Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-3096-1: NTP vulnerabilities

October 5, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3096-1

5th October, 2016

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in NTP.

Software description

ntp
– Network Time Protocol daemon and utility programs

Details

Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to perform a replay
attack. (CVE-2015-7973)

Matt Street discovered that NTP incorrectly verified peer associations of
symmetric keys. A remote attacker could use this issue to perform an
impersonation attack. (CVE-2015-7974)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled
memory. An attacker could possibly use this issue to cause ntpq to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2015-7975)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled
dangerous characters in filenames. An attacker could possibly use this
issue to overwrite arbitrary files. (CVE-2015-7976)

Stephen Gray discovered that NTP incorrectly handled large restrict lists.
An attacker could use this issue to cause NTP to crash, resulting in a
denial of service. (CVE-2015-7977, CVE-2015-7978)

Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to cause NTP to
crash, resulting in a denial of service. (CVE-2015-7979)

Jonathan Gardner discovered that NTP incorrectly handled origin timestamp
checks. A remote attacker could use this issue to spoof peer servers.
(CVE-2015-8138)

Jonathan Gardner discovered that the NTP ntpq utility did not properly
handle certain incorrect values. An attacker could possibly use this issue
to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)

It was discovered that the NTP cronjob incorrectly cleaned up the
statistics directory. A local attacker could possibly use this to escalate
privileges. (CVE-2016-0727)

Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly
validated crypto-NAKs. A remote attacker could possibly use this issue to
prevent clients from synchronizing. (CVE-2016-1547)

Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly
handled switching to interleaved symmetric mode. A remote attacker could
possibly use this issue to prevent clients from synchronizing.
(CVE-2016-1548)

Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that
NTP incorrectly handled message authentication. A remote attacker could
possibly use this issue to recover the message digest key. (CVE-2016-1550)

Yihan Lian discovered that NTP incorrectly handled duplicate IPs on
unconfig directives. An authenticated remote attacker could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2016-2516)

Yihan Lian discovered that NTP incorrectly handled certail peer
associations. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. (CVE-2016-2518)

Jakub Prokes discovered that NTP incorrectly handled certain spoofed
packets. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-4954)

Miroslav Lichvar discovered that NTP incorrectly handled certain packets
when autokey is enabled. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4955)

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
broadcast packets. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4956)

In the default installation, attackers would be isolated by the NTP
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: ntp

1:4.2.8p4+dfsg-3ubuntu5.3
Ubuntu 14.04 LTS:: ntp

1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
Ubuntu 12.04 LTS:: ntp

1:4.2.6.p3+dfsg-1ubuntu3.11

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-3095-1: PHP vulnerabilities

October 4, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3095-1

4th October, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in PHP.

Software description

php5
– HTML-embedded scripting language interpreter
php7.0
– HTML-embedded scripting language interpreter

Details

Taoguang Chen discovered that PHP incorrectly handled certain invalid
objects when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7124)

Taoguang Chen discovered that PHP incorrectly handled invalid session
names. A remote attacker could use this issue to inject arbitrary session
data. (CVE-2016-7125)

It was discovered that PHP incorrectly handled certain gamma values in the
imagegammacorrect function. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7127)

It was discovered that PHP incorrectly handled certain crafted TIFF image
thumbnails. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly expose sensitive information.
(CVE-2016-7128)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,
CVE-2016-7132, CVE-2016-7413)

It was discovered that PHP incorrectly handled certain memory operations. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS. (CVE-2016-7133)

It was discovered that PHP incorrectly handled long strings in curl_escape
calls. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)

Taoguang Chen discovered that PHP incorrectly handled certain failures when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-7411)

It was discovered that PHP incorrectly handled certain flags in the MySQL
driver. Malicious remote MySQL servers could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7412)

It was discovered that PHP incorrectly handled ZIP file signature
verification when processing a PHAR archive. A remote attacker could use
this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-7414)

It was discovered that PHP incorrectly handled certain locale operations. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-7416)

It was discovered that PHP incorrectly handled SplArray unserializing. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-7417)

Ke Liu discovered that PHP incorrectly handled unserializing wddxPacket XML
documents with incorrect boolean elements. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-7418)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: php7.0-gd

7.0.8-0ubuntu0.16.04.3; php7.0-cli

7.0.8-0ubuntu0.16.04.3; php7.0-cgi

7.0.8-0ubuntu0.16.04.3; php7.0-fpm

7.0.8-0ubuntu0.16.04.3; php7.0-mysql

7.0.8-0ubuntu0.16.04.3; libapache2-mod-php7.0

7.0.8-0ubuntu0.16.04.3; php7.0-curl

7.0.8-0ubuntu0.16.04.3
Ubuntu 14.04 LTS:: php5-cli

5.5.9+dfsg-1ubuntu4.20; php5-cgi

5.5.9+dfsg-1ubuntu4.20; php5-curl

5.5.9+dfsg-1ubuntu4.20; php5-mysqlnd

5.5.9+dfsg-1ubuntu4.20; php5-gd

5.5.9+dfsg-1ubuntu4.20; libapache2-mod-php5

5.5.9+dfsg-1ubuntu4.20; php5-fpm

5.5.9+dfsg-1ubuntu4.20
Ubuntu 12.04 LTS:: php5-cli

5.3.10-1ubuntu3.25; php5-cgi

5.3.10-1ubuntu3.25; php5-curl

5.3.10-1ubuntu3.25; php5-mysqlnd

5.3.10-1ubuntu3.25; php5-gd

5.3.10-1ubuntu3.25; libapache2-mod-php5

5.3.10-1ubuntu3.25; php5-fpm

5.3.10-1ubuntu3.25

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-3090-2: Pillow regresssion

September 30, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3090-2

30th September, 2016

Pillow regression

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Software description

pillow
– Python Imaging Library compatibility layer

Details

USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: python-imaging

2.3.0-1ubuntu3.3; python3-pil

2.3.0-1ubuntu3.3; python-pil

2.3.0-1ubuntu3.3; python3-imaging

2.3.0-1ubuntu3.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

None

References

CVE-2014-9601,

LP: 1628351

Ubuntu

USN-3094-1: Systemd vulnerability

September 29, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3094-1

29th September, 2016

systemd vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

The system could be made unavailable under certain conditions.

