Monthly Archives: August 2016

Ubuntu

USN-3068-1: Libidn vulnerabilities

Ubuntu Security Notice USN-3068-1

24th August, 2016

libidn vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Libidn.

Software description

  • libidn
    – implementation of IETF IDN specifications

Details

Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8
characters. A remote attacker could use this issue to cause Libidn to
crash, resulting in a denial of service, or possibly disclose sensitive
memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-2059)

Hanno Böck discovered that Libidn incorrectly handled certain input. A
remote attacker could possibly use this issue to cause Libidn to crash,
resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262,
CVE-2016-6261, CVE-2016-6263)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libidn11

1.32-3ubuntu1.1
Ubuntu 14.04 LTS:
libidn11

1.28-1ubuntu2.1
Ubuntu 12.04 LTS:
libidn11

1.23-2ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-2059,

CVE-2015-8948,

CVE-2016-6261,

CVE-2016-6262,

CVE-2016-6263

Ubuntu

USN-3067-1: HarfBuzz vulnerabilities

Ubuntu Security Notice USN-3067-1

24th August, 2016

harfbuzz vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

HarfBuzz could be made to crash or run programs as your login if it
processed specially crafted data.

Software description

  • harfbuzz
    – OpenType text shaping engine

Details

Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A
remote attacker could use this issue to cause HarfBuzz to crash, resulting
in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)

It was discovered that HarfBuzz incorrectly handled certain length checks.
A remote attacker could use this issue to cause HarfBuzz to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libharfbuzz0b

1.0.1-1ubuntu0.1
Ubuntu 14.04 LTS:
libharfbuzz0b

0.9.27-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2015-8947,

CVE-2016-2052

NVD

CVE-2016-7089

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.

Hackers News

Happy Birthday! LINUX Turns 25 Years Old Today

Linux has turned 25!

Dear all, today is August 25, 2016, and it is time for the celebration, as it’s the 25th Anniversary of the Linux project, announced by its creator, Finnish programmer Linus Torvalds, on August 25, 1991.

Who can forget one of the most famous messages in the computing world posted by Torvalds exactly 25 years ago today, on 25 August 1991:
<!– adsense –>
Hello everybody out