Ubuntu Security Notice USN-2346-1

15th September, 2014

curl vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in curl.

Software description

• curl
  – HTTP, HTTPS, and FTP client and client libraries

Details

Tim Ruehsen discovered that curl incorrectly handled partial literal IP
addresses. This could lead to the disclosure of cookies to the wrong site,
and malicious sites being able to set cookies for others. (CVE-2014-3613)

Tim Ruehsen discovered that curl incorrectly allowed cookies to be set
for Top Level Domains (TLDs). This could allow a malicious site to set a
cookie that gets sent to other sites. (CVE-2014-3620)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

libcurl3-nss

7.35.0-1ubuntu2.1

libcurl3-gnutls

7.35.0-1ubuntu2.1

libcurl3

7.35.0-1ubuntu2.1

Ubuntu 12.04 LTS:

libcurl3-nss

7.22.0-3ubuntu4.10

libcurl3-gnutls

7.22.0-3ubuntu4.10

libcurl3

7.22.0-3ubuntu4.10

Ubuntu 10.04 LTS:

libcurl3-gnutls

7.19.7-1ubuntu1.9

libcurl3

7.19.7-1ubuntu1.9

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3613,

CVE-2014-3620

Ubuntu Security Notice USN-2330-1

11th September, 2014

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird
  – Mozilla Open Source mail and newsgroup client

Details

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong,
Jesse Ruderman and JW Wang discovered multiple memory safety issues in
Thunderbird. If a user were tricked in to opening a specially crafted
message with scripting enabled, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2014-1553, CVE-2014-1562)

Abhishek Arya discovered a use-after-free during DOM interactions with
SVG. If a user were tricked in to opening a specially crafted message
with scripting enabled, an attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2014-1563)

Michal Zalewski discovered that memory is not initialized properly during
GIF rendering in some circumstances. If a user were tricked in to opening
a specially crafted message, an attacker could potentially exploit this to
steal confidential information. (CVE-2014-1564)

Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a
user were tricked in to opening a specially crafted message with scripting
enabled, an attacker could potentially exploit this to cause a denial of
service via application crash or steal confidential information.
(CVE-2014-1565)

A use-after-free was discovered during text layout in some circumstances.
If a user were tricked in to opening a specially crafted message with
scripting enabled, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2014-1567)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

thunderbird

1:31.1.1+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

thunderbird

1:31.1.1+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2014-1553,

CVE-2014-1562,

CVE-2014-1563,

CVE-2014-1564,

CVE-2014-1565,

CVE-2014-1567

Ubuntu Security Notice USN-2344-1

9th September, 2014

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

php5 could be made to crash or run programs if it received
specially crafted network traffic.

Software description

• php5
  – HTML-embedded scripting language interpreter

Details

It was discovered that the Fileinfo component in php5 contains an integer
overflow. An attacker could use this flaw to cause a denial of service
or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587)

It was discovered that the php_parserr function contains multiple buffer
overflows. An attacker could use this flaw to cause a denial of service
or possibly execute arbitrary code via crafted DNS records. (CVE-2014-3597)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

php5

5.5.9+dfsg-1ubuntu4.4

libapache2-mod-php5

5.5.9+dfsg-1ubuntu4.4

php5-fpm

5.5.9+dfsg-1ubuntu4.4

php5-cgi

5.5.9+dfsg-1ubuntu4.4

Ubuntu 12.04 LTS:

php5

5.3.10-1ubuntu3.14

libapache2-mod-php5

5.3.10-1ubuntu3.14

php5-fpm

5.3.10-1ubuntu3.14

php5-cgi

5.3.10-1ubuntu3.14

Ubuntu 10.04 LTS:

php5

5.3.2-1ubuntu4.27

libapache2-mod-php5

5.3.2-1ubuntu4.27

php5-cgi

5.3.2-1ubuntu4.27

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Apache or
php5-fpm to make all the necessary changes.

References

CVE-2014-3587,

CVE-2014-3597

Ubuntu Security Notice USN-2343-1

9th September, 2014

nss vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

NSS could be made to crash or run programs as your login if it processed a
specially crafted certificate.

Software description

• nss
  – Network Security Service library

Details

Tyson Smith and Jesse Schwartzentruber discovered that NSS contained a race
condition when performing certificate validation. An attacker could use
this issue to cause NSS to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

libnss3

2:3.15.4-1ubuntu7.1

Ubuntu 12.04 LTS:

libnss3

3.15.4-0ubuntu0.12.04.3

Ubuntu 10.04 LTS:

libnss3-1d

3.15.4-0ubuntu0.10.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References

CVE-2014-1544

Ubuntu Security Notice USN-2342-1

8th September, 2014

qemu, qemu-kvm vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in QEMU.