Software description

systemd
– system and service manager

Details

Andrew Ayer discovered that Systemd improperly handled zero-length
notification messages. A local unprivileged attacker could use
this to cause a denial of service (init crash leading to system
unavailability).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: systemd

229-4ubuntu10

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1628687

Ubuntu

USN-3092-1: Samba vulnerability

September 28, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3092-1

28th September, 2016

samba vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Samba could be tricked into connecting to impersonated servers.

Software description

samba
– SMB/CIFS file, print, and login server for Unix

Details

Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a man in the
middle attack.

Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: samba

2:4.3.11+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:: samba

2:4.3.11+dfsg-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2016-2119

Ubuntu

USN-3093-1: ClamAV vulnerabilities

September 28, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3093-1

28th September, 2016

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

ClamAV could be made to crash or run programs if it processed a specially
crafted file.

Software description

clamav
– Anti-virus utility for Unix

Details

It was discovered that ClamAV incorrectly handled certain malformed files.
A remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.

In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: clamav

0.99.2+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:: clamav

0.99.2+addedllvm-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:: clamav

0.99.2+addedllvm-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2016-1371,

CVE-2016-1372,

CVE-2016-1405

Ubuntu

USN-3089-1: Django vulnerability

September 27, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3089-1

27th September, 2016

python-django vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Django could be made to set arbitrary cookies.

Software description

python-django
– High-level Python web development framework

Details

Sergey Bobrov discovered that Django incorrectly parsed cookies when being
used with Google Analytics. A remote attacker could possibly use this issue
to set arbitrary cookies leading to a CSRF protection bypass.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: python3-django

1.8.7-1ubuntu5.2; python-django

1.8.7-1ubuntu5.2
Ubuntu 14.04 LTS:: python-django

1.6.1-2ubuntu0.15
Ubuntu 12.04 LTS:: python-django

1.3.1-4ubuntu1.21

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-7401

Ubuntu

USN-3090-1: Pillow vulnerabilities

September 27, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3090-1

27th September, 2016

Pillow vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Pillow could be made to crash if it received specially crafted input or opened
a specially crafted file.

Software description

pillow
– Python Imaging Library compatibility layer

Details

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: python-imaging

2.3.0-1ubuntu3.2; python3-pil

2.3.0-1ubuntu3.2; python-pil

2.3.0-1ubuntu3.2; python3-imaging

2.3.0-1ubuntu3.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-3088-1: Bind vulnerability

September 27, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3088-1

27th September, 2016

bind9 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Bind could be made to crash if it received specially crafted network
traffic.

Software description

bind9
– Internet Domain Name Server

Details

It was discovered that Bind incorrectly handled building responses to
certain specially crafted requests. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: bind9

1:9.10.3.dfsg.P4-8ubuntu1.1
Ubuntu 14.04 LTS:: bind9

1:9.9.5.dfsg-3ubuntu0.9
Ubuntu 12.04 LTS:: bind9

1:9.8.1.dfsg.P1-4ubuntu0.17

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-2776

Ubuntu

USN-3087-2: OpenSSL regression

September 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-3087-2

23rd September, 2016

openssl regression

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

USN-3087-1 introduced a regression in OpenSSL.

Software description

openssl
– Secure Socket Layer (SSL) cryptographic library and tools

Details

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was
incomplete and caused a regression when parsing certificates. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)

Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)

César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-2016-2178)

Quan Luo discovered that OpenSSL did not properly restrict the lifetime
of queue entries in the DTLS implementation. A remote attacker could
possibly use this issue to consume memory, resulting in a denial of
service. (CVE-2016-2179)

Shi Lei discovered that OpenSSL incorrectly handled memory in the
TS_OBJ_print_bio() function. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2016-2180)

It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
feature. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-2181)

Shi Lei discovered that OpenSSL incorrectly validated division results. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-2182)

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update moves DES from the HIGH cipher list to MEDIUM.
(CVE-2016-2183)

Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
A remote attacker could use this issue to cause a denial of service.
(CVE-2016-6302)

Shi Lei discovered that OpenSSL incorrectly handled memory in the
MDC2_Update() function. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-6303)

Shi Lei discovered that OpenSSL incorrectly performed certain message
length checks. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-6306)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: libssl1.0.0

1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS:: libssl1.0.0

1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS:: libssl1.0.0

1.0.1-4ubuntu5.38

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1626883

Ubuntu Security Notice USN-3096-1

ntp vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3095-1

php5, php7.0 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3090-2

Pillow regression

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3094-1

systemd vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3092-1

samba vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3093-1

clamav vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3089-1

python-django vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3090-1

Pillow vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3088-1

bind9 vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3087-2

openssl regression

Summary

Software description

Details

Update instructions

References

Software and Security Information