Ubuntu Security Notice USN-2936-3

18th May, 2016

firefox regression

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 16.04 LTS
• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

USN-2936-1 introduced a regression in Firefox.

Software description

• firefox
  – Mozilla Open Source web browser

Details

USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue
where a device update POST request was sent every time about:preferences#sync
was shown. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)

An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2808)

Looben Yang discovered a use-after-free and buffer overflow in service
workers. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)

Sascha Just discovered a buffer overflow in libstagefright in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2814)

Muneaki Nishimura discovered that CSP is not applied correctly to web
content sent with the multipart/x-mixed-replace MIME type. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks when they would otherwise be prevented. (CVE-2016-2816)

Muneaki Nishimura discovered that the chrome.tabs.update API for web
extensions allows for navigation to javascript: URLs. A malicious
extension could potentially exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2016-2817)

Mark Goodwin discovered that about:healthreport accepts certain events
from any content present in the remote-report iframe. If another
vulnerability allowed the injection of web content in the remote-report
iframe, an attacker could potentially exploit this to change the user’s
sharing preferences. (CVE-2016-2820)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:

firefox

46.0.1+build1-0ubuntu0.16.04.2

Ubuntu 15.10:

firefox

46.0.1+build1-0ubuntu0.15.10.2

Ubuntu 14.04 LTS:

firefox

46.0.1+build1-0ubuntu0.14.04.3

Ubuntu 12.04 LTS:

firefox

46.0.1+build1-0ubuntu0.12.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 1583389

Ubuntu Security Notice USN-2950-4

18th May, 2016

samba regressions

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

USN-2950-1 introduced regressions in Samba.

Software description

• samba
  – SMB/CIFS file, print, and login server for Unix

Details

USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced
in Ubuntu 12.04 LTS caused interoperability issues. This update fixes
compatibility with certain NAS devices, and allows connecting to Samba 3.6
servers by relaxing the “client ipc signing” parameter to “auto”.

We apologize for the inconvenience.

Original advisory details:

Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a man in
the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)

Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a man in the
middle attack. (CVE-2016-2110)

Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)

Stefan Metzmacher discovered that the Samba LDAP implementation did not
enforce integrity protection. A remote attacker could use this issue to
hijack LDAP connections by performing a man in the middle attack.
(CVE-2016-2112)

Stefan Metzmacher discovered that Samba did not validate TLS certificates.
A remote attacker could use this issue to spoof a Samba server.
(CVE-2016-2113)

Stefan Metzmacher discovered that Samba did not enforce SMB signing even if
configured to. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2114)

Stefan Metzmacher discovered that Samba did not enable integrity protection
for IPC traffic. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2115)

Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and
MS-LSAD protocols. A remote attacker could use this flaw with a man in the
middle attack to impersonate users and obtain sensitive information from
the Security Account Manager database. This flaw is known as Badlock.
(CVE-2016-2118)

Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.
Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes. Configuration changes may
be required in certain environments.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

samba

2:3.6.25-0ubuntu0.12.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1574403,

LP: 1576109

Ubuntu Security Notice USN-2983-1

18th May, 2016

expat vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 16.04 LTS
• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Expat could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

• expat
  – XML parsing C library

Details

Gustavo Grieco discovered that Expat incorrectly handled malformed XML
data. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service, or
possibly execute arbitrary code. (CVE-2016-0718)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:

libexpat1

2.1.0-7ubuntu0.16.04.1

lib64expat1

2.1.0-7ubuntu0.16.04.1

Ubuntu 15.10:

libexpat1

2.1.0-7ubuntu0.15.10.1

lib64expat1

2.1.0-7ubuntu0.15.10.1

Ubuntu 14.04 LTS:

libexpat1

2.1.0-4ubuntu1.2

lib64expat1

2.1.0-4ubuntu1.2

Ubuntu 12.04 LTS:

libexpat1

2.0.1-7.2ubuntu1.3

lib64expat1

2.0.1-7.2ubuntu1.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References

CVE-2016-0718

Ubuntu Security Notice USN-2981-1

17th May, 2016

libarchive vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 16.04 LTS
• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

libarchive could be made to crash or run programs if it opened a specially
crafted file.

Software description

• libarchive
  – Library to read/write archive files

Details

It was discovered that libarchive incorrectly handled certain entry-size
values in ZIP archives. A remote attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10
and Ubuntu 16.04 LTS. (CVE-2016-1541)

It was discovered that libarchive incorrectly handled memory when
processing certain tar files. A remote attacker could use this issue to
cuase libarchive to crash, resulting in a denial of service. (CVE number
pending)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:

libarchive13

3.1.2-11ubuntu0.16.04.1

Ubuntu 15.10:

libarchive13

3.1.2-11ubuntu0.15.10.1

Ubuntu 14.04 LTS:

libarchive13

3.1.2-7ubuntu2.2

Ubuntu 12.04 LTS:

libarchive12

3.0.3-6ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1541

Ubuntu Security Notice USN-2980-1

17th May, 2016

libndp vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 16.04 LTS
• Ubuntu 15.10

Summary

libndp could be tricked into accepting an NDP message from outside the
local network.

