Monthly Archives: January 2015

Ubuntu

USN-2480-1: MySQL vulnerabilities

Ubuntu Security Notice USN-2480-1

22nd January, 2015

mysql-5.5 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in MySQL.

Software description

  • mysql-5.5
    – MySQL database

Details

Multiple security issues were discovered in MySQL and this update includes
a new upstream MySQL version to fix these issues. MySQL has been updated to
5.5.41.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
mysql-server-5.5

5.5.41-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
mysql-server-5.5

5.5.41-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
mysql-server-5.5

5.5.41-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-6568,

CVE-2015-0374,

CVE-2015-0381,

CVE-2015-0382,

CVE-2015-0411,

CVE-2015-0432

Ubuntu

USN-2481-1: Samba vulnerability

Ubuntu Security Notice USN-2481-1

22nd January, 2015

samba vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS

Summary

A security issue was fixed in Samba.

Software description

  • samba
    – SMB/CIFS file, print, and login server for Unix

Details

Andrew Bartlett discovered that Samba incorrectly handled delegation of
authority when being used as an Active Directory Domain Controller. An
attacker given delegation privileges could use this issue to escalate their
privileges further.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
samba

2:4.1.11+dfsg-1ubuntu2.1
Ubuntu 14.04 LTS:
samba

2:4.1.6+dfsg-1ubuntu2.14.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8143

Ubuntu

USN-2482-1: elfutils vulnerability

Ubuntu Security Notice USN-2482-1

22nd January, 2015

elfutils vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

elfutils could be made to overwrite files in the root directory if it received
a specially crafted file.

Software description

  • elfutils
    – collection of utilities to handle ELF objects

Details

Alexander Cherepanov discovered that libelf1 incorrectly handled certain
filesystem paths while extracting ar archives. An attacker could use this flaw
to perform a directory traversal attack on the root directory if the process
extracting the ar archive has write access to the root directory.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libelf1

0.160-0ubuntu2.1
Ubuntu 14.04 LTS:
libelf1

0.158-0ubuntu5.2
Ubuntu 12.04 LTS:
libelf1

0.152-1ubuntu3.1
Ubuntu 10.04 LTS:
libelf1

0.143-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart applications using libelf1
to make all the necessary changes.

References

CVE-2014-9447