

Unix Server vom 06.12.2017 um 08:51 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3505-1

6th December, 2017

linux-firmware vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in linux-firmware.

Software description

  • linux-firmware - Firmware for Linux kernel drivers

Details

Mathy Vanhoef discovered that the firmware for several Intel WLAN
devices incorrectly handled WPA2 in relation to Wake on WLAN. A
remote attacker could use this issue with key reinstallation attacks
to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
linux-firmware 1.169.1
Ubuntu 17.04:
linux-firmware 1.164.2
Ubuntu 16.04 LTS:
linux-firmware 1.157.14
Ubuntu 14.04 LTS:
linux-firmware 1.127.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2017-13080, CVE-2017-13081


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3504-2: libxml2 vulnerability

Unix Server vom 05.12.2017 um 16:51 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3504-2

5th December, 2017

libxml2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

curl could be made to crash if it received specially crafted input.

Software description

  • libxml2 - GNOME XML library

Details

USN-3504-1 fixed a vulnerability in libxml2. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed XML
data to cause libxml2 to consume resources, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.19
libxml2-utils 2.7.8.dfsg-5.1ubuntu4.19
python-libxml2 2.7.8.dfsg-5.1ubuntu4.19

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-16932


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3504-1: libxml2 vulnerability

Unix Server vom 05.12.2017 um 15:36 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3504-1

5th December, 2017

libxml2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

libxml2 could be made to crash if it opened a specially crafted file.

Software description

  • libxml2 - GNOME XML library

Details

Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed XML
data to cause libxml2 to consume resources, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libxml2 2.9.4+dfsg1-4ubuntu1.1
libxml2-utils 2.9.4+dfsg1-4ubuntu1.1
python-libxml2 2.9.4+dfsg1-4ubuntu1.1
python3-libxml2 2.9.4+dfsg1-4ubuntu1.1
Ubuntu 17.04:
libxml2 2.9.4+dfsg1-2.2ubuntu0.2
libxml2-utils 2.9.4+dfsg1-2.2ubuntu0.2
python-libxml2 2.9.4+dfsg1-2.2ubuntu0.2
python3-libxml2 2.9.4+dfsg1-2.2ubuntu0.2
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.4
libxml2-utils 2.9.3+dfsg1-1ubuntu0.4
python-libxml2 2.9.3+dfsg1-1ubuntu0.4
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.11
libxml2-utils 2.9.1+dfsg1-3ubuntu4.11
python-libxml2 2.9.1+dfsg1-3ubuntu4.11

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-16932


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Seven blog: CentOS Atomic Host 7.1711 Available for Download

Unix Server vom 05.12.2017 um 05:24 Uhr | Quelle seven.centos.org

Last week, the CentOS Atomic SIG released an updated version of CentOS Atomic Host (7.1711), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

This release rolls up a handful of minor CentOS updates from the past month. The core Atomic component versions are unchanged from those in the previous release (7.1710).

CentOS Atomic Host includes these core component versions:

  • atomic-1.19.1-5.git48c224b.el7.centos.x86_64
  • cloud-init-0.7.9-9.el7.centos.2.x86_64
  • docker-1.12.6-61.git85d7426.el7.centos.x86_64
  • etcd-3.2.7-1.el7.x86_64
  • flannel-0.7.1-2.el7.x86_64
  • kernel-3.10.0-693.5.2.el7.x86_64
  • kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64
  • ostree-2017.11-1.el7.x86_64
  • rpm-ostree-client-2017.9-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you're running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they're rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you'd like to work on testing images, help with packaging, documentation -- join us!

The SIG meets every two weeks as part of the Project Atomic community meeting at 16:00 UTC on Monday in the #atomic channel. You'll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you'd like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3503-1: Evince vulnerability

Unix Server vom 04.12.2017 um 17:22 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3503-1

4th December, 2017

evince vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Evince could be made to run programs if it printed a specially crafted file.

Software description

  • evince - Document viewer

Details

It was discovered that Evince incorrectly handled printing certain DVI
files. If a user were tricked into opening and printing a specially-named
DVI file, an attacker could use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
evince 3.24.0-0ubuntu1.3
evince-common 3.24.0-0ubuntu1.3
Ubuntu 16.04 LTS:
evince 3.18.2-1ubuntu4.3
evince-common 3.18.2-1ubuntu4.3
Ubuntu 14.04 LTS:
evince 3.10.3-0ubuntu10.4
evince-common 3.10.3-0ubuntu10.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-1000159


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3498-2: curl vulnerability

Unix Server vom 04.12.2017 um 17:22 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3498-2

4th December, 2017

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

curl could be made to crash if it received specially crafted input.