Software description

• libndp
  – Library for Neighbor Discovery Protocol

Details

Julien Bernard discovered that libndp incorrectly performed origin checks
when receiving Neighbor Discovery Protocol (NDP) messages. A remote
attacker outside of the local network could use this issue to advertise a
node as a router, causing a denial of service, or possibly to act as a man
in the middle.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:

libndp0

1.4-2ubuntu0.16.04.1

Ubuntu 15.10:

libndp0

1.4-2ubuntu0.15.10.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-3698

Ubuntu Security Notice USN-2982-1

17th May, 2016

libksba vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 16.04 LTS
• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Libksba could be made to crash or run programs if it decoded specially
crafted data.

Software description

• libksba
  – X.509 and CMS support library

Details

Hanno Böck discovered that Libksba incorrectly handled decoding certain BER
data. An attacker could use this issue to cause Libksba to crash, resulting
in a denial of service. This issue only applied to Ubunt 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2016-4353)

Hanno Böck discovered that Libksba incorrectly handled decoding certain BER
data. An attacker could use this issue to cause Libksba to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
applied to Ubunt 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4354,
CVE-2016-4355)

Hanno Böck discovered that Libksba incorrectly handled incorrect utf-8
strings when decoding certain DN data. An attacker could use this issue to
cause Libksba to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubunt 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2016-4356)

Pascal Cuoq discovered that Libksba incorrectly handled incorrect utf-8
strings when decoding certain DN data. An attacker could use this issue to
cause Libksba to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-4574)

Pascal Cuoq discovered that Libksba incorrectly handled decoding certain
data. An attacker could use this issue to cause Libksba to crash, resulting
in a denial of service. (CVE-2016-4579)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:

libksba8

1.3.3-1ubuntu0.16.04.1

Ubuntu 15.10:

libksba8

1.3.3-1ubuntu0.15.10.1

Ubuntu 14.04 LTS:

libksba8

1.3.0-3ubuntu0.14.04.2

Ubuntu 12.04 LTS:

libksba8

1.2.0-2ubuntu0.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-4353,

CVE-2016-4354,

CVE-2016-4355,

CVE-2016-4356,

CVE-2016-4574,

CVE-2016-4579

Ubuntu Security Notice USN-2975-2

16th May, 2016

linux-lts-trusty vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

• linux-lts-trusty
  – Linux hardware enablement kernel from Trusty for Precise

Details

USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

linux-image-3.13.0-86-generic

3.13.0-86.131~precise1

linux-image-3.13.0-86-generic-lpae

3.13.0-86.131~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-trusty, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758

Ubuntu Security Notice USN-2975-1

16th May, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

• linux
  – Linux kernel

Details

Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

linux-image-3.13.0-86-powerpc64-emb

3.13.0-86.131

linux-image-3.13.0-86-generic-lpae

3.13.0-86.131

linux-image-3.13.0-86-powerpc-e500mc

3.13.0-86.131

linux-image-3.13.0-86-lowlatency

3.13.0-86.131

linux-image-3.13.0-86-powerpc64-smp

3.13.0-86.131

linux-image-3.13.0-86-generic

3.13.0-86.131

linux-image-3.13.0-86-powerpc-smp

3.13.0-86.131

linux-image-3.13.0-86-powerpc-e500

3.13.0-86.131

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758

Ubuntu Security Notice USN-2976-1

16th May, 2016

linux-lts-utopic vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

• linux-lts-utopic
  – Linux hardware enablement kernel from Utopic for Trusty

Details

Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

linux-image-3.16.0-71-powerpc-smp

3.16.0-71.92~14.04.1

linux-image-3.16.0-71-generic-lpae

3.16.0-71.92~14.04.1

linux-image-3.16.0-71-powerpc-e500mc

3.16.0-71.92~14.04.1

linux-image-3.16.0-71-lowlatency

3.16.0-71.92~14.04.1

linux-image-3.16.0-71-powerpc64-emb

3.16.0-71.92~14.04.1

linux-image-3.16.0-71-powerpc64-smp

3.16.0-71.92~14.04.1

linux-image-3.16.0-71-generic

3.16.0-71.92~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758

Ubuntu Security Notice USN-2978-1

16th May, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux
  – Linux kernel

Details

David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

linux-image-4.2.0-36-generic-lpae

4.2.0-36.42

linux-image-4.2.0-36-powerpc64-smp

4.2.0-36.42

linux-image-4.2.0-36-powerpc64-emb

4.2.0-36.42

linux-image-4.2.0-36-powerpc-smp

4.2.0-36.42

linux-image-4.2.0-36-powerpc-e500mc

4.2.0-36.42

linux-image-4.2.0-36-lowlatency

4.2.0-36.42

linux-image-4.2.0-36-generic

4.2.0-36.42

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758,

CVE-2016-3713