Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-2500-1: X.Org X server vulnerabilities

February 18, 2015 007admin

Ubuntu Security Notice USN-2500-1

17th February, 2015

xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the X.Org X server.

Software description

xorg-server
– X.Org X11 server
xorg-server-lts-trusty
– X.Org X11 server
xorg-server-lts-utopic
– X.Org X11 server

Details

Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that the X.Org X server incorrectly handled certain
trapezoids. An attacker able to connect to an X server, either locally or
remotely, could use this issue to possibly crash the server. This issue
only affected Ubuntu 12.04 LTS. (CVE-2013-6424)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: xserver-xorg-core

2:1.16.0-1ubuntu1.3
Ubuntu 14.04 LTS:: xserver-xorg-core

2:1.15.1-0ubuntu2.7; xserver-xorg-core-lts-utopic

2:1.16.0-1ubuntu1.2~trusty2
Ubuntu 12.04 LTS:: xserver-xorg-core

2:1.11.4-0ubuntu10.17; xserver-xorg-core-lts-trusty

2:1.15.1-0ubuntu2~precise5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2013-6424,

CVE-2015-0255

Ubuntu

USN-2488-2: ClamAV vulnerability

February 13, 2015 007admin

Ubuntu Security Notice USN-2488-2

12th February, 2015

clamav vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.04 LTS

Summary

ClamAV could be made to crash or run programs if it processed a
specially crafted file.

Software description

clamav
– Anti-virus utility for Unix

Details

USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu
14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding
update for Ubuntu 10.04 LTS.

Original advisory details:

Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled
certain upack packer files. An attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:: clamav

0.98.6+dfsg-0ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2013-6497,

CVE-2014-9328

Ubuntu

USN-2499-1: PostgreSQL vulnerabilities

February 12, 2015 007admin

Ubuntu Security Notice USN-2499-1

11th February, 2015

postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

Several security issues were fixed in PostgreSQL.

Software description

postgresql-8.4
– Object-relational SQL database
postgresql-9.1
– Object-relational SQL database
postgresql-9.3
– Object-relational SQL database
postgresql-9.4
– Object-relational SQL database

Details

Stephen Frost discovered that PostgreSQL incorrectly displayed certain
values in error messages. An authenticated user could gain access to seeing
certain values, contrary to expected permissions. (CVE-2014-8161)

Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL
incorrectly handled buffers in to_char functions. An authenticated attacker
could possibly use this issue to cause PostgreSQL to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2015-0241)

It was discovered that PostgreSQL incorrectly handled memory in the
pgcrypto extension. An authenticated attacker could possibly use this issue
to cause PostgreSQL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2015-0243)

Emil Lenngren discovered that PostgreSQL incorrectly handled extended
protocol message reading. An authenticated attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service, or
possibly inject query messages. (CVE-2015-0244)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: postgresql-9.4

9.4.1-0ubuntu0.14.10
Ubuntu 14.04 LTS:: postgresql-9.3

9.3.6-0ubuntu0.14.04
Ubuntu 12.04 LTS:: postgresql-9.1

9.1.15-0ubuntu0.12.04
Ubuntu 10.04 LTS:: postgresql-8.4

8.4.22-0ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

Ubuntu

USN-2498-1: Kerberos vulnerabilities

February 11, 2015 007admin

Ubuntu Security Notice USN-2498-1

10th February, 2015

krb5 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Kerberos.

Software description

krb5
– MIT Kerberos Network Authentication Protocol

Details

It was discovered that Kerberos incorrectly sent old keys in response to a
-randkey -keepold request. An authenticated remote attacker could use this
issue to forge tickets by leveraging administrative access. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-5351)

It was discovered that the libgssapi_krb5 library incorrectly processed
security context handles. A remote attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. (CVE-2014-5352)

Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with
no results. An authenticated remote attacker could use this issue to cause
the KDC to crash, resulting in a denial of service. (CVE-2014-5353)

It was discovered that Kerberos incorrectly handled creating database
entries for a keyless principal when using LDAP. An authenticated remote
attacker could use this issue to cause the KDC to crash, resulting in a
denial of service. (CVE-2014-5354)

It was discovered that Kerberos incorrectly handled memory when processing
XDR data. A remote attacker could use this issue to cause kadmind to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-9421)

It was discovered that Kerberos incorrectly handled two-component server
principals. A remote attacker could use this issue to perform impersonation
attacks. (CVE-2014-9422)

It was discovered that the libgssrpc library leaked uninitialized bytes. A
remote attacker could use this issue to possibly obtain sensitive
information. (CVE-2014-9423)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: libkadm5srv-mit9

1.12.1+dfsg-10ubuntu0.1; libk5crypto3

1.12.1+dfsg-10ubuntu0.1; krb5-kdc-ldap

1.12.1+dfsg-10ubuntu0.1; libkrad0

1.12.1+dfsg-10ubuntu0.1; krb5-otp

1.12.1+dfsg-10ubuntu0.1; libkdb5-7

1.12.1+dfsg-10ubuntu0.1; krb5-pkinit

1.12.1+dfsg-10ubuntu0.1; libkadm5clnt-mit9

1.12.1+dfsg-10ubuntu0.1; libkrb5-3

1.12.1+dfsg-10ubuntu0.1; krb5-user

1.12.1+dfsg-10ubuntu0.1; krb5-kdc

1.12.1+dfsg-10ubuntu0.1; libgssrpc4

1.12.1+dfsg-10ubuntu0.1; libkrb5support0

1.12.1+dfsg-10ubuntu0.1; libgssapi-krb5-2

1.12.1+dfsg-10ubuntu0.1; krb5-admin-server

1.12.1+dfsg-10ubuntu0.1
Ubuntu 14.04 LTS:: libkadm5srv-mit9

1.12+dfsg-2ubuntu5.1; libkadm5srv-mit8

1.12+dfsg-2ubuntu5.1; libk5crypto3

1.12+dfsg-2ubuntu5.1; krb5-kdc-ldap

1.12+dfsg-2ubuntu5.1; libkrad0

1.12+dfsg-2ubuntu5.1; krb5-otp

1.12+dfsg-2ubuntu5.1; libkdb5-7

1.12+dfsg-2ubuntu5.1; krb5-pkinit

1.12+dfsg-2ubuntu5.1; libkadm5clnt-mit9

1.12+dfsg-2ubuntu5.1; libkrb5-3

1.12+dfsg-2ubuntu5.1; krb5-user

1.12+dfsg-2ubuntu5.1; krb5-kdc

1.12+dfsg-2ubuntu5.1; libgssrpc4

1.12+dfsg-2ubuntu5.1; libkrb5support0

1.12+dfsg-2ubuntu5.1; libgssapi-krb5-2

1.12+dfsg-2ubuntu5.1; krb5-admin-server

1.12+dfsg-2ubuntu5.1
Ubuntu 12.04 LTS:: libkadm5srv-mit8

1.10+dfsg~beta1-2ubuntu0.6; libk5crypto3

1.10+dfsg~beta1-2ubuntu0.6; krb5-kdc-ldap

1.10+dfsg~beta1-2ubuntu0.6; libkdb5-6

1.10+dfsg~beta1-2ubuntu0.6; libkrb53

1.10+dfsg~beta1-2ubuntu0.6; krb5-pkinit

1.10+dfsg~beta1-2ubuntu0.6; libkadm5clnt-mit8

1.10+dfsg~beta1-2ubuntu0.6; libkrb5-3

1.10+dfsg~beta1-2ubuntu0.6; krb5-user

1.10+dfsg~beta1-2ubuntu0.6; krb5-kdc

1.10+dfsg~beta1-2ubuntu0.6; libgssrpc4

1.10+dfsg~beta1-2ubuntu0.6; libkrb5support0

1.10+dfsg~beta1-2ubuntu0.6; libgssapi-krb5-2

1.10+dfsg~beta1-2ubuntu0.6; krb5-admin-server

1.10+dfsg~beta1-2ubuntu0.6
Ubuntu 10.04 LTS:: libk5crypto3

1.8.1+dfsg-2ubuntu0.14; krb5-kdc-ldap

1.8.1+dfsg-2ubuntu0.14; libkdb5-4

1.8.1+dfsg-2ubuntu0.14; libkadm5srv-mit7

1.8.1+dfsg-2ubuntu0.14; krb5-pkinit

1.8.1+dfsg-2ubuntu0.14; krb5-admin-server

1.8.1+dfsg-2ubuntu0.14; libkrb5-3

1.8.1+dfsg-2ubuntu0.14; krb5-user

1.8.1+dfsg-2ubuntu0.14; krb5-kdc

1.8.1+dfsg-2ubuntu0.14; libgssrpc4

1.8.1+dfsg-2ubuntu0.14; libkrb5support0

1.8.1+dfsg-2ubuntu0.14; libgssapi-krb5-2

1.8.1+dfsg-2ubuntu0.14; libkadm5clnt-mit7

1.8.1+dfsg-2ubuntu0.14

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2495-1: Oxide vulnerabilities

February 11, 2015 007admin

Ubuntu Security Notice USN-2495-1

10th February, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt
– Web browser engine library for Qt (QML plugin)

Details

A use-after-free bug was discovered in the DOM implementation in Blink. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-1209)

It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-1210)

It was discovered that Chromium did not properly restrict the URI scheme
during ServiceWorker registration. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1211)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1212)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: liboxideqtcore0

