Ubuntu Security Notice USN-2364-1

27th September, 2014

bash vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Bash.

Software description

• bash
  – GNU Bourne Again SHell

Details

Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly
handled memory. An attacker could possibly use this issue to bypass certain
environment restrictions and execute arbitrary code. (CVE-2014-7186,
CVE-2014-7187)

In addition, this update introduces a hardening measure which adds prefixes
and suffixes around environment variable names which contain shell
functions.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

bash

4.3-7ubuntu1.4

Ubuntu 12.04 LTS:

bash

4.2-2ubuntu2.5

Ubuntu 10.04 LTS:

bash

4.1-2ubuntu3.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-7186,

CVE-2014-7187

Ubuntu Security Notice USN-2365-1

29th September, 2014

libvncserver vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in LibVNCServer.

Software description

• libvncserver
  – vnc server library

Details

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)

Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)

Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the
file transfer feature. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-6055)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

libvncserver0

0.9.9+dfsg-1ubuntu1.1

Ubuntu 12.04 LTS:

libvncserver0

0.9.8.2-2ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-6051,

CVE-2014-6052,

CVE-2014-6053,

CVE-2014-6054,

CVE-2014-6055

Ubuntu Security Notice USN-2366-1

30th September, 2014

libvirt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in libvirt.

Software description

• libvirt
  – Libvirt virtualization toolkit

Details

Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly
handled XML documents containing XML external entity declarations. An
attacker could use this issue to cause libvirtd to crash, resulting in a
denial of service on all affected releases, or possibly read arbitrary
files if fine grained access control was enabled on Ubuntu 14.04 LTS.
(CVE-2014-0179, CVE-2014-5177)

Luyao Huang discovered that libvirt incorrectly handled certain blkiotune
queries. An attacker could use this issue to cause libvirtd to crash,
resulting in a denial of service. This issue only applied to Ubuntu 12.04
LTS and Ubuntu 14.04 LTS. (CVE-2014-3633)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

libvirt0

1.2.2-0ubuntu13.1.5

libvirt-bin

1.2.2-0ubuntu13.1.5

Ubuntu 12.04 LTS:

libvirt0

0.9.8-2ubuntu17.20

libvirt-bin

0.9.8-2ubuntu17.20

Ubuntu 10.04 LTS:

libvirt0

0.7.5-5ubuntu27.25

libvirt-bin

0.7.5-5ubuntu27.25

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-0179,

CVE-2014-3633,

CVE-2014-5177

Ubuntu Security Notice USN-2367-1

2nd October, 2014

openssl update

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

OpenSSL TLSv1.2 support has been improved.

Software description

• openssl
  – Secure Socket Layer (SSL) cryptographic library and tools

Details

For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2
by default when being used as a client. When forcing the use of TLSv1.2,
another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used
that would truncate the cipher list. This would prevent certain ciphers
from being selected, and would prevent secure renegotiations. This update
removes the cipher list truncation workaround when forcing the use of
TLSv1.2.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

libssl1.0.0

1.0.1-4ubuntu5.18

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1376447

Ubuntu Security Notice USN-2368-1

2nd October, 2014

openvpn vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

OpenVPN could be made to expose sensitive information over the network.

Software description

• openvpn
  – virtual private network software

Details

It was discovered that OpenVPN incorrectly handled HMAC comparisons when
running in UDP mode. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could possibly be used to perform a
plaintext recovery attack.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

openvpn

2.2.1-8ubuntu1.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-2061

Ubuntu Security Notice USN-2369-1

2nd October, 2014

file vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

file could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

• file
  – Tool to determine file types

Details

It was discovered that file incorrectly handled certain CDF documents. A
attacker could use this issue to cause file to hang or crash, resulting
in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

file

1:5.14-2ubuntu3.2

Ubuntu 12.04 LTS:

file

5.09-2ubuntu0.5

Ubuntu 10.04 LTS:

file

5.03-5ubuntu1.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3587

Ubuntu Security Notice USN-2370-1

8th October, 2014

apt vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

APT could be made to overwrite files.

Software description

• apt
  – Advanced front-end for dpkg

Details

Guillem Jover discovered that APT incorrectly created a temporary file when
handling the changelog command. A local attacker could use this issue to
overwrite arbitrary files. In the default installation of Ubuntu, this
should be prevented by the kernel link restrictions.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

apt

1.0.1ubuntu2.5

Ubuntu 12.04 LTS:

apt

0.8.16~exp12ubuntu10.21

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-7206

Ubuntu Security Notice USN-2371-1

8th October, 2014

exuberant-ctags vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Exuberant Ctags could be made to consume resources.

Software description

• exuberant-ctags
  – build tag file indexes of source code definitions

Details

It was discovered that Exuberant Ctags incorrectly handled certain minified
js files. An attacker could use this issue to possibly cause Exuberant
Ctags to consume resources, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

exuberant-ctags

1:5.9~svn20110310-7ubuntu0.1

Ubuntu 12.04 LTS:

exuberant-ctags

1:5.9~svn20110310-3ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-7204

Ubuntu Security Notice USN-2374-1

9th October, 2014

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux
  – Linux kernel

Details

Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)

Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)

A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-67-powerpc

2.6.32-67.134

linux-image-2.6.32-67-386

2.6.32-67.134

linux-image-2.6.32-67-sparc64

2.6.32-67.134

linux-image-2.6.32-67-generic-pae

2.6.32-67.134

linux-image-2.6.32-67-preempt

2.6.32-67.134

linux-image-2.6.32-67-lpia

2.6.32-67.134

linux-image-2.6.32-67-sparc64-smp

2.6.32-67.134

linux-image-2.6.32-67-powerpc64-smp

2.6.32-67.134

linux-image-2.6.32-67-versatile

2.6.32-67.134

linux-image-2.6.32-67-generic

2.6.32-67.134

linux-image-2.6.32-67-virtual

2.6.32-67.134

linux-image-2.6.32-67-server

2.6.32-67.134

linux-image-2.6.32-67-powerpc-smp

2.6.32-67.134

linux-image-2.6.32-67-ia64

2.6.32-67.134

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-3184,

CVE-2014-3185,

CVE-2014-6410

Ubuntu Security Notice USN-2375-1

9th October, 2014

linux-ec2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ec2
  – Linux kernel for EC2

Details

Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)

Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)

A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-371-ec2

2.6.32-371.87

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-3184,

CVE-2014-3185,

CVE-2014-6410