Software description

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

USN-3498-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that curl incorrectly handled FTP wildcard matching. A
remote attacker could use this issue to cause curl to crash, resulting in a
denial of service, or possibly obtain sensitive information.
(CVE-2017-8817)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
libcurl3-nss 7.22.0-3ubuntu4.19
curl 7.22.0-3ubuntu4.19
libcurl3-gnutls 7.22.0-3ubuntu4.19
libcurl3 7.22.0-3ubuntu4.19

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-8817


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4054 tor - security update

Unix Server vom 03.12.2017 um 01:00 Uhr | Quelle debian.org

Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3477-3: Firefox regressions

Unix Server vom 01.12.2017 um 19:51 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3477-3

1st December, 2017

firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

USN-3477-1 caused some minor regressions in Firefox.

Software description

  • firefox - Mozilla Open Source web browser

Details

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problems.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, read uninitialized
memory, obtain sensitive information, bypass same-origin restrictions,
bypass CSP protections, bypass mixed content blocking, spoof the
addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827,
CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833,
CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842)

It was discovered that javascript: URLs pasted in to the addressbar
would be executed instead of being blocked in some circumstances. If a
user were tricked in to copying a specially crafted URL in to the
addressbar, an attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2017-7839)

It was discovered that exported bookmarks do not strip script elements
from user-supplied tags. If a user were tricked in to adding specially
crafted tags to bookmarks, exporting them and then opening the resulting
HTML file, an attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2017-7840)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
firefox 57.0.1+build2-0ubuntu0.17.10.1
Ubuntu 17.04:
firefox 57.0.1+build2-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
firefox 57.0.1+build2-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 57.0.1+build2-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 1735801


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3490-1: Thunderbird vulnerabilities

Unix Server vom 01.12.2017 um 16:21 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3490-1

1st December, 2017

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing-like
context, an attacker could potentially exploit these to bypass same-origin
restrictions, cause a denial of service via application crash, or execute
arbitrary code. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
thunderbird 1:52.5.0+build1-0ubuntu0.17.10.1
Ubuntu 17.04:
thunderbird 1:52.5.0+build1-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
thunderbird 1:52.5.0+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
thunderbird 1:52.5.0+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2017-7826, CVE-2017-7828, CVE-2017-7830


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4053 exim4 - security update

Unix Server vom 30.11.2017 um 01:00 Uhr | Quelle debian.org

Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues:


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3499-1: Exim vulnerability

Unix Server vom 29.11.2017 um 21:07 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3499-1

29th November, 2017

exim4 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04

Summary

Exim could be made to crash if it received specially crafted network traffic.

Software description

  • exim4 - Exim is a mail transport agent

Details

It was discovered that Exim incorrectly handled certain BDAT data headers.
A remote attacker could possibly use this issue to cause Exim to crash,
resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
exim4-daemon-heavy 4.89-5ubuntu1.2
exim4-daemon-light 4.89-5ubuntu1.2
Ubuntu 17.04:
exim4-daemon-heavy 4.88-5ubuntu1.3
exim4-daemon-light 4.88-5ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-16944


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3500-1: libXfont vulnerability

Unix Server vom 29.11.2017 um 21:07 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3500-1

29th November, 2017

libxfont, libxfont1, libxfont2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

libXfont could be made to access arbitrary files, including special device files.

Software description

  • libxfont - X11 font rasterisation library
  • libxfont1 - X11 font rasterisation library
  • libxfont2 - X11 font rasterisation library

Details

It was discovered that libXfont incorrectly followed symlinks when opening
font files. A local unprivileged user could use this issue to cause the X
server to access arbitrary files, including special device files.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libxfont1 1:1.5.2-4ubuntu1.1
libxfont2 1:2.0.1-3ubuntu1.1
Ubuntu 17.04:
libxfont1 1:1.5.2-4ubuntu0.2
libxfont2 1:2.0.1-3ubuntu0.2
Ubuntu 16.04 LTS:
libxfont1 1:1.5.1-1ubuntu0.16.04.4
libxfont2 1:2.0.1-3~ubuntu16.04.3
Ubuntu 14.04 LTS:
libxfont1 1:1.4.7-1ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2017-16611


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3501-1: libxcursor vulnerability

Unix Server vom 29.11.2017 um 21:06 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-3501-1

29th November, 2017

libxcursor vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

libxcursor could be made to crash or run programs if it opened a specially crafted file.

Software description

  • libxcursor - X11 cursor management library

Details

It was discovered that libxcursor incorrectly handled certain files. An
attacker could use these issues to cause libxcursor to crash, resulting in
a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libxcursor1 1:1.1.14-3ubuntu0.1
Ubuntu 17.04:
libxcursor1 1:1.1.14-1ubuntu0.17.04.1
Ubuntu 16.04 LTS:
libxcursor1 1:1.1.14-1ubuntu0.16.04.1
Ubuntu 14.04 LTS:
libxcursor1 1:1.1.14-1ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2017-16612


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Seitennavigation

Seite 1 von 50 Seiten (Bei Beitrag 1 - 35)
1.720x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite