Monthly Archives: December 2016

Redhat

RHEA-2016:2832-1: tzdata bug fix and enhancement update

Leave a comment

Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat
Enterprise Linux 5, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red
Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5
Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update
Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat
Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7
Extended Update Support, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux
7.1 Extended Update Support, Red Hat Enterprise Linux 7.1 Little Endian Extended
Update Support, Red Hat Enterprise Linux 7.2 Extended Update Support, and Red
Hat Enterprise Linux 7.

Ubuntu

USN-3142-1: ImageMagick vulnerabilities

Leave a comment

Ubuntu Security Notice USN-3142-1

30th November, 2016

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in ImageMagick.

Software description

  • imagemagick
    – Image manipulation programs and library

Details

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
libmagick++-6.q16-5v5

8:6.8.9.9-7ubuntu8.2
libmagickcore-6.q16-2-extra

8:6.8.9.9-7ubuntu8.2
imagemagick

8:6.8.9.9-7ubuntu8.2
imagemagick-6.q16

8:6.8.9.9-7ubuntu8.2
libmagickcore-6.q16-2

8:6.8.9.9-7ubuntu8.2
Ubuntu 16.04 LTS:
libmagick++-6.q16-5v5

8:6.8.9.9-7ubuntu5.3
libmagickcore-6.q16-2-extra

8:6.8.9.9-7ubuntu5.3
imagemagick

8:6.8.9.9-7ubuntu5.3
imagemagick-6.q16

8:6.8.9.9-7ubuntu5.3
libmagickcore-6.q16-2

8:6.8.9.9-7ubuntu5.3
Ubuntu 14.04 LTS:
libmagick++5

8:6.7.7.10-6ubuntu3.3
libmagickcore5-extra

8:6.7.7.10-6ubuntu3.3
libmagickcore5

8:6.7.7.10-6ubuntu3.3
imagemagick

8:6.7.7.10-6ubuntu3.3
Ubuntu 12.04 LTS:
libmagick++4

8:6.6.9.7-5ubuntu3.6
libmagickcore4

8:6.6.9.7-5ubuntu3.6
imagemagick

8:6.6.9.7-5ubuntu3.6
libmagickcore4-extra

8:6.6.9.7-5ubuntu3.6

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-7799,

CVE-2016-7906,

CVE-2016-8677,

CVE-2016-8862,

CVE-2016-9556

Ubuntu

USN-3143-1: c-ares vulnerability

Leave a comment

Ubuntu Security Notice USN-3143-1

30th November, 2016

c-ares vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

c-ares could be made to crash or run programs if it processed a specially
crafted hostname.

Software description

  • c-ares
    – library for asynchronous name resolves

Details

Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A
remote attacker could use this issue to cause applications using c-ares to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
libc-ares2

1.11.0-1ubuntu0.1
Ubuntu 16.04 LTS:
libc-ares2

1.10.0-3ubuntu0.1
Ubuntu 14.04 LTS:
libc-ares2

1.10.0-2ubuntu0.1
Ubuntu 12.04 LTS:
libc-ares2

1.7.5-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-5180

Ubuntu

USN-3144-1: Linux kernel vulnerability

Leave a comment

Ubuntu Security Notice USN-3144-1

30th November, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

  • linux
    – Linux kernel

Details

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-powerpc-smp

3.2.0.116.132
linux-image-3.2.0-116-generic

3.2.0-116.158
linux-image-3.2.0-116-virtual

3.2.0-116.158
linux-image-3.2.0-116-generic-pae

3.2.0-116.158
linux-image-generic

3.2.0.116.132
linux-image-generic-pae

3.2.0.116.132
linux-image-highbank

3.2.0.116.132
linux-image-3.2.0-116-powerpc64-smp

3.2.0-116.158
linux-image-virtual

3.2.0.116.132
linux-image-powerpc64-smp

3.2.0.116.132
linux-image-3.2.0-116-highbank

3.2.0-116.158
linux-image-3.2.0-116-omap

3.2.0-116.158
linux-image-3.2.0-116-powerpc-smp

3.2.0-116.158
linux-image-omap

3.2.0.116.132

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425

Ubuntu

USN-3144-2: Linux kernel (OMAP4) vulnerability

Leave a comment

Ubuntu Security Notice USN-3144-2

30th November, 2016

linux-ti-omap4 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

  • linux-ti-omap4
    – Linux kernel for OMAP4

Details

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-omap4

3.2.0.1494.89
linux-image-3.2.0-1494-omap4

3.2.0-1494.121

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425

Ubuntu

USN-3145-1: Linux kernel vulnerabilities

Leave a comment

Ubuntu Security Notice USN-3145-1

30th November, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)

Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp

3.13.0.103.111
linux-image-powerpc-e500mc

3.13.0.103.111
linux-image-3.13.0-103-powerpc-e500

3.13.0-103.150
linux-image-3.13.0-103-generic

3.13.0-103.150
linux-image-generic

3.13.0.103.111
linux-image-3.13.0-103-generic-lpae

3.13.0-103.150
linux-image-3.13.0-103-powerpc64-emb

3.13.0-103.150
linux-image-3.13.0-103-powerpc-smp

3.13.0-103.150
linux-image-3.13.0-103-powerpc-e500mc

3.13.0-103.150
linux-image-3.13.0-103-lowlatency

3.13.0-103.150
linux-image-powerpc64-smp

3.13.0.103.111
linux-image-generic-lpae

3.13.0.103.111
linux-image-lowlatency

3.13.0.103.111
linux-image-omap

3.13.0.103.111
linux-image-powerpc64-emb

3.13.0.103.111
linux-image-3.13.0-103-powerpc64-smp

3.13.0-103.150

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425,

CVE-2016-8658