Ubuntu

USN-2873-1: Linux kernel (Utopic HWE) vulnerability

January 20, 2016 007admin

Ubuntu Security Notice USN-2873-1

19th January, 2016

linux-lts-utopic vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-lts-utopic
– Linux hardware enablement kernel from Utopic

Details

Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.16.0-59-powerpc-e500mc

3.16.0-59.79~14.04.1; linux-image-3.16.0-59-powerpc64-smp

3.16.0-59.79~14.04.1; linux-image-3.16.0-59-generic-lpae

3.16.0-59.79~14.04.1; linux-image-3.16.0-59-powerpc-smp

3.16.0-59.79~14.04.1; linux-image-3.16.0-59-lowlatency

3.16.0-59.79~14.04.1; linux-image-3.16.0-59-powerpc64-emb

3.16.0-59.79~14.04.1; linux-image-3.16.0-59-generic

3.16.0-59.79~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0728

Ubuntu

USN-2871-2: Linux kernel (Vivid HWE) vulnerability

January 20, 2016 007admin

Ubuntu Security Notice USN-2871-2

19th January, 2016

linux-lts-vivid vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-lts-vivid
– Linux hardware enablement kernel from Vivid

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.19.0-47-powerpc-e500mc

3.19.0-47.53~14.04.1; linux-image-3.19.0-47-powerpc64-emb

3.19.0-47.53~14.04.1; linux-image-3.19.0-47-powerpc-smp

3.19.0-47.53~14.04.1; linux-image-3.19.0-47-powerpc64-smp

3.19.0-47.53~14.04.1; linux-image-3.19.0-47-lowlatency

3.19.0-47.53~14.04.1; linux-image-3.19.0-47-generic

3.19.0-47.53~14.04.1; linux-image-3.19.0-47-generic-lpae

3.19.0-47.53~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-0728

Ubuntu

USN-2872-2: Linux kernel (Wily HWE) vulnerability

January 20, 2016 007admin

Ubuntu Security Notice USN-2872-2

19th January, 2016

linux-lts-wily vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-lts-wily
– Linux hardware enablement kernel from Wily

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-4.2.0-25-powerpc64-emb

4.2.0-25.30~14.04.1; linux-image-4.2.0-25-powerpc-smp

4.2.0-25.30~14.04.1; linux-image-4.2.0-25-lowlatency

4.2.0-25.30~14.04.1; linux-image-4.2.0-25-powerpc-e500mc

4.2.0-25.30~14.04.1; linux-image-4.2.0-25-generic-lpae

4.2.0-25.30~14.04.1; linux-image-4.2.0-25-powerpc64-smp

4.2.0-25.30~14.04.1; linux-image-4.2.0-25-generic

4.2.0-25.30~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-0728

Ubuntu

USN-2872-3: Linux kernel (Raspberry Pi 2) vulnerability

January 20, 2016 007admin

Ubuntu Security Notice USN-2872-3

19th January, 2016

linux-raspi2 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-raspi2
– Linux kernel for Raspberry Pi 2

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: linux-image-4.2.0-1020-raspi2

4.2.0-1020.27

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-0728

Ubuntu

USN-2870-2: Linux kernel (Trusty HWE) vulnerability

January 20, 2016 007admin

Ubuntu Security Notice USN-2870-2

19th January, 2016

linux-lts-trusty vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-lts-trusty
– Linux hardware enablement kernel from Trusty

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.13.0-76-generic

3.13.0-76.120~precise1; linux-image-3.13.0-76-generic-lpae

3.13.0-76.120~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-0728

Ubuntu

USN-2874-1: Bind vulnerability

January 20, 2016 007admin

Ubuntu Security Notice USN-2874-1

19th January, 2016

bind9 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Bind could be made to crash if it received specially crafted network
traffic.

Software description

bind9
– Internet Domain Name Server

Details

It was discovered that Bind incorrectly handled certain APL data. A remote
attacker could possibly use this issue to cause Bind to crash, resulting in
a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: bind9

1:9.9.5.dfsg-11ubuntu1.2
Ubuntu 15.04:: bind9

1:9.9.5.dfsg-9ubuntu0.5
Ubuntu 14.04 LTS:: bind9

1:9.9.5.dfsg-3ubuntu0.7
Ubuntu 12.04 LTS:: bind9

1:9.8.1.dfsg.P1-4ubuntu0.15

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8704

Ubuntu

USN-2875-1: libxml2 vulnerabilities

January 20, 2016 007admin

Ubuntu Security Notice USN-2875-1

19th January, 2016

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

libxml2 could be made to crash if it opened a specially crafted file.

Software description

libxml2
– GNOME XML library

Details

It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: libxml2

2.9.2+zdfsg1-4ubuntu0.3
Ubuntu 15.04:: libxml2

2.9.2+dfsg1-3ubuntu0.3
Ubuntu 14.04 LTS:: libxml2

2.9.1+dfsg1-3ubuntu4.7
Ubuntu 12.04 LTS:: libxml2

2.7.8.dfsg-5.1ubuntu4.14

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-7499,

CVE-2015-8710

US-CERT

ISC Releases Security Updates for BIND

January 19, 2016 007admin

Original release date: January 19, 2016

The Internet Systems Consortium (ISC) has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

BIND 9 version 9.9.8-P3
BIND 9 version 9.10.3-P3
BIND 9 version 9.9.8-S4

Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01335 and AA-01336 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Linux Kernel Vulnerability

January 19, 2016 007admin

Original release date: January 19, 2016

US-CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android-based devices. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT recommends that users and administrators review the Redhat Security Blog and the Debian Security Bug Tracker for additional details and refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Apple Releases Security Updates for iOS, OS X El Capitan, and Safari

January 19, 2016 007admin

Original release date: January 19, 2016

Apple has released security updates for iOS, OS X El Capitan, and Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

iOS 9.2.1 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later
OS X El Capitan 10.11.3 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2
Safari 9.0.3 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2

Users and administrators are encouraged to review Apple security updates for iOS, OS X El Capitan, and Safari and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Ubuntu Security Notice USN-2873-1

linux-lts-utopic vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2871-2

linux-lts-vivid vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2872-2

linux-lts-wily vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2872-3

linux-raspi2 vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2870-2

linux-lts-trusty vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2874-1

bind9 vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2875-1

libxml2 vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information