1.4.3-0ubuntu0.14.10.1; oxideqt-codecs

1.4.3-0ubuntu0.14.10.1; oxideqt-codecs-extra

1.4.3-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0

1.4.3-0ubuntu0.14.04.1; oxideqt-codecs

1.4.3-0ubuntu0.14.04.1; oxideqt-codecs-extra

1.4.3-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2496-1: GNU binutils vulnerabilities

February 10, 2015 007admin

Ubuntu Security Notice USN-2496-1

9th February, 2015

binutils vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

Applications from GNU binutils could be made to crash, run programs,
or delete arbitrary files as your login if they opened a specially
crafted file.

Software description

binutils
– GNU assembler, linker and binary utilities

Details

Michal Zalewski discovered that the setup_group function in libbfd in
GNU binutils did not properly check group headers in ELF files. An
attacker could use this to craft input that could cause a denial
of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8485)

Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function
in libbfd in GNU binutils allowed out-of-bounds writes. An
attacker could use this to craft input that could cause a denial
of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8501)

Hanno Böck discovered a heap-based buffer overflow in the
pe_print_edata function in libbfd in GNU binutils. An attacker
could use this to craft input that could cause a denial of service
(application crash) or possibly execute arbitrary code. (CVE-2014-8502)

Alexander Cherepanov discovered multiple directory traversal
vulnerabilities in GNU binutils. An attacker could use this to craft
input that could delete arbitrary files. (CVE-2014-8737)

Alexander Cherepanov discovered the _bfd_slurp_extended_name_table
function in libbfd in GNU binutils allowed invalid writes when handling
extended name tables in an archive. An attacker could use this to
craft input that could cause a denial of service (application crash)
or possibly execute arbitrary code. (CVE-2014-8738)

Hanno Böck discovered a stack-based buffer overflow in the ihex_scan
function in libbfd in GNU binutils. An attacker could use this
to craft input that could cause a denial of service (application
crash). (CVE-2014-8503)

Michal Zalewski discovered a stack-based buffer overflow in the
srec_scan function in libbfd in GNU binutils. An attacker could
use this to to craft input that could cause a denial of service
(application crash); the GNU C library’s Fortify Source printf
protection should prevent the possibility of executing arbitrary code.
(CVE-2014-8504)

Michal Zalewski discovered that the srec_scan function in libbfd
in GNU binutils allowed out-of-bounds reads. An attacker could
use this to craft input to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04
LTS. (CVE-2014-8484)

Sang Kil Cha discovered multiple integer overflows in the
_objalloc_alloc function and objalloc_alloc macro in binutils. This
could allow an attacker to cause a denial of service (application
crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.
(CVE-2012-3509)

Alexander Cherepanov and Hanno Böck discovered multiple additional
out-of-bounds reads and writes in GNU binutils. An attacker could use
these to craft input that could cause a denial of service (application
crash) or possibly execute arbitrary code. A few of these issues may
be limited in exposure to a denial of service (application abort)
by the GNU C library’s Fortify Source printf protection.

