Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-3006-1: Linux kernel vulnerabilities

June 10, 2016 007admin

Ubuntu Security Notice USN-3006-1

10th June, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)

Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)

Multiple race conditions where discovered in the Linux kernel’s ext4 file
system. A local user could exploit this flaw to cause a denial of service
(disk corruption) by writing to a page that is associated with a different
users file after unsynchronized hole punching and page-fault handling.
(CVE-2015-8839)

Ralf Spenneberg discovered that the Linux kernel’s GTCO digitizer USB
device driver did not properly validate endpoint descriptors. An attacker
with physical access could use this to cause a denial of service (system
crash). (CVE-2016-2187)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress
hugetlbfs support in X86 paravirtualized guests. An attacker in the guest
OS could cause a denial of service (guest system crash). (CVE-2016-3961)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2
Support implementations in the Linux kernel. A local attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink socket
interface (rtnetlink) implementation in the Linux kernel. A local attacker
could use this to obtain potentially sensitive information from kernel
memory. (CVE-2016-4486)

Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel could overflow reference counters on
systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to
infinite. A local unprivileged attacker could use to create a use-after-
free situation, causing a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-4558)

Jann Horn discovered that the InfiniBand interfaces within the Linux kernel
could be coerced into overwriting kernel memory. A local unprivileged
attacker could use this to possibly gain administrative privileges on
systems where InifiniBand related kernel modules are loaded.
(CVE-2016-4565)

It was discovered that in some situations the Linux kernel did not handle
propagated mounts correctly. A local unprivileged attacker could use this
to cause a denial of service (system crash). (CVE-2016-4581)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: linux-image-4.4.0-24-generic

4.4.0-24.43; linux-image-4.4.0-24-powerpc-e500mc

4.4.0-24.43; linux-image-4.4.0-24-powerpc64-emb

4.4.0-24.43; linux-image-4.4.0-24-generic-lpae

4.4.0-24.43; linux-image-4.4.0-24-powerpc-smp

4.4.0-24.43; linux-image-4.4.0-24-powerpc64-smp

4.4.0-24.43; linux-image-4.4.0-24-lowlatency

4.4.0-24.43

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

Ubuntu

USN-3005-1: Linux kernel (Xenial HWE) vulnerabilities

June 10, 2016 007admin

Ubuntu Security Notice USN-3005-1

10th June, 2016

linux-lts-xenial vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-xenial
– Linux hardware enablement kernel from Xenial for Trusty

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-4.4.0-24-generic

4.4.0-24.43~14.04.1; linux-image-4.4.0-24-powerpc-e500mc

4.4.0-24.43~14.04.1; linux-image-4.4.0-24-powerpc-smp

4.4.0-24.43~14.04.1; linux-image-4.4.0-24-generic-lpae

4.4.0-24.43~14.04.1; linux-image-4.4.0-24-powerpc64-emb

4.4.0-24.43~14.04.1; linux-image-4.4.0-24-powerpc64-smp

4.4.0-24.43~14.04.1; linux-image-4.4.0-24-lowlatency

4.4.0-24.43~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-3008-1: Linux kernel (Qualcomm Snapdragon) vulnerability

June 10, 2016 007admin

Ubuntu Security Notice USN-3008-1

10th June, 2016

linux-snapdragon vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

linux-snapdragon
– Linux kernel for Snapdragon Processors

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: linux-image-4.4.0-1015-snapdragon

4.4.0-1015.18

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-1583

Ubuntu

USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities

June 10, 2016 007admin

Ubuntu Security Notice USN-3007-1

10th June, 2016

linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-raspi2
– Linux kernel for Raspberry Pi 2

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: linux-image-4.4.0-1012-raspi2

4.4.0-1012.16

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2995-1: Squid vulnerabilities

June 9, 2016 007admin

Ubuntu Security Notice USN-2995-1

9th June, 2016

squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Squid.

Software description

squid3
– Web proxy cache server

Details

Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly
handled certain ICMPv6 packets. A remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly cause
Squid to leak information into log files. (CVE-2016-3947)

Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectly
handled certain crafted data. A remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-4051)

It was discovered that Squid incorrectly handled certain Edge Side Includes
(ESI) responses. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054)

Jianjun Chen discovered that Squid did not correctly ignore the Host header
when absolute-URI is provided. A remote attacker could possibly use this
issue to conduct cache-poisoning attacks. This issue only affected Ubuntu
14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4553)

Jianjun Chen discovered that Squid incorrectly handled certain HTTP Host
headers. A remote attacker could possibly use this issue to conduct
cache-poisoning attacks. (CVE-2016-4554)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: squid-cgi

