Monthly Archives: October 2015

Ubuntu

USN-2743-4: Firefox regression

Ubuntu Security Notice USN-2743-4

5th October, 2015

firefox regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

USN-2743-1 introduced a regression in Firefox.

Software description

  • firefox
    – Mozilla Open Source web browser

Details

USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users
reported problems with bookmark creation and crashes in some
circumstances. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David
Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4500, CVE-2015-4501)

André Bargull discovered that when a web page creates a scripted proxy
for the window with a handler defined a certain way, a reference to the
inner window will be passed, rather than that of the outer window.
(CVE-2015-4502)

Felix Gröbert discovered an out-of-bounds read in the QCMS color
management library in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or obtain
sensitive information. (CVE-2015-4504)

Khalil Zhani discovered a buffer overflow when parsing VP9 content in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-4506)

Spandan Veggalam discovered a crash while using the debugger API in some
circumstances. If a user were tricked in to opening a specially crafted
website whilst using the debugger, an attacker could potentially exploit
this to execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4507)

Juho Nurminen discovered that the URL bar could display the wrong URL in
reader mode in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
conduct URL spoofing attacks. (CVE-2015-4508)

A use-after-free was discovered when manipulating HTML media content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-4509)

Looben Yang discovered a use-after-free when using a shared worker with
IndexedDB in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-4510)

Francisco Alonso discovered an out-of-bounds read during 2D canvas
rendering in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information. (CVE-2015-4512)

Jeff Walden discovered that changes could be made to immutable properties
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to execute
arbitrary script in a privileged scope. (CVE-2015-4516)

Ronald Crane reported multiple vulnerabilities. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174,
CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)

Mario Gomes discovered that dragging and dropping an image after a
redirect exposes the redirected URL to scripts. An attacker could
potentially exploit this to obtain sensitive information. (CVE-2015-4519)

Ehsan Akhgari discovered 2 issues with CORS preflight requests. An
attacker could potentially exploit these to bypass CORS restrictions.
(CVE-2015-4520)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
firefox

41.0.1+build2-0ubuntu0.15.04.2
Ubuntu 14.04 LTS:
firefox

41.0.1+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox

41.0.1+build2-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 1501277

Ubuntu

USN-2757-1: Oxide vulnerabilities

Ubuntu Security Notice USN-2757-1

5th October, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

  • oxide-qt
    – Web browser engine library for Qt (QML plugin)

Details

Two security issues were discovered in Blink and V8. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to bypass same-origin restrictions.
(CVE-2015-1303, CVE-2015-1304)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
liboxideqtcore0

1.9.5-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
liboxideqtcore0

1.9.5-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1303,

CVE-2015-1304

Ubuntu

USN-2754-1: Thunderbird vulnerabilities

Ubuntu Security Notice USN-2754-1

5th October, 2015

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

  • thunderbird
    – Mozilla Open Source mail and newsgroup client

Details

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David
Major, Andrew McCreight, and Cameron McCormack discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2015-4500)

Khalil Zhani discovered a buffer overflow when parsing VP9 content in some
circumstances. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2015-4506)

A use-after-free was discovered when manipulating HTML media content in
some circumstances. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-4509)

Atte Kettunen discovered a buffer overflow in the nestegg library when
decoding WebM format video in some circumstances. If a user were tricked
in to opening a specially crafted message, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-4511)

Ronald Crane reported multiple vulnerabilities. If a user were tricked in
to opening a specially crafted website in a browsing context, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Thunderbird. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522,
CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)

Mario Gomes discovered that dragging and dropping an image after a
redirect exposes the redirected URL to scripts. An attacker could
potentially exploit this to obtain sensitive information. (CVE-2015-4519)

Ehsan Akhgari discovered 2 issues with CORS preflight requests. An
attacker could potentially exploit these to bypass CORS restrictions.
(CVE-2015-4520)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
thunderbird

1:38.3.0+build1-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
thunderbird

1:38.3.0+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
thunderbird

1:38.3.0+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2015-4500,

CVE-2015-4506,

CVE-2015-4509,

CVE-2015-4511,

CVE-2015-4517,

CVE-2015-4519,

CVE-2015-4520,

CVE-2015-4521,

CVE-2015-4522,

CVE-2015-7174,

CVE-2015-7175,

CVE-2015-7176,

CVE-2015-7177,

CVE-2015-7180

Ubuntu

USN-2761-1: Linux kernel vulnerability

Ubuntu Security Notice USN-2761-1

5th October, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux
    – Linux kernel

