Monthly Archives: December 2015

Ubuntu

USN-2831-1: cups-filters vulnerability

Ubuntu Security Notice USN-2831-1

7th December, 2015

cups-filters vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

cups-filters could be made to run programs as the lp user if it processed a
specially crafted print job.

Software description

  • cups-filters
    – OpenPrinting CUPS Filters

Details

Michal Kowalczyk discovered that the cups-filters foomatic-rip filter
incorrectly stripped shell escape characters. A remote attacker could
possibly use this issue to execute arbitrary code as the lp user.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
cups-filters

1.0.76-1ubuntu0.1
Ubuntu 15.04:
cups-filters

1.0.67-0ubuntu2.5
Ubuntu 14.04 LTS:
cups-filters

1.0.52-0ubuntu1.6

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8327

Ubuntu

USN-2831-2: foomatic-filters vulnerability

Ubuntu Security Notice USN-2831-2

7th December, 2015

foomatic-filters vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

foomatic-filters could be made to run programs as the lp user if it
processed a specially crafted print job.

Software description

  • foomatic-filters
    – OpenPrinting printer support – filters

Details

Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter
incorrectly stripped shell escape characters. A remote attacker could
possibly use this issue to execute arbitrary code as the lp user.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
foomatic-filters

4.0.16-0ubuntu0.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8327

Ubuntu

USN-2832-1: libsndfile vulnerabilities

Ubuntu Security Notice USN-2832-1

7th December, 2015

libsndfile vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

libsndfile could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

  • libsndfile
    – Library for reading/writing audio files

Details

It was discovered that libsndfile incorrectly handled memory when parsing
malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)

Joshua Rogers discovered that libsndfile incorrectly handled division when
parsing malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2014-9756)

Marco Romano discovered that libsndfile incorrectly handled certain
malformed AIFF files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-7805)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
libsndfile1

1.0.25-9.1ubuntu0.15.10.1
Ubuntu 15.04:
libsndfile1

1.0.25-9.1ubuntu0.15.04.1
Ubuntu 14.04 LTS:
libsndfile1

1.0.25-7ubuntu2.1
Ubuntu 12.04 LTS:
libsndfile1

1.0.25-4ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2014-9496,

CVE-2014-9756,

CVE-2015-7805

Security

Red Hat Security Advisory 2015-2558-01

Red Hat Security Advisory 2015-2558-01 – Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This release of Red Hat JBoss Fuse Service Works 6.2.1 serves as a replacement for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: A flaw was discovered that when an application uses Groovy and uses the standard Java serialization mechanism, an attacker can bake a special serialized object that executes code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.

Security

Red Hat Security Advisory 2015-2556-01

Red Hat Security Advisory 2015-2556-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss Fuse 6.2.1 is a micro product release that updates Red Hat JBoss Fuse 6.2.0, and includes several bug fixes and enhancements.

Security

Red Hat Security Advisory 2015-2559-01

Red Hat Security Advisory 2015-2559-01 – Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements.

Security

Red Hat Security Advisory 2015-2557-01

Red Hat Security Advisory 2015-2557-01 – Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.1 is a micro product release that updates Red Hat JBoss A-MQ 6.2.0, and includes several bug fixes and enhancements.

Security

Red Hat Security Advisory 2015-2560-01

Red Hat Security Advisory 2015-2560-01 – Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.

US-CERT

Seven Steps for Making Identity Protection Part of Your Routine

Original release date: December 07, 2015

The Internal Revenue Service (IRS) has released the third in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available released each Monday through the start of the tax season in January, and will continue through the April tax deadline. US-CERT and IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.

The third tip focuses on seven simple steps for making identity protection part of your daily routine. US-CERT encourages users and administrators to review IRS Security Awareness Tax Tip Number 3 for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.