3.5.12-1ubuntu7.2; squid3

3.5.12-1ubuntu7.2
Ubuntu 15.10:: squid-cgi

3.3.8-1ubuntu16.3; squid3

3.3.8-1ubuntu16.3
Ubuntu 14.04 LTS:: squid-cgi

3.3.8-1ubuntu6.8; squid3

3.3.8-1ubuntu6.8
Ubuntu 12.04 LTS:: squid-cgi

3.1.19-1ubuntu3.12.04.7; squid3

3.1.19-1ubuntu3.12.04.7

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2993-1: Firefox vulnerabilities

June 9, 2016 007admin

Ubuntu Security Notice USN-2993-1

9th June, 2016

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

firefox
– Mozilla Open Source web browser

Details

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph
Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)

A buffer overflow was discovered when parsing HTML5 fragments in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2819)

A use-after-free was discovered in contenteditable mode in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2821)

Jordi Chancel discovered a way to use a persistent menu within a <select>
element and place this in an arbitrary location. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to spoof the addressbar contents. (CVE-2016-2822)

Armin Razmdjou that the location.host property can be set to an arbitrary
string after creating an invalid data: URI. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass some same-origin protections. (CVE-2016-2825)

A use-after-free was discovered when processing WebGL content in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2828)

Tim McCormack discovered that the permissions notification can show the
wrong icon when a page requests several permissions in quick succession.
An attacker could potentially exploit this by tricking the user in to
giving consent for access to the wrong resource. (CVE-2016-2829)

It was discovered that a pointerlock can be created in a fullscreen
window without user consent in some circumstances, and this pointerlock
cannot be cancelled without quitting Firefox. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service or conduct clickjacking attacks.
(CVE-2016-2831)

John Schoenick discovered that CSS pseudo-classes can leak information
about plugins that are installed but disabled. An attacker could
potentially exploit this to fingerprint users. (CVE-2016-2832)

Matt Wobensmith discovered that Content Security Policy (CSP) does not
block the loading of cross-domain Java applets when specified by policy.
An attacker could potentially exploit this to bypass CSP protections and
conduct cross-site scripting (XSS) attacks. (CVE-2016-2833)

In addition, multiple unspecified security issues were discovered in NSS.
(CVE-2016-2834)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: firefox

47.0+build3-0ubuntu0.16.04.1
Ubuntu 15.10:: firefox

47.0+build3-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: firefox

47.0+build3-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:: firefox

47.0+build3-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

Ubuntu

USN-2992-1: Oxide vulnerabilities

June 6, 2016 007admin

Ubuntu Security Notice USN-2992-1

6th June, 2016

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt
– Web browser engine for Qt (QML plugin)

Details

An unspecified security issue was discovered in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2016-1673)

An issue was discovered with Document reattachment in Blink in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2016-1675)

A type confusion bug was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to obtain sensitive information. (CVE-2016-1677)

A heap overflow was discovered in V8. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service (application crash) or execute arbitrary code.
(CVE-2016-1678)

A use-after-free was discovered in the V8ValueConverter implementation in
Chromium in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service (application crash) or execute arbitrary code.
(CVE-2016-1679)

A use-after-free was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service (application crash) or execute arbitrary
code. (CVE-2016-1680)

A security issue was discovered in ServiceWorker registration in Blink in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to bypass
Content Security Policy (CSP) protections. (CVE-2016-1682)

An out-of-bounds memory access was discovered in libxslt. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service (application crash)
or execute arbitrary code. (CVE-2016-1683)

An integer overflow was discovered in libxslt. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service (application crash or resource
consumption). (CVE-2016-1684)

An out-of-bounds read was discovered in the regular expression
implementation in V8. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service (application crash). (CVE-2016-1688)

A heap overflow was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service (application crash) or execute arbitrary
code. (CVE-2016-1689)

A heap overflow was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service (application crash) or execute arbitrary
code. (CVE-2016-1691)

It was discovered that Blink permits cross-origin loading of stylesheets
by a service worker even when the stylesheet download has an incorrect
MIME type. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2016-1692)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service (application crash) or execute arbitrary code. (CVE-2016-1695,
CVE-2016-1703)

It was discovered that Blink does not prevent frame navigation during
DocumentLoader detach operations. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass same-origin restrictions. (CVE-2016-1697)

A parameter sanitization bug was discovered in the devtools subsystem in
Blink. An attacker could potentially exploit this to bypass intended
access restrictions. (CVE-2016-1699)

An out-of-bounds read was discovered in Skia. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service (application crash).
(CVE-2016-1702)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: liboxideqtcore0

1.15.7-0ubuntu0.16.04.1
Ubuntu 15.10:: liboxideqtcore0

1.15.7-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0

1.15.7-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2994-1: libxml2 vulnerabilities

June 6, 2016 007admin

Ubuntu Security Notice USN-2994-1

6th June, 2016

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in libxml2.

