You are here

Hírolvasó

USN-3432-1: ca-certificates update

Ubuntu security notices - 2017.10.02, h - 21:03
Ubuntu Security Notice USN-3432-1

2nd October, 2017

ca-certificates update

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

ca-certificates was updated to the 20170717 package.

Software description
  • ca-certificates - Common CA certificates
Details

The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20170717
package.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
ca-certificates 20170717~17.04.1
Ubuntu 16.04 LTS:
ca-certificates 20170717~16.04.1
Ubuntu 14.04 LTS:
ca-certificates 20170717~14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1719851

Kategóriák: Securiy

USN-3431-1: NSS vulnerability

Ubuntu security notices - 2017.10.02, h - 21:03
Ubuntu Security Notice USN-3431-1

2nd October, 2017

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

NSS could be made to crash or run programs if it received specially crafted network traffic.

Software description
  • nss - Network Security Service library
Details

Martin Thomson discovered that NSS incorrectly generated handshake hashes.
A remote attacker could use this issue to cause NSS to crash, resulting in
a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libnss3 2:3.28.4-0ubuntu0.17.04.3
Ubuntu 16.04 LTS:
libnss3 2:3.28.4-0ubuntu0.16.04.3
Ubuntu 14.04 LTS:
libnss3 2:3.28.4-0ubuntu0.14.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References

CVE-2017-7805

Kategóriák: Securiy

Mit várhatunk az Ubuntu 17.10-től?

Ubuntu magyar közösség - 2017.09.29, p - 14:01

A mai nap folyamán megjelent a fejlesztés alatt álló Ubuntu 17.10, az Artful Aardvark kódnevű kiadás bétája. A végleges kiadásig már kevesebb, mint három hét van, hiszen október 19-én jelenik meg, így érdemes megnézni mit is várhatunk az új verziótól. Aki kicsit is követi az Ubuntus híreket, az már biztosan hallotta, hogy a Canonical áprilisban bejelentette, hogy dobja a Unity-t és visszatér a gyökereihez, a GNOME-hoz. A bejelentést vegyes érzelmekkel fogadták, de az biztos, hogy egy igen izgalmas kiadással találkozhatunk októberben. Azoknak sem kell félniük, akik évek óta Ubuntut, azon felül is Unity-t használnak. A Canonical ezt a félévet azzal töltötte, hogy próbálta minél zökkenőmentesebbé tenni a váltást. Nézzük meg mennyire sikerült nekik.


Kattins a nagyobb méretért!

A fenti képen a jelenlegi kiadás látható. A baloldali indítót egy új, a népszerű Dash to Dock Gnome Shell kiegészítőből készült saját indítópanel veszi át, amely nagyon hajaz a Unityből megszokottra. Ugyanúgy mindig látható, kivéve, ha engedélyezzük az automatikus elrejtést a beállításokból. A felső panel is nagyon hasonló a megszokotthoz, innen GNOME alatt alapértelmezetten száműzve lettek az indikátorok, de a Canonical egy másik bővítmény, a TopIcon Plus segítségével visszahozza ezeket. A háttér a megszokott egy variánsa, viszont visszatért egy régi szokás, hogy a kiadás kódnevét adó kabala is bele van csempészve. Hogy mennyire sikerült jóra, azt mindenki döntse el maga.


Kattints a nagyobb méretért!

A megszokott értesítésszámlálótól, illetve az állapotjelzőtől sem kell elbúcsúznunk. A fejlesztők elkészítették a módosításokat, majd vissza is juttatták ezeket az alapot szolgáltató bővítmény fejlesztőjéhez. Apró változás, hogy a Dash-t kinyitó gomb, fentről alulra került. Illetve itt jön egy még nagyobb módosítás, nem a megszokott Dash fogad minket, hanem a GNOME-hoz készített még intelligensebb variánsa. Sokkal okosabb a keresés, illetve letisztultabb a megjelenés.


Kattints a nagyobb méretért!

Jogosan merülhet fel a kérdés, ha ennyi minden hasonló, akkor mi különbözik a Unity-től? Sajnos néhány nagyon hasznos dologról le kell mondanunk. Ez az alt billentyűre megnyíló HUD, mely segített az alkalmazások menüiben egyszerűen megkeresni a kívánt menüpontot, illetve a Global Menü, melynek segítségével a felső panelra varázsolhattuk az ablakok menüsorát. Aki túl tud lépni ezeken a hiányosságokon, annak az Ubuntu 17.10 más fronton nem fog csalódást okozni.

A váltás következtében a bejelentkezésért és képernyőzárolásért felelős LightDM és Unity Greeter is lecserélésre került, helyüket a régről ismerős GDM veszi át, annak is a 3-as verziója. A új verzió a GNOME 3.26-os legfrissebb kiadásával érkezik. Továbbá, ha nem szeretnénk az Ubuntu módosításait használni, lehetőségünk van az alap GNOME élmény beállítására, ehhez mindössze a gnome-session csomagot kell telepíteni és kiválasztani induláskor.


Kattints a nagyobb méretért!

Igazából itt sem lehet rossz a szájízünk, hiszen a GDM3 is több területen nyújt sokkal többet, mint elődje. A szokásos funkciókon, mint be-kijelentkezés, felhasználó- vagy munkamenetváltás mellett még meg tudja jeleníteni az értesítéseket is, mely funkció kikapcsolható az adatvédelmi beállítások alatt. Emellett zenehallgatás esetén a zene kezeléséhez szükséges gombok, illetve a szám információ is látszódnak a zárképernyőn.


Kattints a nagyobb méretért!

A kiadás érdekessége továbbá, hogy több év után visszakerültek az ablak gombok a jobb oldalra. Többször is kikérte a felhasználók véleményét erről a Canonical, és eléggé egál közeli volt mindig az eredmény, talán egy picit több jobb szavazattal. Végül a döntésnek a végső lökést az adta meg, hogy szeretnének minél közelebb maradni az eredeti GNOME-hoz. Az Ubuntu 17.10 a 4.13-as Linux kernellel fog érkezni, amely számos fronton mutat javulást az elődeihez képest. Fontos továbbá megemlíteni, hogy ez a kiadás lesz az első, ahol már nem lesz elérhető 32 bites lemezkép. Frissítéskor ez nem okoz problémát, viszont új rendszert 32 bites Ubuntuval már csak a minimal vagy net install lemezképek segítségével lesz lehetőségünk telepíteni. Végül a kiadás egyik legnagyobb érdekessége, a Canonical gondolt egy merészet és az eddigi X11 helyett a Wayland-et tette meg alapértelmezett munkamenetnek. Nem kell megijedni, jobb esetben az egyszerű felhasználó el sem tudja dönteni, hogy melyik munkamenetben van, amíg csak egyszerűbb dolgokra használja a számítógépét. Ha valaki mégis problémákat tapasztal, csak bejelentkezéskor válassza az X11-es munkamenetet. Zárt videokártya illesztőprogram telepítésekor automatikusa elvált a rendszer Wayland-ről, hiszen ezen zárt meghajtók még nem támogatják. A lépést a cég azzal indokolta, hogy a következő hosszan támogatott kiadásra szeretné a hibák zömét kijavítani és egy stabil rendszert adni a felhasználók kezébe. Erre pedig ez a köztes kiadás tökéletes lehetőséget biztosít. Egyébként más disztrók is meglépték ezt, már jóval korábban.
Végül ha valaki mégis a Unity-t szeretné használni, arra is meg van a lehetősége, a tárolókból elérhető a 7-es változat legfrissebb kiadása, viszont új funkciókra ne számítson, biztonsági frissítésekre, hibajavításokra is maximum a jelenlegi hosszan támogatott változat, a 16.04 életciklusa alatt.

A hírben felhasznált képek és információk az OMG!Ubuntu ezen cikkéből származnak.

Ubuntu 17.10 (Artful Aardvark) Beta 2

Ubuntu magyar közösség - 2017.09.29, p - 12:05

Ma bejelentették az Ubuntu következő kiadásának a második béta verzióját.

https://lists.ubuntu.com/archives/ubuntu-announce/2017-September/000225....

Nem csak az alap Ubuntu jelent meg, hanem a Kubuntu, Lubuntu, Budgie, UbuntuKylin, Ubuntu MATE, Ubuntu Studio és Xubuntu változatok is.

Aki frissíteni szeretné rendszerét erre a verzióra, itt talál információt:
https://help.ubuntu.com/community/ArtfulUpgrades

Letölteni itt lehet: http://releases.ubuntu.com/17.10/
Desktop lemezkép már csak 64 bites verzióban érhető el. A szerver még mindkét változatban elérhető.

