Just wanted to let you know I’ve released a blog post discussing an interesting Outlook bug (remote crashing, or?),
feel free to reach me for discussions of the exploitability of the bug.
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Summary
GStreamer Base Plugins could be made to crash if it opened a specially
crafted file.
Software description
gst-plugins-base0.10
– GStreamer Plugins
gst-plugins-base1.0
– GStreamer Plugins
Details
Hanno Böck discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Summary
GStreamer Good Plugins could be made to crash if it opened a specially
crafted file.
Software description
gst-plugins-good0.10
– GStreamer plugins
gst-plugins-good1.0
– GStreamer plugins
Details
Hanno Böck discovered that GStreamer Good Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Summary
Eject could be made to run programs as an administrator.
Software description
eject
– ejects CDs and operates CD-Changers under Linux
Details
Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A code execution vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to heap overflow vulnerability in the JPEG decoder routine. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG file.