Software description

libxml2
– GNOME XML library

Details

It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)

It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-1762, CVE-2016-1834)

Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)

Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1835, CVE-2016-1837)

Kostya Serebryany discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1840)

It was discovered that libxml2 would load certain XML external entities. If
a user or automated system were tricked into opening a specially crafted
document, an attacker could possibly obtain access to arbitrary files or
cause resource consumption. (CVE-2016-4449)

Gustavo Grieco discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could possibly cause
libxml2 to crash, resulting in a denial of service. (CVE-2016-4483)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: libxml2

2.9.3+dfsg1-1ubuntu0.1
Ubuntu 15.10:: libxml2

2.9.2+zdfsg1-4ubuntu0.4
Ubuntu 14.04 LTS:: libxml2

2.9.1+dfsg1-3ubuntu4.8
Ubuntu 12.04 LTS:: libxml2

2.7.8.dfsg-5.1ubuntu4.15

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2990-1: ImageMagick vulnerabilities

June 2, 2016 007admin

Ubuntu Security Notice USN-2990-1

2nd June, 2016

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in ImageMagick.

Software description

imagemagick
– Image manipulation programs and library

Details

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly
sanitized untrusted input. A remote attacker could use these issues to
execute arbitrary code. These issues are known as “ImageTragick”. This
update disables problematic coders via the /etc/ImageMagick-6/policy.xml
configuration file. In certain environments the coders may need to be
manually re-enabled after making sure that ImageMagick does not process
untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716,
CVE-2016-3717, CVE-2016-3718)

Bob Friesenhahn discovered that ImageMagick allowed injecting commands via
an image file or filename. A remote attacker could use this issue to
execute arbitrary code. (CVE-2016-5118)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: libmagick++-6.q16-5v5

8:6.8.9.9-7ubuntu5.1; imagemagick-common

8:6.8.9.9-7ubuntu5.1; imagemagick

8:6.8.9.9-7ubuntu5.1; imagemagick-6.q16

8:6.8.9.9-7ubuntu5.1; libmagickcore-6.q16-2

8:6.8.9.9-7ubuntu5.1
Ubuntu 15.10:: libmagick++-6.q16-5v5

8:6.8.9.9-5ubuntu2.1; imagemagick-common

8:6.8.9.9-5ubuntu2.1; imagemagick

8:6.8.9.9-5ubuntu2.1; imagemagick-6.q16

8:6.8.9.9-5ubuntu2.1; libmagickcore-6.q16-2

8:6.8.9.9-5ubuntu2.1
Ubuntu 14.04 LTS:: libmagick++5

8:6.7.7.10-6ubuntu3.1; imagemagick-common

8:6.7.7.10-6ubuntu3.1; libmagickcore5

8:6.7.7.10-6ubuntu3.1; imagemagick

8:6.7.7.10-6ubuntu3.1
Ubuntu 12.04 LTS:: imagemagick-common

8:6.6.9.7-5ubuntu3.4; libmagickcore4

8:6.6.9.7-5ubuntu3.4; imagemagick

8:6.6.9.7-5ubuntu3.4; libmagick++4

8:6.6.9.7-5ubuntu3.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2991-1: nginx vulnerability

June 2, 2016 007admin

Ubuntu Security Notice USN-2991-1

2nd June, 2016

nginx vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

nginx could be made to crash if it received specially crafted network
traffic.

Software description

nginx
– small, powerful, scalable web/proxy server

Details

It was discovered that nginx incorrectly handled saving client request
bodies to temporary files. A remote attacker could possibly use this issue
to cause nginx to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: nginx-extras

1.10.0-0ubuntu0.16.04.2; nginx-full

1.10.0-0ubuntu0.16.04.2; nginx-core

1.10.0-0ubuntu0.16.04.2; nginx-light

1.10.0-0ubuntu0.16.04.2
Ubuntu 15.10:: nginx-extras

1.9.3-1ubuntu1.2; nginx-full

1.9.3-1ubuntu1.2; nginx-core

1.9.3-1ubuntu1.2; nginx-light

1.9.3-1ubuntu1.2
Ubuntu 14.04 LTS:: nginx-extras

1.4.6-1ubuntu3.5; nginx-full

1.4.6-1ubuntu3.5; nginx-core

1.4.6-1ubuntu3.5; nginx-light

1.4.6-1ubuntu3.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-4450

Ubuntu Security Notice USN-3006-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3005-1

linux-lts-xenial vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3008-1

linux-snapdragon vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3007-1

linux-raspi2 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2995-1

squid3 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2993-1

firefox vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2992-1

oxide-qt vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2994-1

libxml2 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2990-1

imagemagick vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2991-1

nginx vulnerability

Summary

Software description

Details

Update instructions

References

Software and Security Information