A kiadási megjegyzéseket itt olvashatjátok:
https://wiki.ubuntu.com/ArtfulAardvark/ReleaseNotes

A különböző Ubuntu-verziók szintén letölthetőek itt: http://cdimage.ubuntu.com/

USN-3429-1: Libplist vulnerability

Ubuntu security notices - 2017.09.26, k - 01:24
Ubuntu Security Notice USN-3429-1

25th September, 2017

libplist vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Libplist could be made to crash if it opened a specially crafted file.

Software description
  • libplist - Library for handling Apple binary and XML property lists
Details

Wang Junjie discovered that Libplist incorrectly handled certain files.
If a user were tricked into opening a crafted file, an attacker could possibly
use this to cause a crash or denial or service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
python-plist 1.12-3.1ubuntu0.17.04.1
libplist3 1.12-3.1ubuntu0.17.04.1
libplist-utils 1.12-3.1ubuntu0.17.04.1
Ubuntu 16.04 LTS:
python-plist 1.12-3.1ubuntu0.16.04.1
libplist3 1.12-3.1ubuntu0.16.04.1
libplist-utils 1.12-3.1ubuntu0.16.04.1
Ubuntu 14.04 LTS:
libplist1 1.10-1ubuntu0.1
libplist-utils 1.10-1ubuntu0.1
python-plist 1.10-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-7982

Kategóriák: Securiy

USN-3428-1: Emacs vulnerability

Ubuntu security notices - 2017.09.22, p - 03:53
Ubuntu Security Notice USN-3428-1

21st September, 2017

emacs25 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Emacs could be made to run programs as your login if it opened a specially crafted file.

Software description
  • emacs25 - GNU Emacs editor
Details

Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file (e.g., email
messages in gnus), an attacker could possibly use this to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
emacs25 25.1+1-3ubuntu4.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14482

Kategóriák: Securiy

USN-3427-1: Emacs vulnerability

Ubuntu security notices - 2017.09.22, p - 00:31
Ubuntu Security Notice USN-3427-1

21st September, 2017

emacs24 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Emacs could be made to run programs as your login if it opened a specially crafted file.

Software description
  • emacs24 - GNU Emacs editor
Details

Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
emacs24 24.5+1-6ubuntu1.1
Ubuntu 14.04 LTS:
emacs24 24.3+1-2ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14482

Kategóriák: Securiy

USN-3426-1: Samba vulnerabilities

Ubuntu security notices - 2017.09.21, cs - 21:20
Ubuntu Security Notice USN-3426-1

21st September, 2017

samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Samba could be made to expose sensitive information over the network.

Software description
  • samba - SMB/CIFS file, print, and login server for Unix
Details

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a man
in the middle attack. (CVE-2017-12150)

Stefan Metzmacher discovered that Samba incorrectly handled encryption
across DFS redirects. A remote attacker could use this issue to perform a
man in the middle attack. (CVE-2017-12151)

Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
samba 2:4.5.8+dfsg-0ubuntu0.17.04.7
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.11
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-12150, CVE-2017-12151, CVE-2017-12163

Kategóriák: Securiy

USN-3414-2: QEMU regression

Ubuntu security notices - 2017.09.21, cs - 01:18
Ubuntu Security Notice USN-3414-2

20th September, 2017

qemu regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

USN-3414-1 introduced a regression in QEMU.

Software description
  • qemu - Machine emulator and virtualizer
Details

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for
CVE-2017-9375 was incomplete and caused a regression in the USB xHCI
controller emulation support. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control.
A guest attacker could use this issue to elevate privileges inside the
guest. (CVE-2017-7493)

Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.
A privileged attacker inside the guest could use this issue to cause QEMU
to consume resources or crash, resulting in a denial of service.
(CVE-2017-8112)

It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host
Bus Adapter emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly to obtain sensitive host memory. This issue only affected Ubuntu
16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An
attacker inside the guest could use this issue to cause QEMU to consume
resources and crash, resulting in a denial of service. This issue only
affected Ubuntu 17.04. (CVE-2017-9060)

Li Qiang discovered that QEMU incorrectly handled the e1000e device. A
privileged attacker inside the guest could use this issue to cause QEMU to
hang, resulting in a denial of service. This issue only affected Ubuntu
17.04. (CVE-2017-9310)

Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation
support. An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2017-9330)

Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9373)

Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9374)

Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)

Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2
Host Bus Adapter emulation support. A privileged attacker inside the guest
could use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2017-9503)

It was discovered that the QEMU qemu-nbd server incorrectly handled
initialization. A remote attacker could use this issue to cause the server
to crash, resulting in a denial of service. (CVE-2017-9524)

It was discovered that the QEMU qemu-nbd server incorrectly handled
signals. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2017-10664)

Li Qiang discovered that the QEMU USB redirector incorrectly handled
logging debug messages. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)

Anthony Perard discovered that QEMU incorrectly handled Xen block-interface
responses. An attacker inside the guest could use this issue to cause QEMU
to leak contents of host memory. (CVE-2017-10911)

Reno Robert discovered that QEMU incorrectly handled certain DHCP options
strings. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2017-11434)

Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device
drives. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
qemu-system-misc 1:2.8+dfsg-3ubuntu2.5
qemu-system-s390x 1:2.8+dfsg-3ubuntu2.5
qemu-system 1:2.8+dfsg-3ubuntu2.5
qemu-system-aarch64 1:2.8+dfsg-3ubuntu2.5
qemu-system-x86 1:2.8+dfsg-3ubuntu2.5
qemu-system-sparc 1:2.8+dfsg-3ubuntu2.5
qemu-system-arm 1:2.8+dfsg-3ubuntu2.5
qemu-system-ppc 1:2.8+dfsg-3ubuntu2.5
qemu-system-mips 1:2.8+dfsg-3ubuntu2.5
Ubuntu 16.04 LTS:
qemu-system-misc 1:2.5+dfsg-5ubuntu10.16
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.16
qemu-system 1:2.5+dfsg-5ubuntu10.16
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.16
qemu-system-x86 1:2.5+dfsg-5ubuntu10.16
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.16
qemu-system-arm 1:2.5+dfsg-5ubuntu10.16
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.16
qemu-system-mips 1:2.5+dfsg-5ubuntu10.16
Ubuntu 14.04 LTS:
qemu-system-misc 2.0.0+dfsg-2ubuntu1.36
qemu-system 2.0.0+dfsg-2ubuntu1.36
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.36
qemu-system-x86 2.0.0+dfsg-2ubuntu1.36
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.36
qemu-system-arm 2.0.0+dfsg-2ubuntu1.36
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.36
qemu-system-mips 2.0.0+dfsg-2ubuntu1.36

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

LP: 1718222

Kategóriák: Securiy

USN-3425-1: Apache HTTP Server vulnerability

Ubuntu security notices - 2017.09.19, k - 21:54
Ubuntu Security Notice USN-3425-1

19th September, 2017

apache2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Apache HTTP Server could be made to expose sensitive information over the network.

Software description
  • apache2 - Apache HTTP server
Details

Hanno Böck discovered that the Apache HTTP Server incorrectly handled
Limit directives in .htaccess files. In certain configurations, a remote
attacker could possibly use this issue to read arbitrary server memory,
including sensitive information. This issue is known as Optionsbleed.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
apache2-bin 2.4.25-3ubuntu2.3
Ubuntu 16.04 LTS:
apache2-bin 2.4.18-2ubuntu3.5
Ubuntu 14.04 LTS:
apache2-bin 2.4.7-1ubuntu4.18

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-9798

Kategóriák: Securiy

USN-3424-1: libxml2 vulnerabilities

Ubuntu security notices - 2017.09.19, k - 06:16
Ubuntu Security Notice USN-3424-1

18th September, 2017

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in libxml2.

Software description
  • libxml2 - GNOME XML library
Details

It was discovered that a type confusion error existed in libxml2. An
attacker could use this to specially construct XML data that
could cause a denial of service or possibly execute arbitrary
code. (CVE-2017-0663)

It was discovered that libxml2 did not properly validate parsed entity
references. An attacker could use this to specially construct XML
data that could expose sensitive information. (CVE-2017-7375)

It was discovered that a buffer overflow existed in libxml2 when
handling HTTP redirects. An attacker could use this to specially
construct XML data that could cause a denial of service or possibly
execute arbitrary code. (CVE-2017-7376)

Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in
libxml2 when handling elements. An attacker could use this to specially
construct XML data that could cause a denial of service or possibly
execute arbitrary code. (CVE-2017-9047)

Marcel Böhme and Van-Thuan Pham discovered a buffer overread
in libxml2 when handling elements. An attacker could use this
to specially construct XML data that could cause a denial of
service. (CVE-2017-9048)

Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads
in libxml2 when handling parameter-entity references. An attacker
could use these to specially construct XML data that could cause a
denial of service. (CVE-2017-9049, CVE-2017-9050)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libxml2 2.9.4+dfsg1-2.2ubuntu0.1
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.3
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

Kategóriák: Securiy

USN-3423-1: Linux kernel vulnerability

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3423-1

18th September, 2017

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

The system could be made to crash if it received specially crafted bluetooth traffic.

