USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.

Original advisory details:

It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-9935)

It was discovered that PHP incorrectly handled certain EXIF data. A remote
attacker could use this issue to cause PHP to crash, resulting in a denial
of service. (CVE-2016-10158)

It was discovered that PHP incorrectly handled certain PHAR archives. A
remote attacker could use this issue to cause PHP to crash or consume
resources, resulting in a denial of service. (CVE-2016-10159)

It was discovered that PHP incorrectly handled certain PHAR archives. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-10160)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:: php7.0-fpm

7.0.15-0ubuntu0.16.10.4; libapache2-mod-php7.0

7.0.15-0ubuntu0.16.10.4; php7.0-cli

7.0.15-0ubuntu0.16.10.4; php7.0-cgi

7.0.15-0ubuntu0.16.10.4
Ubuntu 16.04 LTS:: php7.0-fpm

7.0.15-0ubuntu0.16.04.4; libapache2-mod-php7.0

7.0.15-0ubuntu0.16.04.4; php7.0-cli

7.0.15-0ubuntu0.16.04.4; php7.0-cgi

7.0.15-0ubuntu0.16.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1668017

Ubuntu

USN-3214-1: w3m vulnerabilities

March 2, 2017 007admin Leave a comment

Ubuntu Security Notice USN-3214-1

2nd March, 2017

w3m vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in w3m.

Software description

w3m
– WWW browsable pager with excellent tables/frames support

Details

A large number of security issues were discovered in the w3m browser. If a
user were tricked into viewing a malicious website, a remote attacker could
exploit a variety of issues related to web browser security, including
cross-site scripting attacks, denial of service attacks, and arbitrary code
execution.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: w3m

0.5.3-15ubuntu0.1
Ubuntu 12.04 LTS:: w3m

0.5.3-5ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-3215-1: Munin vulnerability

March 2, 2017 007admin Leave a comment

Ubuntu Security Notice USN-3215-1

2nd March, 2017

munin vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Munin could be made to overwrite files.

Software description

munin
– Network-wide graphing framework

Details

It was discovered that Munin incorrectly handled CGI graphs. A remote
attacker could use this issue to overwrite arbitrary files as the www-data
user.