Monthly Archives: May 2016

Ubuntu

USN-2986-1: dosfstools vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2986-1

31st May, 2016

dosfstools vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

dosfstools could be made to crash or run programs if it processed a
specially crafted filesystem.

Software description

  • dosfstools
    – utilities for making and checking MS-DOS FAT filesystems

Details

Hanno Böck discovered that dosfstools incorrectly handled certain malformed
filesystems. A local attacker could use this issue to cause dosfstools to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
dosfstools

3.0.28-2ubuntu0.1
Ubuntu 15.10:
dosfstools

3.0.28-1ubuntu0.1
Ubuntu 14.04 LTS:
dosfstools

3.0.26-1ubuntu0.1
Ubuntu 12.04 LTS:
dosfstools

3.0.12-1ubuntu1.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8872,

CVE-2016-4804

Ubuntu

USN-2987-1: GD library vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2987-1

31st May, 2016

libgd2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

The GD library could be made to crash or run programs if it processed a
specially crafted image file.

Software description

  • libgd2
    – GD Graphics Library

Details

It was discovered that the GD library incorrectly handled certain color
tables in XPM images. If a user or automated system were tricked into
processing a specially crafted XPM image, an attacker could cause a denial
of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-2497)

It was discovered that the GD library incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into processing a
specially crafted GIF image, an attacker could cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-9709)

It was discovered that the GD library incorrectly handled memory when using
gdImageFillToBorder(). A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2015-8874)

It was discovered that the GD library incorrectly handled memory when using
gdImageScaleTwoPass(). A remote attacker could possibly use this issue to
cause a denial of service. This issue only applied to Ubuntu 14.04 LTS,
Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877)

Hans Jerry Illikainen discovered that the GD library incorrectly handled
certain malformed GD images. If a user or automated system were tricked
into processing a specially crafted GD image, an attacker could cause a
denial of service or possibly execute arbitrary code. (CVE-2016-3074)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libgd3

2.1.1-4ubuntu0.16.04.1
Ubuntu 15.10:
libgd3

2.1.1-4ubuntu0.15.10.1
Ubuntu 14.04 LTS:
libgd3

2.1.0-3ubuntu0.1
Ubuntu 12.04 LTS:
libgd2-xpm

2.0.36~rc1~dfsg-6ubuntu2.1
libgd2-noxpm

2.0.36~rc1~dfsg-6ubuntu2.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-2497,

CVE-2014-9709,

CVE-2015-8874,

CVE-2015-8877,

CVE-2016-3074

Ubuntu

USN-2988-1: LXD vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2988-1

31st May, 2016

lxd vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10

Summary

Several security issues were fixed in LXD.

Software description

  • lxd
    – Container hypervisor based on LXC

Details

Robie Basak discovered that LXD incorrectly set permissions when setting up
a loop based ZFS pool. A local attacker could use this issue to copy and
read the data of any LXD container. (CVE-2016-1581)

Robie Basak discovered that LXD incorrectly set permissions when switching
an unprivileged container into privileged mode. A local attacker could use
this issue to access any world readable path in the container directory,
including setuid binaries. (CVE-2016-1582)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
lxd

2.0.2-0ubuntu1~16.04.1
Ubuntu 15.10:
lxd

0.20-0ubuntu4.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1581,

CVE-2016-1582

CentOS

CEBA-2016:1185 CentOS 6 kernel BugFix Update

Leave a comment 
CentOS Errata and Bugfix Advisory 2016:1185 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1185.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
c9f9fe408219c4477449ea1ff02b1cdb8f138c7e8946b0107a2550e337d42db7  kernel-2.6.32-642.1.1.el6.i686.rpm
93aff6d219a35ccdb037f8ca0fb37ef2404dc932193050b04cfdab654fa74ef9  kernel-abi-whitelists-2.6.32-642.1.1.el6.noarch.rpm
ff24d2f6561c5228368b4375b8cf6f28dbc5dd84d4a02c2390eb5ab12e89779a  kernel-debug-2.6.32-642.1.1.el6.i686.rpm
f685c21c4edddd1463a84253308120bb0842baf173defb56ad20305f7bebb8be  kernel-debug-devel-2.6.32-642.1.1.el6.i686.rpm
a263fb3038a7fa29613a4e957da4f6dcd3c6798fa56fbca19a1f64c5913d2eb9  kernel-devel-2.6.32-642.1.1.el6.i686.rpm
dafcbcca6b84b865ad490ddd8c0bc769eda11f6291d9e3addbfe7f4ec4dc3b82  kernel-doc-2.6.32-642.1.1.el6.noarch.rpm
35e63ebedc5e4008d065dacccf333edb1fecb10f112281b281a3ac91277a9f46  kernel-firmware-2.6.32-642.1.1.el6.noarch.rpm
c1b7eed3be0cdb28e06485332eb90f899841b6f389db3c5a8b441879197571ec  kernel-headers-2.6.32-642.1.1.el6.i686.rpm
dac134f20393e3bf654ed3622c5219d6cb58dfb3ebcc3caae8005a6cdad8ca64  perf-2.6.32-642.1.1.el6.i686.rpm
b7d2ce2cba6bdeaa47a4373d45d753a58754069aedba9f34d65b9fb70f42daa8  python-perf-2.6.32-642.1.1.el6.i686.rpm

x86_64:
de1c95c8ea3e296a54477af2a7a8955090445142fcc4cea74161ca37b15d3d4f  kernel-2.6.32-642.1.1.el6.x86_64.rpm
93aff6d219a35ccdb037f8ca0fb37ef2404dc932193050b04cfdab654fa74ef9  kernel-abi-whitelists-2.6.32-642.1.1.el6.noarch.rpm
11162d5665d1fb06e6f659f8fda34b9fa9b5204d41d1bf96a1982dc98c291fa0  kernel-debug-2.6.32-642.1.1.el6.x86_64.rpm
f685c21c4edddd1463a84253308120bb0842baf173defb56ad20305f7bebb8be  kernel-debug-devel-2.6.32-642.1.1.el6.i686.rpm
31e8b9b5786590bce2204b8ffbd326b83c8a89853a70b55273ff439734f8e793  kernel-debug-devel-2.6.32-642.1.1.el6.x86_64.rpm
5dd4737555f3c5562e4bcf0ebe5e739db0c132f17a0af760cfd66cc2394ee819  kernel-devel-2.6.32-642.1.1.el6.x86_64.rpm
dafcbcca6b84b865ad490ddd8c0bc769eda11f6291d9e3addbfe7f4ec4dc3b82  kernel-doc-2.6.32-642.1.1.el6.noarch.rpm
35e63ebedc5e4008d065dacccf333edb1fecb10f112281b281a3ac91277a9f46  kernel-firmware-2.6.32-642.1.1.el6.noarch.rpm
6815bb0ce437d62c1ce2cd75e090a8c1d6f3c6f8176b3ded3932d0d1b7ad5878  kernel-headers-2.6.32-642.1.1.el6.x86_64.rpm
92728541814d02ed3ecc7ca0de5836a6a6c4aff8e2e9a74542d6c9a0f31b05d5  perf-2.6.32-642.1.1.el6.x86_64.rpm
5a2712140efe05cd0846c0e1eb77ecea7566666d424539bebeb0b3e37b0486ff  python-perf-2.6.32-642.1.1.el6.x86_64.rpm

Source:
4e812c4f1bd1a9172bea3c7b11680a359b0d051f964a720f6d4257a50a3b1215  kernel-2.6.32-642.1.1.el6.src.rpm