Software description
  • linux - Linux kernel
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash).

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-powerpc-smp 3.2.0.131.145
linux-image-3.2.0-131-omap 3.2.0-131.177
linux-image-3.2.0-131-powerpc-smp 3.2.0-131.177
linux-image-generic 3.2.0.131.145
linux-image-3.2.0-131-generic-pae 3.2.0-131.177
linux-image-3.2.0-131-highbank 3.2.0-131.177
linux-image-generic-pae 3.2.0.131.145
linux-image-3.2.0-131-virtual 3.2.0-131.177
linux-image-highbank 3.2.0.131.145
linux-image-virtual 3.2.0.131.145
linux-image-powerpc64-smp 3.2.0.131.145
linux-image-3.2.0-131-generic 3.2.0-131.177
linux-image-omap 3.2.0.131.145
linux-image-3.2.0-131-powerpc64-smp 3.2.0-131.177

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251

Kategóriák: Securiy

USN-3422-2: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3422-2

18th September, 2017

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM
Details

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-generic-lpae-lts-trusty 3.13.0.132.122
linux-image-3.13.0-132-generic 3.13.0-132.181~precise1
linux-image-generic-lts-trusty 3.13.0.132.122
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181~precise1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650, CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191, CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970, CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187, CVE-2017-7472, CVE-2017-7541

Kategóriák: Securiy

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3420-2

18th September, 2017

linux-lts-xenial vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
Details

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code
in the ISDN subsystem of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV
Decoder driver for the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-8831)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial 4.4.0.96.80
linux-image-generic-lpae-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-powerpc64-emb 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-powerpc-smp 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-lowlatency 4.4.0-96.119~14.04.1
linux-image-lowlatency-lts-xenial 4.4.0.96.80
linux-image-generic-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-generic 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-generic-lpae 4.4.0-96.119~14.04.1
linux-image-powerpc64-smp-lts-xenial 4.4.0.96.80
linux-image-powerpc64-emb-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-powerpc-e500mc 4.4.0-96.119~14.04.1
linux-image-powerpc-e500mc-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-powerpc64-smp 4.4.0-96.119~14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831

Kategóriák: Securiy

USN-3419-2: Linux kernel (HWE) vulnerabilities

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3419-2

18th September, 2017

linux-hwe vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-hwe - Linux hardware enablement (HWE) kernel
Details

USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-lowlatency-hwe-16.04 4.10.0.35.37
linux-image-4.10.0-35-generic 4.10.0-35.39~16.04.1
linux-image-4.10.0-35-lowlatency 4.10.0-35.39~16.04.1
linux-image-generic-lpae-hwe-16.04 4.10.0.35.37
linux-image-generic-hwe-16.04 4.10.0.35.37
linux-image-4.10.0-35-generic-lpae 4.10.0-35.39~16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-7541

Kategóriák: Securiy

USN-3419-1: Linux kernel vulnerabilities

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3419-1

18th September, 2017

linux, linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
linux-image-generic 4.10.0.35.35
linux-image-4.10.0-35-generic 4.10.0-35.39
linux-image-4.10.0-35-lowlatency 4.10.0-35.39
linux-image-4.10.0-35-generic-lpae 4.10.0-35.39
linux-image-generic-lpae 4.10.0.35.35
linux-image-lowlatency 4.10.0.35.35
linux-image-raspi2 4.10.0.1018.19
linux-image-4.10.0-1018-raspi2 4.10.0-1018.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-7541

