Ubuntu Security Notice USN-2581-1

28th April, 2015

network-manager vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu (vivid)
• Ubuntu 14.10
• Ubuntu 14.04 LTS

Summary

NetworkManager would allow unintended access to files and modem device
configuration.

Software description

• network-manager
  – Network connection manager

Details

Tavis Ormandy discovered that NetworkManager incorrectly filtered paths
when requested to read modem device contexts. A local attacker could
possibly use this issue to bypass privileges and manipulate modem device
configuration or read arbitrary files.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu (vivid):

network-manager

0.9.10.0-4ubuntu15.1

Ubuntu 14.10:

network-manager

0.9.8.8-0ubuntu28.1

Ubuntu 14.04 LTS:

network-manager

0.9.8.8-0ubuntu7.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-1322

Ubuntu Security Notice USN-2578-1

27th April, 2015

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

• libreoffice
  – Office productivity suite

Details

Alexander Cherepanov discovered that LibreOffice incorrectly handled
certain RTF files. If a user were tricked into opening a specially crafted
RTF document, a remote attacker could cause LibreOffice to crash, and
possibly execute arbitrary code. (CVE-2014-9093)

It was discovered that LibreOffice incorrectly handled certain HWP files.
If a user were tricked into opening a specially crafted HWP document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2015-1774)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

libreoffice-core

1:4.3.7~rc2-0ubuntu1

Ubuntu 14.04 LTS:

libreoffice-core

1:4.2.8-0ubuntu2

Ubuntu 12.04 LTS:

libreoffice-core

1:3.5.7-0ubuntu8

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

CVE-2014-9093,

CVE-2015-1774

Ubuntu Security Notice USN-2570-1

27th April, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu (vivid)
• Ubuntu 14.10
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

• oxide-qt
  – Web browser engine library for Qt (QML plugin)

Details

An issue was discovered in the HTML parser in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1235)

An issue was discovered in the Web Audio API implementation in Blink. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1236)

A use-after-free was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2015-1237)

An out-of-bounds write was discovered in Skia. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2015-1238)

An out-of-bounds read was discovered in the WebGL implementation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash. (CVE-2015-1240)

An issue was discovered with the interaction of page navigation and touch
event handling. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct
“tap jacking” attacks. (CVE-2015-1241)

A type confusion bug was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2015-1242)

It was discovered that websocket connections were not upgraded whenever a
HSTS policy is active. A remote attacker could potentially exploit this
to conduct a man in the middle (MITM) attack. (CVE-2015-1244)

An out-of-bounds read was discovered in Blink. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash.
(CVE-2015-1246)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1249)

A use-after-free was discovered in the file picker implementation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking the program. (CVE-2015-1321)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-3333)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu (vivid):

liboxideqtcore0

1.6.5-0ubuntu0.15.04.1

oxideqt-codecs

1.6.5-0ubuntu0.15.04.1

oxideqt-codecs-extra

1.6.5-0ubuntu0.15.04.1

Ubuntu 14.10:

liboxideqtcore0

1.6.5-0ubuntu0.14.10.1

oxideqt-codecs

1.6.5-0ubuntu0.14.10.1

oxideqt-codecs-extra

1.6.5-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

liboxideqtcore0

1.6.5-0ubuntu0.14.04.1

oxideqt-codecs

1.6.5-0ubuntu0.14.04.1

oxideqt-codecs-extra

1.6.5-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1235,

CVE-2015-1236,

CVE-2015-1237,

CVE-2015-1238,

CVE-2015-1240,

CVE-2015-1241,

CVE-2015-1242,

CVE-2015-1244,

CVE-2015-1246,

CVE-2015-1249,

CVE-2015-1321,

CVE-2015-3333

Ubuntu Security Notice USN-2580-1

27th April, 2015

tcpdump vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

tcpdump could be made to crash or run programs if it received specially
crafted network traffic.

Software description

• tcpdump
  – command-line network traffic analyzer

Details

It was discovered that tcpdump incorrectly handled printing certain
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, or possibly execute arbitrary code.

In the default installation, attackers would be isolated by the tcpdump
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

tcpdump

4.6.2-1ubuntu1.2

Ubuntu 14.04 LTS:

tcpdump

4.5.1-2ubuntu1.2

Ubuntu 12.04 LTS:

tcpdump

4.2.1-1ubuntu2.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-0261,

CVE-2015-2153,

CVE-2015-2154,

CVE-2015-2155

Ubuntu Security Notice USN-2579-1

27th April, 2015

autofs vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10

Summary

autofs could be made to run programs as an administrator if program maps
were configured.

Software description

• autofs
  – kernel-based automounter for Linux

Details

It was discovered that autofs incorrectly filtered environment variables
when using program maps. When program maps were configured, a local user
could use this issue to escalate privileges.

This update changes the default behaviour by adding a prefix to environment
variables. Sites using program maps will need to adapt to the new variable
names, or revert to the previous names by using a new configuration option
called FORCE_STANDARD_PROGRAM_MAP_ENV.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

autofs

5.0.8-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8169

Ubuntu Security Notice USN-2571-1

24th April, 2015

firefox vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu (vivid)
• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

• firefox
  – Mozilla Open Source web browser

Details

Robert Kaiser discovered a use-after-free during plugin initialization in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-2706)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu (vivid):

firefox

37.0.2+build1-0ubuntu0.15.04.1

Ubuntu 14.10:

firefox

37.0.2+build1-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

firefox

37.0.2+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

firefox

37.0.2+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2015-2706

Ubuntu Security Notice USN-2576-1

23rd April, 2015

usb-creator vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

usb-creator could be tricked into running programs as an administrator.

Software description

• usb-creator
  – create a startup disk using a CD or disc image

Details

Tavis Ormandy discovered that usb-creator was missing an authentication
check. A local attacker could use this issue to gain elevated privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

usb-creator-common

0.2.62ubuntu0.3

Ubuntu 14.04 LTS:

usb-creator-common

0.2.56.3ubuntu0.1

Ubuntu 12.04 LTS:

usb-creator-common

0.2.38.3ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1447396

Ubuntu Security Notice USN-2577-1

23rd April, 2015

wpa vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04
• Ubuntu 14.10
• Ubuntu 14.04 LTS

Summary

wpa_supplicant could be made to crash, expose memory, or run programs if it
received specially crafted network traffic.

Software description

• wpa
  – client support for WPA and WPA2

Details

It was discovered that wpa_supplicant incorrectly handled SSID information
when creating or updating P2P peer entries. A remote attacker could use
this issue to cause wpa_supplicant to crash, resulting in a denial of
service, expose memory contents, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

wpasupplicant

2.1-0ubuntu7.1

Ubuntu 14.10:

wpasupplicant

2.1-0ubuntu4.1

Ubuntu 14.04 LTS:

wpasupplicant

2.1-0ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-1863

Ubuntu Security Notice USN-2576-2

23rd April, 2015

usb-creator vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.04

Summary

usb-creator could be tricked into running programs as an administrator.

Software description

• usb-creator
  – create a startup disk using a CD or disc image

Details

USN-2576-1 fixed a vulnerability in usb-creator. This update provides the
corresponding fix for Ubuntu 15.04.

Original advisory details:

Tavis Ormandy discovered that usb-creator was missing an authentication
check. A local attacker could use this issue to gain elevated privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:

usb-creator-common

0.2.67ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1447396

Ubuntu Security Notice USN-2573-1

21st April, 2015

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in OpenJDK 6.

Software description

• openjdk-6
  – Open Source Java implementation

Details

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2015-0460, CVE-2015-0469)

Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to
directory traversal issues with respect to handling jar files. An
attacker could use this to expose sensitive data. (CVE-2015-0480)

Florian Weimer discovered that the RSA implementation in the JCE
component in OpenJDK JRE did not follow recommended practices for
implementing RSA signatures. An attacker could use this to expose
sensitive data. (CVE-2015-0478)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this expose sensitive data over
the network. (CVE-2015-0477)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial
of service. (CVE-2015-0488)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

icedtea-6-jre-cacao

6b35-1.13.7-1ubuntu0.12.04.2

icedtea-6-jre-jamvm

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-jdk

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-source

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-jre

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-jre-headless

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-demo

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-doc

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-jre-zero

6b35-1.13.7-1ubuntu0.12.04.2

openjdk-6-jre-lib

6b35-1.13.7-1ubuntu0.12.04.2

Ubuntu 10.04 LTS:

icedtea-6-jre-cacao

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-jdk

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-source

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-jre

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-jre-headless

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-demo

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-doc

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-jre-zero

6b35-1.13.7-1ubuntu0.10.04.2

openjdk-6-jre-lib

6b35-1.13.7-1ubuntu0.10.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

CVE-2015-0460,

CVE-2015-0469,

CVE-2015-0477,

CVE-2015-0478,

CVE-2015-0480,

CVE-2015-0488