Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-2534-1: Libav vulnerabilities

March 17, 2015 007admin

Ubuntu Security Notice USN-2534-1

17th March, 2015

libav vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Libav could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

libav
– Multimedia player, server, encoder and transcoder

Details

It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: libavformat53

4:0.8.17-0ubuntu0.12.04.1; libavcodec53

4:0.8.17-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

Ubuntu

USN-2533-1: Sudo vulnerability

March 16, 2015 007admin

Ubuntu Security Notice USN-2533-1

16th March, 2015

sudo vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

Sudo would allow unintended access to files.

Software description

sudo
– Provide limited super user privileges to specific users

Details

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled
the TZ environment variable. An attacker with Sudo access could possibly
use this issue to open arbitrary files, bypassing intended permissions.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: sudo-ldap

1.8.9p5-1ubuntu2.1; sudo

1.8.9p5-1ubuntu2.1
Ubuntu 14.04 LTS:: sudo-ldap

1.8.9p5-1ubuntu1.1; sudo

1.8.9p5-1ubuntu1.1
Ubuntu 12.04 LTS:: sudo-ldap

1.8.3p1-1ubuntu3.7; sudo

1.8.3p1-1ubuntu3.7
Ubuntu 10.04 LTS:: sudo-ldap

1.7.2p1-1ubuntu5.8; sudo

1.7.2p1-1ubuntu5.8

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9680

Ubuntu

USN-2531-1: Requests vulnerability

March 16, 2015 007admin

Ubuntu Security Notice USN-2531-1

16th March, 2015

requests vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS

Summary

Requests could be made to expose cookies over the network.

Software description

requests
– elegant and simple HTTP library for Python

Details

Matthew Daley discovered that Requests incorrectly handled cookies without
host values when being redirected. A remote attacker could possibly use
this issue to perform session fixation or cookie stealing attacks.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: python3-requests

2.3.0-1ubuntu0.1; python-requests

2.3.0-1ubuntu0.1
Ubuntu 14.04 LTS:: python3-requests

2.2.1-1ubuntu0.2; python-requests

2.2.1-1ubuntu0.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-2296

Ubuntu

USN-2532-1: cups-filters vulnerability

March 16, 2015 007admin

Ubuntu Security Notice USN-2532-1

16th March, 2015

cups-filters vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS

Summary

cups-filters could be made to run programs if it received specially crafted
network traffic.

Software description

cups-filters
– OpenPrinting CUPS Filters

Details

It was discovered that cups-browsed incorrectly filtered remote printer
names and strings. A remote attacker could use this issue to possibly
execute arbitrary commands.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: cups-browsed

1.0.61-0ubuntu2.1
Ubuntu 14.04 LTS:: cups-browsed

1.0.52-0ubuntu1.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-2265

Ubuntu

USN-2526-1: Linux kernel vulnerability

March 12, 2015 007admin

Ubuntu Security Notice USN-2526-1

12th March, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux
– Linux kernel

Details

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.2.0-77-omap

3.2.0-77.114; linux-image-3.2.0-77-powerpc64-smp

3.2.0-77.114; linux-image-3.2.0-77-powerpc-smp

3.2.0-77.114; linux-image-3.2.0-77-generic-pae

3.2.0-77.114; linux-image-3.2.0-77-generic

3.2.0-77.114; linux-image-3.2.0-77-virtual

3.2.0-77.114; linux-image-3.2.0-77-highbank

3.2.0-77.114

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8159

Ubuntu

USN-2525-1: Linux kernel vulnerability

March 12, 2015 007admin

Ubuntu Security Notice USN-2525-1

12th March, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:: linux-image-2.6.32-73-lpia