Kategóriák: Securiy

USN-3420-1: Linux kernel vulnerabilities

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3420-1

18th September, 2017

linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-gke - Linux kernel for Google Container Engine (GKE) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code
in the ISDN subsystem of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV
Decoder driver for the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-8831)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-powerpc-e500mc 4.4.0.96.101
linux-image-4.4.0-1076-snapdragon 4.4.0-1076.81
linux-image-4.4.0-1031-gke 4.4.0-1031.31
linux-image-4.4.0-96-powerpc-e500mc 4.4.0-96.119
linux-image-4.4.0-96-powerpc64-emb 4.4.0-96.119
linux-image-4.4.0-96-generic-lpae 4.4.0-96.119
linux-image-snapdragon 4.4.0.1076.68
linux-image-4.4.0-96-powerpc64-smp 4.4.0-96.119
linux-image-powerpc64-emb 4.4.0.96.101
linux-image-gke 4.4.0.1031.32
linux-image-generic 4.4.0.96.101
linux-image-4.4.0-96-powerpc-smp 4.4.0-96.119
linux-image-4.4.0-96-lowlatency 4.4.0-96.119
linux-image-4.4.0-96-generic 4.4.0-96.119
linux-image-aws 4.4.0.1035.37
linux-image-kvm 4.4.0.1007.7
linux-image-raspi2 4.4.0.1074.74
linux-image-4.4.0-1074-raspi2 4.4.0-1074.82
linux-image-powerpc-smp 4.4.0.96.101
linux-image-generic-lpae 4.4.0.96.101
linux-image-4.4.0-1035-aws 4.4.0-1035.44
linux-image-4.4.0-1007-kvm 4.4.0-1007.12
linux-image-powerpc64-smp 4.4.0.96.101
linux-image-lowlatency 4.4.0.96.101

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831

Kategóriák: Securiy

USN-3421-1: Libidn2 vulnerability

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3421-1

18th September, 2017

libidn2-0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Libidn2 could be made to crash if it received specially crafted input.

Software description
  • libidn2-0 - Internationalized domain names (IDNA2008) library
Details

It was discovered that Libidn2 incorrectly handled certain input. A
remote attacker could possibly use this issue to cause Libidn2 to crash,
resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libidn2-0 0.16-1ubuntu0.1
idn2 0.16-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14062

Kategóriák: Securiy

USN-3422-1: Linux kernel vulnerabilities

Ubuntu security notices - 2017.09.19, k - 03:14
Ubuntu Security Notice USN-3422-1

18th September, 2017

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp 3.13.0.132.141
linux-image-powerpc-e500mc 3.13.0.132.141
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181
linux-image-3.13.0-132-powerpc-e500mc 3.13.0-132.181
linux-image-generic 3.13.0.132.141
linux-image-3.13.0-132-powerpc-e500 3.13.0-132.181
linux-image-3.13.0-132-generic 3.13.0-132.181
linux-image-3.13.0-132-powerpc64-emb 3.13.0-132.181
linux-image-powerpc64-emb 3.13.0.132.141
linux-image-powerpc-e500 3.13.0.132.141
linux-image-powerpc64-smp 3.13.0.132.141
linux-image-generic-lpae 3.13.0.132.141
linux-image-3.13.0-132-powerpc-smp 3.13.0-132.181
linux-image-3.13.0-132-powerpc64-smp 3.13.0-132.181
linux-image-lowlatency 3.13.0.132.141
linux-image-3.13.0-132-lowlatency 3.13.0-132.181

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650, CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191, CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970, CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187, CVE-2017-7472, CVE-2017-7541

Kategóriák: Securiy

USN-3346-2: Bind regression

Ubuntu security notices - 2017.09.18, h - 23:16
Ubuntu Security Notice USN-3346-2

18th September, 2017

bind9 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

USN-3346-1 introduced a regression in Bind.

Software description
  • bind9 - Internet Domain Name Server
Details

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142
introduced a regression in the ability to receive an AXFR or IXFR in the
case where TSIG is used and not every message is signed. This update fixes
the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory details:

Clément Berthaux discovered that Bind did not correctly check TSIG
authentication for zone update requests. An attacker could use this
to improperly perform zone updates. (CVE-2017-3143)

Clément Berthaux discovered that Bind did not correctly check TSIG
authentication for zone transfer requests. An attacker could use this
to improperly transfer entire zones. (CVE-2017-3142)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.2
Ubuntu 16.04 LTS:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.8
Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.16

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Bind to make
all the necessary changes.

References

LP: 1717981

Kategóriák: Securiy

Oldalak

Subscribe to Informatikai megoldások hírolvasó