Ubuntu Security Notice USN-2726-1

31st August, 2015

expat vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Expat could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

• expat
  – XML parsing C library

Details

It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

libexpat1

2.1.0-6ubuntu1.1

lib64expat1

2.1.0-6ubuntu1.1

Ubuntu 14.04 LTS:

libexpat1

2.1.0-4ubuntu1.1

lib64expat1

2.1.0-4ubuntu1.1

Ubuntu 12.04 LTS:

libexpat1

2.0.1-7.2ubuntu1.2

lib64expat1

2.0.1-7.2ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References

CVE-2015-1283

Ubuntu Security Notice USN-2727-1

1st September, 2015

gnutls28 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04

Summary

GnuTLS could be made to crash or run programs if it processed a specially
crafted certificate.

Software description

• gnutls28
  – GNU TLS library

Details

It was discovered that GnuTLS incorrectly handled parsing CRL distribution
points. A remote attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code. (CVE-2015-3308)

Kurt Roeckx discovered that GnuTLS incorrectly handled a long
DistinguishedName (DN) entry in a certificate. A remote attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code. (CVE-2015-6251)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

libgnutls-deb0-28

3.3.8-3ubuntu3.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-3308,

CVE-2015-6251

Ubuntu Security Notice USN-2723-1

27th August, 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

• firefox
  – Mozilla Open Source web browser

Details

A use-after-free was discovered when resizing a canvas element during
restyling in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-4497)

Bas Venis discovered that the addon install permission prompt could be
bypassed using data: URLs in some circumstances. It was also discovered
that the installation notification could be made to appear over another
site. If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to install a malicious addon.
(CVE-2015-4498)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

firefox

40.0.3+build1-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:

firefox

40.0.3+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

firefox

40.0.3+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2015-4497,

CVE-2015-4498

Ubuntu Security Notice USN-2725-1

27th August, 2015

cups-filters vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04

Summary

cups-filters would allow unintended access to printers over the network.

Software description

• cups-filters
  – OpenPrinting CUPS Filters

Details

Seth Arnold discovered that ippusbxd in the cups-filters package would
incorrectly listen to all configured network interfaces. A remote attacker
could use this issue to possibly access locally-connected printers.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

cups-filters-ippusbxd

1.0.67-0ubuntu2.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-6520

Ubuntu Security Notice USN-2724-1

27th August, 2015

qemu, qemu-kvm vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in QEMU.

Software description

• qemu
  – Machine emulator and virtualizer

• qemu-kvm
  – Machine emulator and virtualizer

Details

It was discovered that QEMU incorrectly handled a PRDT with zero complete
sectors in the IDE functionality. A malicious guest could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9718)

Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver.
A malicious guest could possibly use this issue to read sensitive
information from arbitrary host memory. (CVE-2015-5165)

Donghai Zhu discovered that QEMU incorrectly handled unplugging emulated
block devices. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile. This
issue only affected Ubuntu 15.04. (CVE-2015-5166)

Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory
in the VNC display driver. A malicious guest could use this issue to cause
a denial of service, or possibly execute arbitrary code on the host as the
user running the QEMU process. In the default installation, when QEMU is
used with libvirt, attackers would be isolated by the libvirt AppArmor
profile. This issue only affected Ubuntu 15.04. (CVE-2015-5225)

It was discovered that QEMU incorrectly handled the virtio-serial device.
A malicious guest could use this issue to cause a denial of service, or
possibly execute arbitrary code on the host as the user running the QEMU
process. In the default installation, when QEMU is used with libvirt,
attackers would be isolated by the libvirt AppArmor profile. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-5745)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

qemu-system-misc

1:2.2+dfsg-5expubuntu9.4

qemu-system

1:2.2+dfsg-5expubuntu9.4

qemu-system-aarch64

1:2.2+dfsg-5expubuntu9.4

qemu-system-x86

1:2.2+dfsg-5expubuntu9.4

qemu-system-sparc

1:2.2+dfsg-5expubuntu9.4

qemu-system-arm

1:2.2+dfsg-5expubuntu9.4

qemu-system-ppc

1:2.2+dfsg-5expubuntu9.4

qemu-system-mips

1:2.2+dfsg-5expubuntu9.4

Ubuntu 14.04 LTS:

qemu-system-misc

2.0.0+dfsg-2ubuntu1.17

qemu-system

2.0.0+dfsg-2ubuntu1.17

qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.17

qemu-system-x86

2.0.0+dfsg-2ubuntu1.17

qemu-system-sparc

2.0.0+dfsg-2ubuntu1.17

qemu-system-arm

2.0.0+dfsg-2ubuntu1.17

qemu-system-ppc

2.0.0+dfsg-2ubuntu1.17

qemu-system-mips

2.0.0+dfsg-2ubuntu1.17

Ubuntu 12.04 LTS:

qemu-kvm

1.0+noroms-0ubuntu14.24

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

CVE-2014-9718,

CVE-2015-5165,

CVE-2015-5166,

CVE-2015-5225,

CVE-2015-5745

Ubuntu Security Notice USN-2722-1

26th August, 2015

gdk-pixbuf vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

GDK-PixBuf could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

• gdk-pixbuf
  – GDK Pixbuf library

Details

Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling
bitmap images. If a user or automated system were tricked into opening a
BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf
to crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

libgdk-pixbuf2.0-0

2.31.3-1ubuntu0.1

Ubuntu 14.04 LTS:

libgdk-pixbuf2.0-0

2.30.7-0ubuntu1.1

Ubuntu 12.04 LTS:

libgdk-pixbuf2.0-0

2.26.1-1ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2015-4491

Ubuntu Security Notice USN-2712-1

25th August, 2015

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird
  – Mozilla Open Source mail and newsgroup client

Details

Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473)

Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted message, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Thunderbird. (CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489)

Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the priviliges of the user invoking
Thunderbird. (CVE-2015-4491)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

thunderbird

1:38.2.0+build1-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:

thunderbird

1:38.2.0+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

thunderbird

1:38.2.0+build1-0ubuntu0.12.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2015-4473,

CVE-2015-4487,

CVE-2015-4488,

CVE-2015-4489,

CVE-2015-4491

Ubuntu Security Notice USN-2702-3

20th August, 2015

firefox regression

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

USN-2702-1 introduced a regression in Firefox.

Software description

• firefox
  – Mozilla Open Source web browser

Details

USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users
in the US reported that their default search engine switched to Yahoo.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)

Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4475)

A use-after-free was discovered during MediaStream playback in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
priviliges of the user invoking Firefox. (CVE-2015-4477)

André Bargull discovered that non-configurable properties on javascript
objects could be redefined when parsing JSON. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions. (CVE-2015-4478)

Multiple integer overflows were discovered in libstagefright. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)

Jukka Jylänki discovered a crash that occurs because javascript does not
properly gate access to Atomics or SharedArrayBuffers in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-4484)

Abhishek Arya discovered 2 buffer overflows in libvpx when decoding
malformed WebM content in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4485, CVE-2015-4486)

Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489)

Christoph Kerschbaumer discovered an issue with Mozilla’s implementation
of Content Security Policy (CSP), which could allow for a more permissive
usage in some cirucumstances. An attacker could potentially exploit this
to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)

Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the priviliges of the user invoking
Firefox. (CVE-2015-4491)

Looben Yang discovered a use-after-free when using XMLHttpRequest with
shared workers in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary code
with the priviliges of the user invoking Firefox. (CVE-2015-4492)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

firefox

40.0+build4-0ubuntu0.15.04.4

Ubuntu 14.04 LTS:

firefox

40.0+build4-0ubuntu0.14.04.4

Ubuntu 12.04 LTS:

firefox

40.0+build4-0ubuntu0.12.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 1485741

Ubuntu Security Notice USN-2721-1

20th August, 2015

subversion vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Subversion.

Software description

• subversion
  – Advanced version control system

Details

It was discovered that the Subversion mod_dav_svn module incorrectly
handled REPORT requests for a resource that does not exist. A remote
attacker could use this issue to cause the server to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-3580)

It was discovered that the Subversion mod_dav_svn module incorrectly
handled requests requiring a lookup for a virtual transaction name that
does not exist. A remote attacker could use this issue to cause the server
to crash, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS. (CVE-2014-8108)

Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly
handled large numbers of REPORT requests. A remote attacker could use this
issue to cause the server to crash, resulting in a denial of service. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)

Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve
modules incorrectly certain crafted parameter combinations. A remote
attacker could use this issue to cause the server to crash, resulting in a
denial of service. (CVE-2015-0248)

Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly
handled crafted v1 HTTP protocol request sequences. A remote attacker could
use this issue to spoof the svn:author property. (CVE-2015-0251)

C. Michael Pilato discovered that the Subversion mod_dav_svn module
incorrectly restricted anonymous access. A remote attacker could use this
issue to read hidden files via the path name. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)

C. Michael Pilato discovered that Subversion incorrectly handled path-based
authorization. A remote attacker could use this issue to obtain sensitive
path information. (CVE-2015-3187)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

subversion

1.8.10-5ubuntu1.1

libapache2-svn

1.8.10-5ubuntu1.1

libsvn1

1.8.10-5ubuntu1.1

Ubuntu 14.04 LTS:

subversion

1.8.8-1ubuntu3.2

libapache2-svn

1.8.8-1ubuntu3.2

libsvn1

1.8.8-1ubuntu3.2

Ubuntu 12.04 LTS:

subversion

1.6.17dfsg-3ubuntu3.5

libapache2-svn

1.6.17dfsg-3ubuntu3.5

libsvn1

1.6.17dfsg-3ubuntu3.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3580,

CVE-2014-8108,

CVE-2015-0202,

CVE-2015-0248,

CVE-2015-0251,

CVE-2015-3184,

CVE-2015-3187

Ubuntu Security Notice USN-2720-1

18th August, 2015

python-django vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Django could be made to crash if it received specially crafted network
traffic.

Software description

• python-django
  – High-level Python web development framework

Details

Lin Hua Cheng discovered that Django incorrectly handled the session store.
A remote attacker could use this issue to cause the session store to fill
up, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

python3-django

1.7.6-1ubuntu2.2

python-django

1.7.6-1ubuntu2.2

Ubuntu 14.04 LTS:

python-django

1.6.1-2ubuntu0.10

Ubuntu 12.04 LTS:

python-django

1.3.1-4ubuntu1.18

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-5963,

CVE-2015-5964