Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-2931-1: Linux kernel (Utopic HWE) vulnerabilities

March 15, 2016 007admin

Ubuntu Security Notice USN-2931-1

14th March, 2016

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-utopic
– Linux hardware enablement kernel from Utopic for Trusty

Details

Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)

It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)

It was discovered that a race condition existed when handling heartbeat-
timeout events in the SCTP implementation of the Linux kernel. A remote
attacker could use this to cause a denial of service. (CVE-2015-8767)

Andy Lutomirski discovered a race condition in the Linux kernel’s
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly
performed a double-free. A local attacker with physical access could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code with administrative privileges. (CVE-2016-2384)

Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)
framework did not verify that a FIFO was attached to a client before
attempting to clear it. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-2543)

Dmitry Vyukov discovered that a race condition existed in the Advanced
Linux Sound Architecture (ALSA) framework between timer setup and closing
of the client, resulting in a use-after-free. A local attacker could use
this to cause a denial of service. (CVE-2016-2544)

Dmitry Vyukov discovered a race condition in the timer handling
implementation of the Advanced Linux Sound Architecture (ALSA) framework,
resulting in a use-after-free. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-2545)

Dmitry Vyukov discovered race conditions in the Advanced Linux Sound
Architecture (ALSA) framework’s timer ioctls leading to a use-after-free. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2016-2546)

Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)
framework’s handling of high resolution timers did not properly manage its
data structures. A local attacker could use this to cause a denial of
service (system hang or crash) or possibly execute arbitrary code.
(CVE-2016-2547, CVE-2016-2548)

Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)
framework’s handling of high resolution timers could lead to a deadlock
condition. A local attacker could use this to cause a denial of service
(system hang). (CVE-2016-2549)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.16.0-67-powerpc-smp

3.16.0-67.87~14.04.1; linux-image-3.16.0-67-powerpc64-smp

3.16.0-67.87~14.04.1; linux-image-3.16.0-67-generic

3.16.0-67.87~14.04.1; linux-image-3.16.0-67-powerpc-e500mc

3.16.0-67.87~14.04.1; linux-image-3.16.0-67-generic-lpae

3.16.0-67.87~14.04.1; linux-image-3.16.0-67-lowlatency

3.16.0-67.87~14.04.1; linux-image-3.16.0-67-powerpc64-emb

3.16.0-67.87~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

Ubuntu

USN-2929-2: Linux kernel (Trusty HWE) vulnerabilities

March 15, 2016 007admin

Ubuntu Security Notice USN-2929-2

14th March, 2016

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-trusty
– Linux hardware enablement kernel from Trusty for Precise

Details

Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly sanity check the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly sanity check the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)

It was discovered that a race condition existed in the ioctl handler for
the TTY driver in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information.
(CVE-2016-0723)

Ralf Spenneberg discovered that the USB driver for Treo devices in the
Linux kernel did not properly sanity check the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2016-2782)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.13.0-83-generic-lpae

3.13.0-83.127~precise1; linux-image-3.13.0-83-generic

3.13.0-83.127~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities

March 15, 2016 007admin

Ubuntu Security Notice USN-2932-1

14th March, 2016

linux-lts-vivid vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-vivid
– Linux hardware enablement kernel from Vivid for Trusty

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.19.0-56-powerpc-smp

3.19.0-56.62~14.04.1; linux-image-3.19.0-56-generic-lpae

3.19.0-56.62~14.04.1; linux-image-3.19.0-56-powerpc-e500mc

3.19.0-56.62~14.04.1; linux-image-3.19.0-56-lowlatency

3.19.0-56.62~14.04.1; linux-image-3.19.0-56-powerpc64-smp

3.19.0-56.62~14.04.1; linux-image-3.19.0-56-powerpc64-emb

3.19.0-56.62~14.04.1; linux-image-3.19.0-56-generic

3.19.0-56.62~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2929-1: Linux kernel vulnerabilities

March 15, 2016 007admin

Ubuntu Security Notice USN-2929-1

14th March, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.13.0-83-powerpc-smp

3.13.0-83.127; linux-image-3.13.0-83-powerpc-e500

3.13.0-83.127; linux-image-3.13.0-83-generic-lpae

3.13.0-83.127; linux-image-3.13.0-83-powerpc-e500mc

3.13.0-83.127; linux-image-3.13.0-83-lowlatency

3.13.0-83.127; linux-image-3.13.0-83-powerpc64-smp

3.13.0-83.127; linux-image-3.13.0-83-powerpc64-emb

3.13.0-83.127; linux-image-3.13.0-83-generic

3.13.0-83.127

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2933-1: Exim vulnerabilities

March 15, 2016 007admin

Ubuntu Security Notice USN-2933-1

15th March, 2016

exim4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Exim.

Software description

exim4
– Exim is a mail transport agent

Details

It was discovered that Exim incorrectly filtered environment variables when
used with the perl_startup configuration option. If the perl_startup option
was enabled, a local attacker could use this issue to escalate their
privileges to the root user. This issue has been fixed by having Exim clean
the complete execution environment by default on startup, including any
subprocesses such as transports that call other programs. This change in
behaviour may break existing installations and can be adjusted by using two
new configuration options, keep_environment and add_environment.
(CVE-2016-1531)

Patrick William discovered that Exim incorrectly expanded mathematical
comparisons twice. A local attacker could possibly use this issue to
perform arbitrary file operations as the Exim user. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2972)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: exim4-daemon-heavy

4.86-3ubuntu1.1; exim4-daemon-light

4.86-3ubuntu1.1
Ubuntu 14.04 LTS:: exim4-daemon-heavy

4.82-3ubuntu2.1; exim4-daemon-custom

4.82-3ubuntu2.1; exim4-daemon-light

4.82-3ubuntu2.1
Ubuntu 12.04 LTS:: exim4-daemon-heavy

4.76-3ubuntu3.3; exim4-daemon-custom

4.76-3ubuntu3.3; exim4-daemon-light

4.76-3ubuntu3.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update introduces environment filtering, which may break certain
existing installations. After performing a standard system update, the new
keep_environment and add_environment configurations options can be used
to adjust the new behaviour.