2.6.32-73.141; linux-image-2.6.32-73-powerpc64-smp

2.6.32-73.141; linux-image-2.6.32-73-generic-pae

2.6.32-73.141; linux-image-2.6.32-73-sparc64

2.6.32-73.141; linux-image-2.6.32-73-generic

2.6.32-73.141; linux-image-2.6.32-73-virtual

2.6.32-73.141; linux-image-2.6.32-73-ia64

2.6.32-73.141; linux-image-2.6.32-73-powerpc-smp

2.6.32-73.141; linux-image-2.6.32-73-versatile

2.6.32-73.141; linux-image-2.6.32-73-386

2.6.32-73.141; linux-image-2.6.32-73-powerpc

2.6.32-73.141; linux-image-2.6.32-73-server

2.6.32-73.141; linux-image-2.6.32-73-sparc64-smp

2.6.32-73.141; linux-image-2.6.32-73-preempt

2.6.32-73.141

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8159

Ubuntu

USN-2529-1: Linux kernel (Utopic HWE) vulnerability

March 12, 2015 007admin

Ubuntu Security Notice USN-2529-1

12th March, 2015

linux-lts-utopic vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-lts-utopic
– Linux hardware enablement kernel from Utopic

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.16.0-31-powerpc64-smp

3.16.0-31.43~14.04.1; linux-image-3.16.0-31-generic

3.16.0-31.43~14.04.1; linux-image-3.16.0-31-powerpc-smp

3.16.0-31.43~14.04.1; linux-image-3.16.0-31-powerpc64-emb

3.16.0-31.43~14.04.1; linux-image-3.16.0-31-generic-lpae

3.16.0-31.43~14.04.1; linux-image-3.16.0-31-lowlatency

3.16.0-31.43~14.04.1; linux-image-3.16.0-31-powerpc-e500mc

3.16.0-31.43~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8159

Ubuntu

USN-2528-1: Linux kernel vulnerability

March 12, 2015 007admin

Ubuntu Security Notice USN-2528-1

12th March, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.13.0-46-generic-lpae

3.13.0-46.79; linux-image-3.13.0-46-generic

3.13.0-46.79; linux-image-3.13.0-46-powerpc-e500mc

3.13.0-46.79; linux-image-3.13.0-46-powerpc-smp

3.13.0-46.79; linux-image-3.13.0-46-powerpc64-emb

3.13.0-46.79; linux-image-3.13.0-46-powerpc-e500

3.13.0-46.79; linux-image-3.13.0-46-powerpc64-smp

3.13.0-46.79; linux-image-3.13.0-46-lowlatency

3.13.0-46.79

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8159

Ubuntu

USN-2527-1: Linux kernel (Trusty HWE) vulnerability

March 12, 2015 007admin

Ubuntu Security Notice USN-2527-1

12th March, 2015

linux-lts-trusty vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux-lts-trusty
– Linux hardware enablement kernel from Trusty

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.13.0-46-generic-lpae

3.13.0-46.79~precise1; linux-image-3.13.0-46-generic

3.13.0-46.79~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8159

Ubuntu

USN-2530-1: Linux kernel vulnerability

March 12, 2015 007admin

Ubuntu Security Notice USN-2530-1

12th March, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10

Summary

The system could be made to crash or run programs as an administrator.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: linux-image-3.16.0-31-powerpc64-smp

3.16.0-31.43; linux-image-3.16.0-31-generic

3.16.0-31.43; linux-image-3.16.0-31-powerpc64-emb

3.16.0-31.43; linux-image-3.16.0-31-powerpc-smp

3.16.0-31.43; linux-image-3.16.0-31-generic-lpae

3.16.0-31.43; linux-image-3.16.0-31-lowlatency

3.16.0-31.43; linux-image-3.16.0-31-powerpc-e500mc

3.16.0-31.43

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8159

Ubuntu Security Notice USN-2534-1

libav vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2533-1

sudo vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2531-1

requests vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2532-1

cups-filters vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2526-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2525-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2529-1

linux-lts-utopic vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2528-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2527-1

linux-lts-trusty vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2530-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Software and Security Information