Category Archives: Ubuntu

Ubuntu Security Notices

USN-3175-2: Firefox regression

Ubuntu Security Notice USN-3175-2

6th February, 2017

firefox regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

USN-3175-1 introduced a regression in Firefox.

Software description

  • firefox
    – Mozilla Open Source web browser

Details

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
regression on systems where the AppArmor profile for Firefox is set to
enforce mode. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)

JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)

Nicolas Grégoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5376)

Atte Kettunen discovered a memory corruption issue in Skia in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5377)

Jann Horn discovered that an object’s address could be discovered through
hashed codes of JavaScript objects shared between pages. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5378)

A use-after-free was discovered in Web Animations in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2017-5379)

A use-after-free was discovered during DOM manipulation of SVG content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5380)

Jann Horn discovered that the “export” function in the Certificate Viewer
can force local filesystem navigation when the Common Name contains
slashes. If a user were tricked in to exporting a specially crafted
certificate, an attacker could potentially exploit this to save content
with arbitrary filenames in unsafe locations. (CVE-2017-5381)

Jerri Rice discovered that the Feed preview for RSS feeds can be used to
capture errors and exceptions generated by privileged content. An attacker
could potentially exploit this to obtain sensitive information.
(CVE-2017-5382)

Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. An attacker could potentially exploit this to spoof the
URL bar contents. (CVE-2017-5383)

Paul Stone and Alex Chapman discovered that the full URL path is exposed
to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a
user has enabled Web Proxy Auto Detect (WPAD), an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5384)

Muneaki Nishimura discovered that data sent in multipart channels will
ignore the Referrer-Policy response headers. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5385)

Muneaki Nishimura discovered that WebExtensions can affect other
extensions using the data: protocol. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to obtain sensitive information or gain additional
privileges. (CVE-2017-5386)

Mustafa Hasan discovered that the existence of local files can be
determined using the <track> element. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5387)

Cullen Jennings discovered that WebRTC can be used to generate large
amounts of UDP traffic. An attacker could potentially exploit this to
conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)

Kris Maglione discovered that WebExtensions can use the mozAddonManager
API by modifying the CSP headers on sites with the appropriate permissions
and then using host requests to redirect script loads to a malicious site.
If a user were tricked in to installing a specially crafted addon, an
attacker could potentially exploit this to install additional addons
without user permission. (CVE-2017-5389)

Jerri Rice discovered insecure communication methods in the Dev Tools JSON
Viewer. An attacker could potentially exploit this to gain additional
privileges. (CVE-2017-5390)

Jerri Rice discovered that about: pages used by content can load
privileged about: pages in iframes. An attacker could potentially exploit
this to gain additional privileges, in combination with a
content-injection bug in one of those about: pages. (CVE-2017-5391)

Stuart Colville discovered that mozAddonManager allows for the
installation of extensions from the CDN for addons.mozilla.org, a publicly
accessible site. If a user were tricked in to installing a specially
crafted addon, an attacker could potentially exploit this, in combination
with a cross-site scripting (XSS) attack on Mozilla’s AMO sites, to
install additional addons. (CVE-2017-5393)

Filipe Gomes discovered a use-after-free in the media decoder in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5396)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
firefox

51.0.1+build2-0ubuntu0.16.10.2
Ubuntu 16.04 LTS:
firefox

51.0.1+build2-0ubuntu0.16.04.2
Ubuntu 14.04 LTS:
firefox

51.0.1+build2-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
firefox

51.0.1+build2-0ubuntu0.12.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 1659922

USN-3193-1: Nettle vulnerability

Ubuntu Security Notice USN-3193-1

6th February, 2017

nettle vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Nettle could be made to expose sensitive information over the network.

Software description

  • nettle
    – low level cryptographic library (public-key cryptos)

Details

It was discovered that Nettle incorrectly mitigated certain timing
side-channel attacks. A remote attacker could possibly use this flaw to
recover private keys.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
libnettle6

3.2-1ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libnettle6

3.2-1ubuntu0.16.04.1
Ubuntu 14.04 LTS:
libnettle4

2.7.1-1ubuntu0.2
Ubuntu 12.04 LTS:
libnettle4

2.4-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-6489

USN-3192-1: Squid vulnerabilities

Ubuntu Security Notice USN-3192-1

6th February, 2017

squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Squid could be made to expose sensitive information over the network.

Software description

  • squid3
    – Web proxy cache server

Details

Saulius Lapinskas discovered that Squid incorrectly handled processing
HTTP conditional requests. A remote attacker could possibly use this issue
to obtain sensitive information related to other clients’ browsing
sessions. (CVE-2016-10002)

Felix Hassert discovered that Squid incorrectly handled certain HTTP
Request headers when using the Collapsed Forwarding feature. A remote
attacker could possibly use this issue to obtain sensitive information
related to other clients’ browsing sessions. This issue only applied to
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
squid3

3.5.12-1ubuntu8.1
Ubuntu 16.04 LTS:
squid3

3.5.12-1ubuntu7.3
Ubuntu 14.04 LTS:
squid3

3.3.8-1ubuntu6.9
Ubuntu 12.04 LTS:
squid3

3.1.19-1ubuntu3.12.04.8

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-10002,

CVE-2016-10003

USN-3188-2: Linux kernel (Trusty HWE) vulnerability

Ubuntu Security Notice USN-3188-2

3rd February, 2017

linux-lts-trusty vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash if it received specially crafted
network traffic.

