Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-3068-1: Libidn vulnerabilities

Ubuntu Security Notice USN-3068-1

24th August, 2016

libidn vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Libidn.

Software description

  • libidn
    – implementation of IETF IDN specifications

Details

Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8
characters. A remote attacker could use this issue to cause Libidn to
crash, resulting in a denial of service, or possibly disclose sensitive
memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-2059)

Hanno Böck discovered that Libidn incorrectly handled certain input. A
remote attacker could possibly use this issue to cause Libidn to crash,
resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262,
CVE-2016-6261, CVE-2016-6263)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libidn11

1.32-3ubuntu1.1
Ubuntu 14.04 LTS:
libidn11

1.28-1ubuntu2.1
Ubuntu 12.04 LTS:
libidn11

1.23-2ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-2059,

CVE-2015-8948,

CVE-2016-6261,

CVE-2016-6262,

CVE-2016-6263

Ubuntu

USN-3067-1: HarfBuzz vulnerabilities

Ubuntu Security Notice USN-3067-1

24th August, 2016

harfbuzz vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

HarfBuzz could be made to crash or run programs as your login if it
processed specially crafted data.

Software description

  • harfbuzz
    – OpenType text shaping engine

Details

Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A
remote attacker could use this issue to cause HarfBuzz to crash, resulting
in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)

It was discovered that HarfBuzz incorrectly handled certain length checks.
A remote attacker could use this issue to cause HarfBuzz to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libharfbuzz0b

1.0.1-1ubuntu0.1
Ubuntu 14.04 LTS:
libharfbuzz0b

0.9.27-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2015-8947,

CVE-2016-2052

Ubuntu

USN-3065-1: Libgcrypt vulnerability

Ubuntu Security Notice USN-3065-1

18th August, 2016

libgcrypt11, libgcrypt20 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Libgcrypt incorrectly generated random numbers.

Software description

  • libgcrypt11
    – LGPL Crypto library

  • libgcrypt20
    – LGPL Crypto library

Details

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly
handled mixing functions in the random number generator. An attacker able
to obtain 4640 bits from the RNG can trivially predict the next 160 bits of
output.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libgcrypt20

1.6.5-2ubuntu0.2
Ubuntu 14.04 LTS:
libgcrypt11

1.5.3-2ubuntu4.4
Ubuntu 12.04 LTS:
libgcrypt11

1.5.0-3ubuntu0.6

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-6313

Ubuntu

USN-3064-1: GnuPG vulnerability

Ubuntu Security Notice USN-3064-1

18th August, 2016

gnupg vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

GnuPG incorrectly generated random numbers.

Software description

  • gnupg
    – GNU privacy guard – a free PGP replacement

Details

Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled
mixing functions in the random number generator. An attacker able to obtain
4640 bits from the RNG can trivially predict the next 160 bits of output.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
gnupg

1.4.20-1ubuntu3.1
Ubuntu 14.04 LTS:
gnupg

1.4.16-1ubuntu2.4
Ubuntu 12.04 LTS:
gnupg

1.4.11-3ubuntu2.10

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-6313

Ubuntu

USN-3066-1: PostgreSQL vulnerabilities

Ubuntu Security Notice USN-3066-1

18th August, 2016

postgresql-9.1, postgresql-9.3, postgresql-9.5 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in PostgreSQL.

Software description

  • postgresql-9.1
    – Object-relational SQL database

  • postgresql-9.3
    – Object-relational SQL database

  • postgresql-9.5
    – object-relational SQL database

Details

Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain
nested CASE/WHEN expressions. A remote attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service.
(CVE-2016-5423)

Nathan Bossart discovered that PostgreSQL incorrectly handled special
characters in database and role names. A remote attacker could possibly use
this issue to escalate privileges. (CVE-2016-5424)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
postgresql-9.5

9.5.4-0ubuntu0.16.04
Ubuntu 14.04 LTS:
postgresql-9.3

9.3.14-0ubuntu0.14.04
Ubuntu 12.04 LTS:
postgresql-9.1

9.1.23-0ubuntu0.12.04

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References

CVE-2016-5423,

CVE-2016-5424

Ubuntu

USN-3062-1: OpenJDK 7 vulnerabilities

Ubuntu Security Notice USN-3062-1

16th August, 2016

openjdk-7 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in OpenJDK 7.

Software description

  • openjdk-7
    – Open Source Java implementation

Details

Multiple vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service, expose sensitive data
over the network, or possibly execute arbitrary code. (CVE-2016-3598,
CVE-2016-3606, CVE-2016-3610)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this to expose sensitive data
over the network or possibly execute arbitrary code. (CVE-2016-3458)

Multiple vulnerabilities were discovered in the OpenJDK JRE related
to availability. An attacker could exploit these to cause a denial
of service. (CVE-2016-3500, CVE-2016-3508)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure. An attacker could exploit this to expose sensitive data over
the network. (CVE-2016-3550)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
openjdk-7-jre-lib

7u111-2.6.7-0ubuntu0.14.04.3
openjdk-7-jre-zero

7u111-2.6.7-0ubuntu0.14.04.3
icedtea-7-jre-jamvm

7u111-2.6.7-0ubuntu0.14.04.3
openjdk-7-jre-headless

7u111-2.6.7-0ubuntu0.14.04.3
openjdk-7-jre

7u111-2.6.7-0ubuntu0.14.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

CVE-2016-3458,

CVE-2016-3500,

CVE-2016-3508,

CVE-2016-3550,

CVE-2016-3598,

CVE-2016-3606,

CVE-2016-3610

Ubuntu

USN-3063-1: Fontconfig vulnerability

Ubuntu Security Notice USN-3063-1

17th August, 2016

fontconfig vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Fontconfig be made to crash or run programs if it opened a specially
crafted file.

