Ubuntu

USN-3228-1: libevent vulnerabilities

March 14, 2017 007admin Leave a comment

Ubuntu Security Notice USN-3228-1

13th March, 2017

libevent vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in libevent.

Software description

libevent
– Asynchronous event notification library

Details

Guido Vranken discovered that libevent incorrectly handled memory when
processing certain data. A remote attacker could possibly use this issue
with an application that uses libevent to cause a denial of service, or
possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:: libevent-2.0-5

2.0.21-stable-2ubuntu0.16.10.1
Ubuntu 16.04 LTS:: libevent-2.0-5

2.0.21-stable-2ubuntu0.16.04.1
Ubuntu 14.04 LTS:: libevent-2.0-5

2.0.21-stable-1ubuntu1.14.04.2
Ubuntu 12.04 LTS:: libevent-2.0-5

2.0.16-stable-1ubuntu0.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-10195,

CVE-2016-10196,

CVE-2016-10197

Ubuntu

USN-3229-1: Python Imaging Library vulnerabilities

March 14, 2017 007admin Leave a comment

Ubuntu Security Notice USN-3229-1

13th March, 2017

python-imaging vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the Python Imaging Library.

Software description

python-imaging
– Python Imaging Library

Details

It was discovered that the Python Imaging Library incorrectly handled
certain compressed text chunks in PNG images. A remote attacker could
possibly use this issue to cause the Python Imaging Library to crash,
resulting in a denial of service. (CVE-2014-9601)

Cris Neckar discovered that the Python Imaging Library incorrectly handled
certain malformed images. A remote attacker could use this issue to cause
the Python Imaging Library to crash, resulting in a denial of service, or
possibly obtain sensitive information. (CVE-2016-9189)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: python-imaging

1.1.7-4ubuntu0.12.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9601,

CVE-2016-9189,

CVE-2016-9190

Ubuntu

USN-3230-1: Pillow vulnerabilities

March 14, 2017 007admin Leave a comment

Ubuntu Security Notice USN-3230-1

13th March, 2017

pillow vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Pillow.

Software description

pillow
– Python Imaging Library

Details

It was discovered that Pillow incorrectly handled certain compressed text
chunks in PNG images. A remote attacker could possibly use this issue to
cause Pillow to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2014-9601)

Cris Neckar discovered that Pillow incorrectly handled certain malformed
images. A remote attacker could use this issue to cause Pillow to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2016-9189)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:: python-imaging

3.3.1-1ubuntu0.1; python3-pil

3.3.1-1ubuntu0.1; python-pil

3.3.1-1ubuntu0.1
Ubuntu 16.04 LTS:: python-imaging

3.1.2-0ubuntu1.1; python3-pil

3.1.2-0ubuntu1.1; python-pil

3.1.2-0ubuntu1.1
Ubuntu 14.04 LTS:: python-imaging

2.3.0-1ubuntu3.4; python3-pil

2.3.0-1ubuntu3.4; python-pil

2.3.0-1ubuntu3.4; python3-imaging

2.3.0-1ubuntu3.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9601,

CVE-2016-9189,

CVE-2016-9190

Security

MikroTik As A Credential Harvester

March 13, 2017 007admin Leave a comment

Debian

DSA-3809 mariadb-10.0 – security update

March 13, 2017 007admin Leave a comment

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.30. Please see the MariaDB 10.0 Release Notes for further
details:

Security Focus

Vuln: Uninett mod_auth_mellon Module CVE-2017-6807 Authentication Bypass Vulnerability

March 13, 2017 007admin Leave a comment

Uninett mod_auth_mellon Module CVE-2017-6807 Authentication Bypass Vulnerability

Security Focus

Vuln: Linux Kernel CVE-2016-8650 Null Pointer Deference Local Denial of Service Vulnerability

March 13, 2017 007admin Leave a comment

Linux Kernel CVE-2016-8650 Null Pointer Deference Local Denial of Service Vulnerability

Security Focus

Vuln: Cybozu KUNAI CVE-2017-2109 Information Disclosure Vulnerability

March 13, 2017 007admin Leave a comment

Cybozu KUNAI CVE-2017-2109 Information Disclosure Vulnerability

Security Focus

Vuln: IBM WebSphere Application Server CVE-2017-1151 Remote Privilege Escalation Vulnerability

March 13, 2017 007admin Leave a comment

IBM WebSphere Application Server CVE-2017-1151 Remote Privilege Escalation Vulnerability

Security

Attacking Nexus 9 With Malicious Headphones

March 13, 2017 007admin Leave a comment

Nexus 9 running Android version 7.1.1 build N4F26Q and below allows unauthorized access to the FIQ debugger via its headphones jack, which allows for information theft, weakening of ASLR, leaking of stack canaries, and more.

007 Software

Monthly Archives: March 2017

USN-3228-1: libevent vulnerabilities

Ubuntu Security Notice USN-3228-1

libevent vulnerabilities

Summary

Software description

Details

Update instructions

References

USN-3229-1: Python Imaging Library vulnerabilities

Ubuntu Security Notice USN-3229-1

python-imaging vulnerabilities

Summary

Software description

Details

Update instructions

References

USN-3230-1: Pillow vulnerabilities

Ubuntu Security Notice USN-3230-1

pillow vulnerabilities

Summary

Software description

Details

Update instructions

References

MikroTik As A Credential Harvester

DSA-3809 mariadb-10.0 – security update

Vuln: Uninett mod_auth_mellon Module CVE-2017-6807 Authentication Bypass Vulnerability

Vuln: Linux Kernel CVE-2016-8650 Null Pointer Deference Local Denial of Service Vulnerability

Vuln: Cybozu KUNAI CVE-2017-2109 Information Disclosure Vulnerability

Vuln: IBM WebSphere Application Server CVE-2017-1151 Remote Privilege Escalation Vulnerability

Attacking Nexus 9 With Malicious Headphones

Software and Security Information