Software description

• qemu
  – Machine emulator and virtualizer

• qemu-kvm
  – Machine emulator and virtualizer

Details

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple
issues with QEMU state loading after migration. An attacker able to modify
the state data could use these issues to cause a denial of service, or
possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149,
CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529,
CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,
CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,
CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182,
CVE-2014-3461)

Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and
others discovered multiple issues in the QEMU block drivers. An attacker
able to modify disk images could use these issues to cause a denial of
service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143,
CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222,
CVE-2014-0223)

It was discovered that QEMU incorrectly handled certain PCIe bus hotplug
operations. A malicious guest could use this issue to crash the QEMU host,
resulting in a denial of service. (CVE-2014-3471)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

qemu-system-misc

2.0.0+dfsg-2ubuntu1.3

qemu-system

2.0.0+dfsg-2ubuntu1.3

qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.3

qemu-system-x86

2.0.0+dfsg-2ubuntu1.3

qemu-system-sparc

2.0.0+dfsg-2ubuntu1.3

qemu-system-arm

2.0.0+dfsg-2ubuntu1.3

qemu-system-ppc

2.0.0+dfsg-2ubuntu1.3

qemu-system-mips

2.0.0+dfsg-2ubuntu1.3

Ubuntu 12.04 LTS:

qemu-kvm

1.0+noroms-0ubuntu14.17

Ubuntu 10.04 LTS:

qemu-kvm

0.12.3+noroms-0ubuntu9.24

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2013-4148,

CVE-2013-4149,

CVE-2013-4150,

CVE-2013-4151,

CVE-2013-4526,

CVE-2013-4527,

CVE-2013-4529,

CVE-2013-4530,

CVE-2013-4531,

CVE-2013-4532,

CVE-2013-4533,

CVE-2013-4534,

CVE-2013-4535,

CVE-2013-4536,

CVE-2013-4537,

CVE-2013-4538,

CVE-2013-4539,

CVE-2013-4540,

CVE-2013-4541,

CVE-2013-4542,

CVE-2013-6399,

CVE-2014-0142,

CVE-2014-0143,

CVE-2014-0144,

CVE-2014-0145,

CVE-2014-0146,

CVE-2014-0147,

CVE-2014-0182,

CVE-2014-0222,

CVE-2014-0223,

CVE-2014-3461,

CVE-2014-3471

Ubuntu Security Notice USN-2351-1

22nd September, 2014

nginx vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS

Summary

nginx could be made to expose sensitive information over the network.

Software description

• nginx
  – small, powerful, scalable web/proxy server

Details

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx
incorrectly reused cached SSL sessions. An attacker could possibly use this
issue in certain configurations to obtain access to information from a
different virtual host.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

nginx-extras

1.4.6-1ubuntu3.1

nginx-full

1.4.6-1ubuntu3.1

nginx-core

1.4.6-1ubuntu3.1

nginx-light

1.4.6-1ubuntu3.1

nginx-naxsi

1.4.6-1ubuntu3.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3616

Ubuntu Security Notice USN-2341-1

8th September, 2014

cups vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

CUPS could be made to expose sensitive information, leading to privilege
escalation.

Software description

• cups
  – Common UNIX Printing System(tm)

Details

Salvatore Bonaccorso discovered that the CUPS web interface incorrectly
validated permissions and incorrectly handled symlinks. An attacker could
possibly use this issue to bypass file permissions and read arbitrary
files, possibly leading to a privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

cups

1.7.2-0ubuntu1.2

Ubuntu 12.04 LTS:

cups

1.5.3-0ubuntu8.5

Ubuntu 10.04 LTS:

cups

1.4.3-1ubuntu1.13

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-5029,

CVE-2014-5030,

CVE-2014-5031

Ubuntu Security Notice USN-2350-1

22nd September, 2014

nss update

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

NSS was updated to refresh the CA certificates bundle.

Software description

• nss
  – Network Security Service library

Details

The NSS package contained outdated CA certificates. This update refreshes
the NSS package to version 3.17 which includes the latest CA certificate
bundle.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

libnss3

2:3.17-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

libnss3

3.17-0ubuntu0.12.04.1

Ubuntu 10.04 LTS:

libnss3-1d

3.17-0ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References

LP: 1372410

Ubuntu Security Notice USN-2306-3

8th September, 2014

eglibc regression

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.04 LTS

Summary

USN-2306-1 introduced a regression in the GNU C Library.

Software description

• eglibc
  – GNU C Library

Details

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS,
the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)

It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)

Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:

libc6

2.11.1-0ubuntu7.17

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1364584

Ubuntu Security Notice USN-2349-1

17th September, 2014

libav vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

Libav could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

• libav
  – Multimedia player, server, encoder and transcoder

Details

It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

libavformat53

4:0.8.16-0ubuntu0.12.04.1

libavcodec53

4:0.8.16-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

LP: 1370175