Software description

  • fontconfig
    – generic font configuration library

Details

Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache
files. A local attacker could possibly use this issue with a specially
crafted cache file to elevate privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
fontconfig

2.11.94-0ubuntu1.1
libfontconfig1

2.11.94-0ubuntu1.1
Ubuntu 14.04 LTS:
fontconfig

2.11.0-0ubuntu4.2
libfontconfig1

2.11.0-0ubuntu4.2
Ubuntu 12.04 LTS:
fontconfig

2.8.0-3ubuntu9.2
libfontconfig1

2.8.0-3ubuntu9.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2016-5384

Ubuntu

USN-3061-1: OpenSSH vulnerabilities

Ubuntu Security Notice USN-3061-1

15th August, 2016

openssh vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in OpenSSH.

Software description

  • openssh
    – secure shell (SSH) for secure access to remote machines

Details

Eddie Harari discovered that OpenSSH incorrectly handled password hashing
when authenticating non-existing users. A remote attacker could perform a
timing attack and enumerate valid users. (CVE-2016-6210)

Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did
not limit password lengths. A remote attacker could use this issue to cause
OpenSSH to consume resources, leading to a denial of service.
(CVE-2016-6515)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
openssh-server

1:7.2p2-4ubuntu2.1
Ubuntu 14.04 LTS:
openssh-server

1:6.6p1-2ubuntu2.8
Ubuntu 12.04 LTS:
openssh-server

1:5.9p1-5ubuntu1.10

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-6210,

CVE-2016-6515

Ubuntu

USN-3047-2: QEMU regression

Ubuntu Security Notice USN-3047-2

12th August, 2016

qemu, qemu-kvm regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

USN-3047-1 introduced a regression in QEMU.

Software description

  • qemu
    – Machine emulator and virtualizer

  • qemu-kvm
    – Machine emulator and virtualizer

Details

USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403
caused a regression which resulted in save/restore failures when virtio
memory balloon statistics are enabled. This update temporarily reverts the
security fix for CVE-2016-5403 pending further investigation. We apologize
for the inconvenience.

Original advisory details:

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI
controller emulation. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code on the host. In the default installation, when QEMU
is used with libvirt, attackers would be isolated by the libvirt AppArmor
profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351)

Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the
VMWare VGA module. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454)

Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual
SCSI bus emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4952)

Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host
Bus Adapter emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly to obtain sensitive host memory. This issue only applied to Ubuntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106,
CVE-2016-5107, CVE-2016-5337)

It was discovered that QEMU incorrectly handled certain iSCSI asynchronous
I/O ioctl calls. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code on the host. In the default installation, when QEMU is used
with libvirt, attackers would be isolated by the libvirt AppArmor profile.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5126)

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A
privileged attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2016-5403)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
qemu-system-misc

1:2.5+dfsg-5ubuntu10.4
qemu-system-s390x

1:2.5+dfsg-5ubuntu10.4
qemu-system

1:2.5+dfsg-5ubuntu10.4
qemu-system-aarch64

1:2.5+dfsg-5ubuntu10.4
qemu-system-x86

1:2.5+dfsg-5ubuntu10.4
qemu-system-sparc

1:2.5+dfsg-5ubuntu10.4
qemu-system-arm

1:2.5+dfsg-5ubuntu10.4
qemu-system-ppc

1:2.5+dfsg-5ubuntu10.4
qemu-system-mips

1:2.5+dfsg-5ubuntu10.4
Ubuntu 14.04 LTS:
qemu-system-misc

2.0.0+dfsg-2ubuntu1.27
qemu-system

2.0.0+dfsg-2ubuntu1.27
qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.27
qemu-system-x86

2.0.0+dfsg-2ubuntu1.27
qemu-system-sparc

2.0.0+dfsg-2ubuntu1.27
qemu-system-arm

2.0.0+dfsg-2ubuntu1.27
qemu-system-ppc

2.0.0+dfsg-2ubuntu1.27
qemu-system-mips

2.0.0+dfsg-2ubuntu1.27
Ubuntu 12.04 LTS:
qemu-kvm

1.0+noroms-0ubuntu14.30

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

LP: 1612089

Ubuntu

USN-3049-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3049-1

10th August, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress
hugetlbfs support in X86 paravirtualized guests. An attacker in the guest
OS could cause a denial of service (guest system crash). (CVE-2016-3961)

It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)

Kangjie Lu discovered an information leak in the netlink implementation of
the Linux kernel. A local attacker could use this to obtain sensitive
information from kernel memory. (CVE-2016-5243)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-107-powerpc-smp

3.2.0-107.148
linux-image-3.2.0-107-highbank

3.2.0-107.148
linux-image-3.2.0-107-powerpc64-smp

3.2.0-107.148
linux-image-3.2.0-107-virtual

3.2.0-107.148
linux-image-3.2.0-107-generic-pae

3.2.0-107.148
linux-image-3.2.0-107-omap

3.2.0-107.148
linux-image-3.2.0-107-generic

3.2.0-107.148

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-3134,

CVE-2016-3961,

CVE-2016-4470,

CVE-2016-5243