References

CVE-2014-2972,

CVE-2016-1531

Ubuntu

USN-2920-1: Oxide vulnerabilities

March 11, 2016 007admin

Ubuntu Security Notice USN-2920-1

10th March, 2016

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt
– Web browser engine for Qt (QML plugin)

Details

It was discovered that the ContainerNode::parserRemoveChild function in
Blink mishandled widget updates in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2016-1630)

It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun
function in Chromium mishandled nested message loops. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2016-1631)

Multiple use-after-frees were discovered in Blink. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via renderer crash or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2016-1633, CVE-2016-1634, CVE-2016-1644)

It was discovered that the PendingScript::notifyFinished function in
Blink relied on memory-cache information about integrity-check occurrences
instead of integrity-check successes. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
bypass Subresource Integrity (SRI) protections. (CVE-2016-1636)

It was discovered that the SkATan2_255 function in Skia mishandled
arctangent calculations. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-1637)

A use-after-free was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2016-1641)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1642)

A type-confusion bug was discovered in Blink. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2016-1643)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-2843)

An invalid cast was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2016-2844)

It was discovered that the Content Security Policy (CSP) implementation in
Blink did not ignore a URL’s path component in the case of a ServiceWorker
fetch. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to obtain sensitive
information. (CVE-2016-2845)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: liboxideqtcore0

1.13.6-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0

1.13.6-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2926-1: OTR vulnerability

March 11, 2016 007admin

Ubuntu Security Notice USN-2926-1

10th March, 2016

libotr vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

OTR could be made to crash or run programs if it received specially crafted
network traffic.

Software description

libotr
– Off-the-Record Messaging library

Details

Markus Vervier discovered that OTR incorrectly handled large incoming
messages. A remote attacker could use this issue to cause OTR to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: libotr2

3.2.0-4ubuntu0.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart OTR applications to
make all the necessary changes

References

CVE-2016-2851

Ubuntu

USN-2924-1: NSS vulnerability

March 10, 2016 007admin

Ubuntu Security Notice USN-2924-1

9th March, 2016

nss vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

NSS could be made to crash or run programs if it received specially crafted
input.

Software description

nss
– Network Security Service library

Details

Francis Gabriel discovered that NSS incorrectly handled decoding certain
ASN.1 data. An remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: libnss3

2:3.21-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:: libnss3

2:3.21-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:: libnss3

2:3.21-0ubuntu0.12.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References

CVE-2016-1950

Ubuntu

USN-2917-1: Firefox vulnerabilities

March 10, 2016 007admin

Ubuntu Security Notice USN-2917-1

9th March, 2016

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

firefox
– Mozilla Open Source web browser

Details

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1952,
CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website with addon signing disabled and unpacked addons installed,
an attacker could potentially exploit this to gain additional privileges.
(CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full
paths for cross-origin iframe navigations. An attacker could potentially
exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations
resulted in memory resource exhaustion with some Intel GPUs, requiring
a reboot. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or
filled with page defined content in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1961)

Dominique Hazaël-Massieux discovered a use-after-free when using multiple
WebRTC data channels. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified
whilst being read by the FileReader API. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1963)

Nicolas Grégoire discovered a use-after-free during XML transformations.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to display
an incorrect URL, using history navigations and the Location protocol
property. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct URL
spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. If
a user were tricked in to opening a specially crafted website with a
malicious plugin installed, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using
performance.getEntries and history navigation with session restore. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,
CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: firefox

45.0+build2-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: firefox

45.0+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:: firefox

45.0+build2-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

Ubuntu

USN-2925-1: Bind vulnerabilities

March 10, 2016 007admin

Ubuntu Security Notice USN-2925-1

9th March, 2016

bind9 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Bind could be made to crash if it received specially crafted network
traffic.

Software description

bind9
– Internet Domain Name Server

Details

It was discovered that Bind incorrectly handled input received by the rndc
control channel. A remote attacker could possibly use this issue to cause
Bind to crash, resulting in a denial of service. (CVE-2016-1285)

It was discovered that Bind incorrectly parsed resource record signatures
for DNAME resource records. A remote attacker could possibly use this issue
to cause Bind to crash, resulting in a denial of service. (CVE-2016-1286)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: bind9

1:9.9.5.dfsg-11ubuntu1.3
Ubuntu 14.04 LTS:: bind9

1:9.9.5.dfsg-3ubuntu0.8
Ubuntu 12.04 LTS:: bind9

1:9.8.1.dfsg.P1-4ubuntu0.16

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1285,

CVE-2016-1286

Ubuntu Security Notice USN-2931-1

linux-lts-utopic vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2929-2

linux-lts-trusty vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2932-1

linux-lts-vivid vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2929-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2933-1

exim4 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2920-1

oxide-qt vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2926-1

libotr vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2924-1

nss vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2917-1

firefox vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2925-1

bind9 vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information