Software description

  • linux-lts-trusty
    – Linux hardware enablement kernel from Trusty for Precise

Details

USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-108-generic-lpae

3.13.0-108.155~precise1
linux-image-generic-lpae-lts-trusty

3.13.0.108.99
linux-image-3.13.0-108-generic

3.13.0-108.155~precise1
linux-image-generic-lts-trusty

3.13.0.108.99

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-9555

USN-3188-1: Linux kernel vulnerability

Ubuntu Security Notice USN-3188-1

3rd February, 2017

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

The system could be made to crash if it received specially crafted
network traffic.

Software description

  • linux
    – Linux kernel

Details

Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp

3.13.0.108.116
linux-image-powerpc-e500mc

3.13.0.108.116
linux-image-3.13.0-108-generic

3.13.0-108.155
linux-image-generic

3.13.0.108.116
linux-image-3.13.0-108-powerpc-e500

3.13.0-108.155
linux-image-powerpc64-emb

3.13.0.108.116
linux-image-3.13.0-108-generic-lpae

3.13.0-108.155
linux-image-3.13.0-108-powerpc-smp

3.13.0-108.155
linux-image-3.13.0-108-powerpc-e500mc

3.13.0-108.155
linux-image-3.13.0-108-lowlatency

3.13.0-108.155
linux-image-3.13.0-108-powerpc64-emb

3.13.0-108.155
linux-image-generic-lpae

3.13.0.108.116
linux-image-powerpc-e500

3.13.0.108.116
linux-image-lowlatency

3.13.0.108.116
linux-image-3.13.0-108-powerpc64-smp

3.13.0-108.155
linux-image-powerpc64-smp

3.13.0.108.116

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-9555

USN-3187-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3187-1

3rd February, 2017

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash). (CVE-2016-9555)

It was discovered that multiple memory leaks existed in the XFS
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2016-9685)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-121-powerpc-smp

3.2.0-121.164
linux-image-powerpc-smp

3.2.0.121.136
linux-image-3.2.0-121-highbank

3.2.0-121.164
linux-image-3.2.0-121-powerpc64-smp

3.2.0-121.164
linux-image-3.2.0-121-virtual

3.2.0-121.164
linux-image-3.2.0-121-generic

3.2.0-121.164
linux-image-3.2.0-121-generic-pae

3.2.0-121.164
linux-image-generic-pae

3.2.0.121.136
linux-image-highbank

3.2.0.121.136
linux-image-3.2.0-121-omap

3.2.0-121.164
linux-image-virtual

3.2.0.121.136
linux-image-powerpc64-smp

3.2.0.121.136
linux-image-generic

3.2.0.121.136
linux-image-omap

3.2.0.121.136

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-9555,

CVE-2016-9685

USN-3190-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3190-1

3rd February, 2017

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic
daemon (mcryptd) in the Linux kernel did not properly handle being invoked
with incompatible algorithms. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-10147)

It was discovered that a use-after-free existed in the KVM susbsystem of
the Linux kernel when creating devices. A local attacker could use this to
cause a denial of service (system crash). (CVE-2016-10150)

Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)

Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possible execute arbitrary code with
administrative privileges. (CVE-2016-8632)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly restrict the VCPU index when I/O APIC is enabled, An
attacker in a guest VM could use this to cause a denial of service (system
crash) or possibly gain privileges in the host OS. (CVE-2016-9777)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
linux-image-4.8.0-37-powerpc64-emb

4.8.0-37.39
linux-image-powerpc-smp

4.8.0.37.46
linux-image-powerpc-e500mc

4.8.0.37.46
linux-image-4.8.0-37-generic

4.8.0-37.39
linux-image-generic

4.8.0.37.46
linux-image-4.8.0-37-powerpc-e500mc

4.8.0-37.39
linux-image-lowlatency

4.8.0.37.46
linux-image-4.8.0-37-lowlatency

4.8.0-37.39
linux-image-generic-lpae

4.8.0.37.46
linux-image-4.8.0-37-powerpc-smp

4.8.0-37.39
linux-image-4.8.0-37-generic-lpae

4.8.0-37.39
linux-image-powerpc64-emb

4.8.0.37.46

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10147,

CVE-2016-10150,

CVE-2016-8399,

CVE-2016-8632,

CVE-2016-9777

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities

Ubuntu Security Notice USN-3189-2

3rd February, 2017

linux-lts-xenial vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-xenial
    – Linux hardware enablement kernel from Xenial for Trusty

Details

USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic
daemon (mcryptd) in the Linux kernel did not properly handle being invoked
with incompatible algorithms. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-10147)

Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial

4.4.0.62.48
linux-image-lowlatency-lts-xenial

4.4.0.62.48
linux-image-4.4.0-62-powerpc-e500mc

4.4.0-62.83~14.04.1
linux-image-4.4.0-62-lowlatency

4.4.0-62.83~14.04.1
linux-image-4.4.0-62-powerpc-smp

4.4.0-62.83~14.04.1
linux-image-4.4.0-62-powerpc64-smp

4.4.0-62.83~14.04.1
linux-image-generic-lpae-lts-xenial

4.4.0.62.48
linux-image-powerpc64-smp-lts-xenial

4.4.0.62.48
linux-image-4.4.0-62-powerpc64-emb

4.4.0-62.83~14.04.1
linux-image-generic-lts-xenial

4.4.0.62.48
linux-image-powerpc64-emb-lts-xenial

4.4.0.62.48
linux-image-4.4.0-62-generic

4.4.0-62.83~14.04.1
linux-image-4.4.0-62-generic-lpae

4.4.0-62.83~14.04.1
linux-image-powerpc-e500mc-lts-xenial

4.4.0.62.48

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10147,

CVE-2016-8399

USN-3189-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3189-1

3rd February, 2017

linux, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

  • linux-raspi2
    – Linux kernel for Raspberry Pi 2

  • linux-snapdragon
    – Linux kernel for Snapdragon Processors

Details

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic
daemon (mcryptd) in the Linux kernel did not properly handle being invoked
with incompatible algorithms. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-10147)

Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
linux-image-powerpc-smp 4.4.0.62.65
linux-image-powerpc-e500mc 4.4.0.62.65
linux-image-4.4.0-1042-raspi2

4.4.0-1042.49
linux-image-4.4.0-62-powerpc-e500mc

4.4.0-62.83
linux-image-4.4.0-62-lowlatency

4.4.0-62.83
linux-image-generic 4.4.0.62.65
linux-image-4.4.0-62-powerpc-smp

4.4.0-62.83
linux-image-4.4.0-62-powerpc64-smp

4.4.0-62.83
linux-image-lowlatency 4.4.0.62.65
linux-image-4.4.0-1046-snapdragon

4.4.0-1046.50
linux-image-4.4.0-62-powerpc64-emb

4.4.0-62.83
linux-image-powerpc64-smp 4.4.0.62.65
linux-image-generic-lpae 4.4.0.62.65
linux-image-snapdragon 4.4.0.1046.38
linux-image-4.4.0-62-generic

4.4.0-62.83
linux-image-4.4.0-62-generic-lpae

4.4.0-62.83
linux-image-powerpc64-emb 4.4.0.62.65
linux-image-raspi2 4.4.0.1042.41

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10147,

CVE-2016-8399

USN-3177-2: Tomcat regression

Ubuntu Security Notice USN-3177-2

2nd February, 2017

tomcat6, tomcat7 regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

USN-3177-1 introduced a regression in Tomcat.

Software description

  • tomcat6
    – Servlet and JSP engine

  • tomcat7
    – Servlet and JSP engine

Details

USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a
regression in environments where Tomcat is started with a security manager.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the Tomcat realm implementations incorrectly handled
passwords when a username didn’t exist. A remote attacker could possibly
use this issue to enumerate usernames. This issue only applied to Ubuntu
12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)

Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly
limited use of a certain utility method. A malicious application could
possibly use this to bypass Security Manager restrictions. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5018)

It was discovered that Tomcat did not protect applications from untrusted
data in the HTTP_PROXY environment variable. A remote attacker could
possibly use this issue to redirect outbound traffic to an arbitrary proxy
server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-5388)

It was discovered that Tomcat incorrectly controlled reading system
properties. A malicious application could possibly use this to bypass
Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)

It was discovered that Tomcat incorrectly controlled certain configuration
parameters. A malicious application could possibly use this to bypass
Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)

It was discovered that Tomcat incorrectly limited access to global JNDI
resources. A malicious application could use this to access any global JNDI
resource without an explicit ResourceLink. This issue only applied to
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)

Regis Leroy discovered that Tomcat incorrectly filtered certain invalid
characters from the HTTP request line. A remote attacker could possibly
use this issue to inject data into HTTP responses. (CVE-2016-6816)

Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not
implement a recommended fix. A remote attacker could possibly use this
issue to execute arbitrary code. (CVE-2016-8735)

It was discovered that Tomcat incorrectly handled error handling in the
send file code. A remote attacker could possibly use this issue to access
information from other requests. (CVE-2016-8745)

Paul Szabo discovered that the Tomcat package incorrectly handled upgrades
and removals. A local attacker could possibly use this issue to obtain
root privileges. (CVE-2016-9774, CVE-2016-9775)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
tomcat7

7.0.52-1ubuntu0.9
libtomcat7-java

7.0.52-1ubuntu0.9
Ubuntu 12.04 LTS:
libtomcat6-java

6.0.35-1ubuntu3.10
tomcat6

6.0.35-1ubuntu3.10

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1659589