Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-2554-1: GnuPG vulnerabilities

Ubuntu Security Notice USN-2554-1

1st April, 2015

gnupg, gnupg2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Several security issues were fixed in GnuPG.

Software description

  • gnupg
    – GNU privacy guard – a free PGP replacement

  • gnupg2
    – GNU privacy guard – a free PGP replacement

Details

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered
that GnuPG was susceptible to an attack via physical side channels. A local
attacker could use this attack to possibly recover private keys.
(CVE-2014-3591)

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was
susceptible to an attack via physical side channels. A local attacker could
use this attack to possibly recover private keys. (CVE-2015-0837)

Hanno Böck discovered that GnuPG incorrectly handled certain malformed
keyrings. If a user or automated system were tricked into opening a
malformed keyring, a remote attacker could use this issue to cause GnuPG to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-1606, CVE-2015-1607)

In addition, this update improves GnuPG security by validating that the
keys returned by keyservers match those requested.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
gnupg2

2.0.24-1ubuntu2.2
gnupg

1.4.16-1.2ubuntu1.2
Ubuntu 14.04 LTS:
gnupg2

2.0.22-3ubuntu1.3
gnupg

1.4.16-1ubuntu2.3
Ubuntu 12.04 LTS:
gnupg2

2.0.17-2ubuntu2.12.04.6
gnupg

1.4.11-3ubuntu2.9
Ubuntu 10.04 LTS:
gnupg

1.4.10-2ubuntu1.8

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3591,

CVE-2014-5270,

CVE-2015-0837,

CVE-2015-1606,

CVE-2015-1607

Ubuntu

USN-2553-1: LibTIFF vulnerabilities

Ubuntu Security Notice USN-2553-1

31st March, 2015

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

  • tiff
    – Tag Image File Format (TIFF) library

Details

William Robinet discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,
CVE-2014-8130)

Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain
malformed BMP images. If a user or automated system were tricked into
opening a specially crafted BMP image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2014-9330)

Michal Zalewski discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. (CVE-2014-9655)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libtiff5

4.0.3-10ubuntu0.1
Ubuntu 14.04 LTS:
libtiff5

4.0.3-7ubuntu0.2
Ubuntu 12.04 LTS:
libtiff4

3.9.5-2ubuntu1.7
Ubuntu 10.04 LTS:
libtiff4

3.9.2-2ubuntu0.15

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8127,

CVE-2014-8128,

CVE-2014-8129,

CVE-2014-8130,

CVE-2014-9330,

CVE-2014-9655

Ubuntu

USN-2550-1: Firefox vulnerabilities

Ubuntu Security Notice USN-2550-1

1st April, 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

  • firefox
    – Mozilla Open Source web browser

Details

Olli Pettay and Boris Zbarsky discovered an issue during anchor
navigations in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to bypass same-origin policy restrictions. (CVE-2015-0801)

Bobby Holley discovered that windows created to hold privileged UI content
retained access to privileged internal methods if navigated to
unprivileged content. An attacker could potentially exploit this in
combination with another flaw, in order to execute arbitrary script in a
privileged context. (CVE-2015-0802)

Several type confusion issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0803, CVE-2015-0804)

Abhishek Arya discovered memory corruption issues during 2D graphics
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)

Christoph Kerschbaumer discovered that CORS requests from
navigator.sendBeacon() followed 30x redirections after preflight. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site request forgery
(XSRF) attacks. (CVE-2015-0807)

Mitchell Harper discovered an issue with memory management of simple-type
arrays in WebRTC. An attacker could potentially exploit this to cause
undefined behaviour. (CVE-2015-0808)

Felix Gröbert discovered an out-of-bounds read in the QCMS colour
management library. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0811)

Armin Razmdjou discovered that lightweight themes could be installed
in Firefox without a user approval message, from Mozilla subdomains
over HTTP without SSL. A remote attacker could potentially exploit this by
conducting a Man-In-The-Middle (MITM) attack to install themes without
user approval. (CVE-2015-0812)

Aki Helin discovered a use-after-free when playing MP3 audio files using
the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0813)

Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell
Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-0814, CVE-2015-0815)

Mariusz Mlynski discovered that documents loaded via resource: URLs (such
as PDF.js) could load privileged chrome pages. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this in combination with another flaw, in order to execute
arbitrary script in a privileged context. (CVE-2015-0816)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
firefox

37.0+build2-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
firefox

37.0+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox

37.0+build2-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2015-0801,

CVE-2015-0802,

CVE-2015-0803,

CVE-2015-0804,

CVE-2015-0805,

CVE-2015-0806,

CVE-2015-0807,

CVE-2015-0808,

CVE-2015-0811,

CVE-2015-0812,

CVE-2015-0813,

CVE-2015-0814,

CVE-2015-0815,

CVE-2015-0816

Ubuntu

USN-2555-1: Libgcrypt vulnerabilities

Ubuntu Security Notice USN-2555-1

1st April, 2015

libgcrypt11, libgcrypt20 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Libgcrypt.

Software description

  • libgcrypt11
    – LGPL Crypto library

  • libgcrypt20
    – LGPL Crypto library

Details

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered
that Libgcrypt was susceptible to an attack via physical side channels. A
local attacker could use this attack to possibly recover private keys.
(CVE-2014-3591)

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was
susceptible to an attack via physical side channels. A local attacker could
use this attack to possibly recover private keys. (CVE-2015-0837)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libgcrypt20

1.6.1-2ubuntu1.14.10.1
libgcrypt11

1.5.4-2ubuntu1.1
Ubuntu 14.04 LTS:
libgcrypt11

1.5.3-2ubuntu4.2
Ubuntu 12.04 LTS:
libgcrypt11

1.5.0-3ubuntu0.4
Ubuntu 10.04 LTS:
libgcrypt11

1.4.4-5ubuntu2.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3591,

CVE-2015-0837

Ubuntu

USN-2551-1: Apache Standard Taglibs vulnerability

Ubuntu Security Notice USN-2551-1

30th March, 2015

jakarta-taglibs-standard vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS

Summary

Apache Standard Taglibs loaded external XML entities.

Software description

  • jakarta-taglibs-standard
    – Implementation of JSP Standard Tag Library (JSTL)

Details

David Jorm discovered that the Apache Standard Taglibs incorrectly handled
external XML entities. A remote attacker could possibly use this issue to
execute arbitrary code or perform other external XML entity attacks.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libjakarta-taglibs-standard-java

1.1.2-2ubuntu1.14.10.1
libjstl1.1-java

1.1.2-2ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libjakarta-taglibs-standard-java

1.1.2-2ubuntu1.14.04.1
libjstl1.1-java

1.1.2-2ubuntu1.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-0254

Ubuntu

USN-2548-1: Batik vulnerability

Ubuntu Security Notice USN-2548-1

25th March, 2015

batik vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Batik could be made to consume resources or expose sensitive information.

Software description

  • batik
    – xml.apache.org SVG Library

Details

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libbatik-java

1.7.ubuntu-8ubuntu2.14.10.1
Ubuntu 14.04 LTS:
libbatik-java

1.7.ubuntu-8ubuntu2.14.04.1
Ubuntu 12.04 LTS:
libbatik-java

1.7.ubuntu-8ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-0250

Ubuntu

USN-2549-1: libarchive vulnerabilities

Ubuntu Security Notice USN-2549-1

25th March, 2015

libarchive vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

libarchive could be made to crash or overwrite files.

Software description

  • libarchive
    – Library to read/write archive files

Details

It was discovered that the libarchive bsdcpio utility extracted absolute
paths by default without using the –insecure flag, contrary to
expectations. If a user or automated system were tricked into extracting
cpio archives containing absolute paths, a remote attacker may be able to
write to arbitrary files. (CVE-2015-2304)

Fabian Yamaguchi discovered that libarchive incorrectly handled certain
type conversions. A remote attacker could possibly use this issue to cause
libarchive to crash, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2013-0211)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
bsdcpio

3.1.2-9ubuntu0.1
libarchive13

3.1.2-9ubuntu0.1
Ubuntu 14.04 LTS:
bsdcpio

3.1.2-7ubuntu2.1
libarchive13

3.1.2-7ubuntu2.1
Ubuntu 12.04 LTS:
bsdcpio

3.0.3-6ubuntu1.1
libarchive12

3.0.3-6ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-0211,

CVE-2015-2304

Ubuntu

USN-2539-1: Django vulnerabilities

Ubuntu Security Notice USN-2539-1

23rd March, 2015

python-django vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Django.

Software description

  • python-django
    – High-level Python web development framework

Details

Andrey Babak discovered that Django incorrectly handled strip_tags. A
remote attacker could possibly use this issue to cause Django to enter an
infinite loop, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2316)

Daniel Chatfield discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-2317)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
python3-django

1.6.6-1ubuntu2.2
python-django

1.6.6-1ubuntu2.2
Ubuntu 14.04 LTS:
python-django

1.6.1-2ubuntu0.8
Ubuntu 12.04 LTS:
python-django

1.3.1-4ubuntu1.16
Ubuntu 10.04 LTS:
python-django

1.1.1-2ubuntu1.17

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-2316,

CVE-2015-2317

Ubuntu

USN-2540-1: GnuTLS vulnerabilities

Ubuntu Security Notice USN-2540-1

23rd March, 2015

gnutls26, gnutls28 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Several security issues were fixed in GnuTLS.

Software description

  • gnutls26
    – GNU TLS library

  • gnutls28
    – GNU TLS library

Details

It was discovered that GnuTLS did not perform date and time checks on
CA certificates, contrary to expectations. This issue only affected
Ubuntu 10.04 LTS. (CVE-2014-8155)

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that
signature algorithms matched. A remote attacker could possibly use this
issue to downgrade to a disallowed algorithm. This issue only affected
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0282)

It was discovered that GnuTLS incorrectly verified certificate algorithms.
A remote attacker could possibly use this issue to downgrade to a
disallowed algorithm. (CVE-2015-0294)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libgnutls-deb0-28

3.2.16-1ubuntu2.2
Ubuntu 14.04 LTS:
libgnutls26

2.12.23-12ubuntu2.2
Ubuntu 12.04 LTS:
libgnutls26

2.12.14-5ubuntu3.9
Ubuntu 10.04 LTS:
libgnutls26

2.8.5-2ubuntu0.7

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8155,

CVE-2015-0282,

CVE-2015-0294

Ubuntu

USN-2543-1: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu Security Notice USN-2543-1

24th March, 2015

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-trusty
    – Linux hardware enablement kernel from Trusty

Details

Eric Windisch discovered flaw in how the Linux kernel’s XFS file system
replaces remote attributes. A local access with access to an XFS file
system could exploit this flaw to escalate their privileges.
(CVE-2015-0274)

A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)

The Linux kernel’s splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)

A flaw was discovered in the crypto subsystem when screening module names
for automatic module loading if the name contained a valid crypto module
name, eg. vfat(aes). A local user could exploit this flaw to load installed
kernel modules, increasing the attack surface and potentially using this to
gain administrative privileges. (CVE-2014-9644)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-48-generic-lpae

3.13.0-48.80~precise1
linux-image-3.13.0-48-generic

3.13.0-48.80~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2013-7421,

CVE-2014-7822,

CVE-2014-9644,

CVE-2015-0274