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.13.0-65-powerpc-e500

3.13.0-65.106
linux-image-3.13.0-65-powerpc64-smp

3.13.0-65.106
linux-image-3.13.0-65-powerpc-smp

3.13.0-65.106
linux-image-3.13.0-65-powerpc64-emb

3.13.0-65.106
linux-image-3.13.0-65-generic

3.13.0-65.106
linux-image-3.13.0-65-generic-lpae

3.13.0-65.106
linux-image-3.13.0-65-powerpc-e500mc

3.13.0-65.106
linux-image-3.13.0-65-lowlatency

3.13.0-65.106

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-7613

Ubuntu

USN-2762-1: Linux kernel vulnerability

Ubuntu Security Notice USN-2762-1

5th October, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux
    – Linux kernel

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
linux-image-3.19.0-30-powerpc64-smp

3.19.0-30.34
linux-image-3.19.0-30-generic

3.19.0-30.34
linux-image-3.19.0-30-powerpc-smp

3.19.0-30.34
linux-image-3.19.0-30-powerpc64-emb

3.19.0-30.34
linux-image-3.19.0-30-generic-lpae

3.19.0-30.34
linux-image-3.19.0-30-lowlatency

3.19.0-30.34
linux-image-3.19.0-30-powerpc-e500mc

3.19.0-30.34

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-7613

Ubuntu

USN-2763-1: Linux kernel (Trusty HWE) vulnerability

Ubuntu Security Notice USN-2763-1

5th October, 2015

linux-lts-trusty vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-lts-trusty
    – Linux hardware enablement kernel from Trusty

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-65-generic-lpae

3.13.0-65.106~precise1
linux-image-3.13.0-65-generic

3.13.0-65.106~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-7613

Ubuntu

USN-2764-1: Linux kernel (Utopic HWE) vulnerability

Ubuntu Security Notice USN-2764-1

5th October, 2015

linux-lts-utopic vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-lts-utopic
    – Linux hardware enablement kernel from Utopic

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.16.0-50-powerpc64-emb

3.16.0-50.67~14.04.1
linux-image-3.16.0-50-generic

3.16.0-50.67~14.04.1
linux-image-3.16.0-50-lowlatency

3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc64-smp

3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc-smp

3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc-e500mc

3.16.0-50.67~14.04.1
linux-image-3.16.0-50-generic-lpae

3.16.0-50.67~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-7613

Ubuntu

USN-2765-1: Linux kernel (Vivid HWE) vulnerability

Ubuntu Security Notice USN-2765-1

5th October, 2015

linux-lts-vivid vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-lts-vivid
    – Linux hardware enablement kernel from Vivid

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.19.0-30-powerpc64-smp

3.19.0-30.34~14.04.1
linux-image-3.19.0-30-generic

3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc64-emb

3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc-smp

3.19.0-30.34~14.04.1
linux-image-3.19.0-30-generic-lpae

3.19.0-30.34~14.04.1
linux-image-3.19.0-30-lowlatency

3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc-e500mc

3.19.0-30.34~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-7613

Ubuntu

USN-2753-3: LXC regression

Ubuntu Security Notice USN-2753-3

5th October, 2015

lxc regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

USN-2753-1 introduced a regression in LXC.

Software description

  • lxc
    – Linux Containers userspace tools

Details

USN-2753-1 fixed a vulnerability in LXC. The update caused a regression
that prevented some containers from starting. This regression only
affected containers that had a path that contained a ‘/./’ directory
specified as a bind mount target in their configuration file. This
update fixes the problem. We apologize for the inconvenience.

Original advisory details:

Roman Fiedler discovered a directory traversal flaw in lxc-start. A local
attacker with access to an LXC container could exploit this flaw to run
programs inside the container that are not confined by AppArmor or expose
unintended files in the host to the container.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
lxc-dev

1.0.7-0ubuntu0.7
liblxc1

1.0.7-0ubuntu0.7
lxc-templates

1.0.7-0ubuntu0.7
python3-lxc

1.0.7-0ubuntu0.7
lxc

1.0.7-0ubuntu0.7
lxc-tests

1.0.7-0ubuntu0.7

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1501491

NVD

CVE-2014-9750

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.