Ubuntu Security Notice USN-3117-1

Ubuntu Security Notice 3117-1 – Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

Ubuntu Security Notice USN-3115-1

Ubuntu Security Notice 3115-1 – Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. Various other issues were also addressed.

Ubuntu Security Notice USN-3116-1

Ubuntu Security Notice 3116-1 – It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. Various other issues were also addressed.

Ubuntu Security Notice USN-3118-1

Ubuntu Security Notice 3118-1 – It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. Various other issues were also addressed.

ISC Releases Security Updates for BIND

Original release date: November 01, 2016

The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P4
  • BIND 9 version 9.10.4-P4
  • BIND 9 version 9.11.0-P1
  • BIND 9 version 9.9.9-S6

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01434 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.