The strings(1) utility in GNU binutils used libbfd by default when
examining executable object files; unfortunately, libbfd was not
originally developed with the expectation of hostile input. As
a defensive measure, the behavior of strings has been changed to
default to ‘strings –all’ behavior, which does not use libbfd; use
the new argument to strings, ‘–data’, to recreate the old behavior.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: binutils-multiarch

2.24.90.20141014-0ubuntu3.1; binutils

2.24.90.20141014-0ubuntu3.1
Ubuntu 14.04 LTS:: binutils-multiarch

2.24-5ubuntu3.1; binutils

2.24-5ubuntu3.1
Ubuntu 12.04 LTS:: binutils-multiarch

2.22-6ubuntu1.2; binutils

2.22-6ubuntu1.2
Ubuntu 10.04 LTS:: binutils-multiarch

2.20.1-3ubuntu7.2; binutils

2.20.1-3ubuntu7.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2497-1: NTP vulnerabilities

February 10, 2015 007admin

Ubuntu Security Notice USN-2497-1

9th February, 2015

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

Several security issues were fixed in NTP.

Software description

ntp
– Network Time Protocol daemon and utility programs

Details

Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP
incorrectly handled the length value in extension fields. A remote attacker
could use this issue to possibly obtain leaked information, or cause the
NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297)

Stephen Roettger discovered that NTP incorrectly handled ACLs based on
certain IPv6 addresses. (CVE-2014-9298)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: ntp

1:4.2.6.p5+dfsg-3ubuntu2.14.10.2
Ubuntu 14.04 LTS:: ntp

1:4.2.6.p5+dfsg-3ubuntu2.14.04.2
Ubuntu 12.04 LTS:: ntp

1:4.2.6.p3+dfsg-1ubuntu3.3
Ubuntu 10.04 LTS:: ntp

1:4.2.4p8+dfsg-1ubuntu2.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9297,

CVE-2014-9298

Ubuntu

USN-2494-1: file vulnerabilities

February 5, 2015 007admin

Ubuntu Security Notice USN-2494-1

4th February, 2015

file vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

file could be made to crash if it opened a specially crafted file.

Software description

file
– Tool to determine file types

Details

Francisco Alonso discovered that file incorrectly handled certain ELF
files. An attacker could use this issue to cause file to crash, resulting
in a denial of service. (CVE-2014-3710)

Thomas Jarosch discovered that file incorrectly handled certain ELF files.
An attacker could use this issue to cause file to hang or crash, resulting
in a denial of service. (CVE-2014-8116)

Thomas Jarosch discovered that file incorrectly limited recursion. An
attacker could use this issue to cause file to hang or crash, resulting in
a denial of service. (CVE-2014-8117)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: file

1:5.19-1ubuntu1.2
Ubuntu 14.04 LTS:: file

1:5.14-2ubuntu3.3
Ubuntu 12.04 LTS:: file

5.09-2ubuntu0.6
Ubuntu 10.04 LTS:: file

5.03-5ubuntu1.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3710,

CVE-2014-8116,

CVE-2014-8117

Ubuntu

USN-2469-2: Django regression

February 5, 2015 007admin

Ubuntu Security Notice USN-2469-2

4th February, 2015

python-django regression

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

USN-2469-1 caused a regression in Django.

Software description

python-django
– High-level Python web development framework

Details

USN-2469-1 fixed vulnerabilities in Django. The security fix for
CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04
LTS when serving static content through GZipMiddleware. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments. (CVE-2015-0219)

Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-0220)

Alex Gaynor discovered that Django incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service. (CVE-2015-0221)

Keryn Knight discovered that Django incorrectly handled forms with
ModelMultipleChoiceField. A remote attacker could possibly use this issue
to cause a large number of SQL queries, resulting in a database denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-0222)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: python-django

1.3.1-4ubuntu1.15
Ubuntu 10.04 LTS:: python-django

1.1.1-2ubuntu1.16

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1417274

Ubuntu

USN-2492-1: Linux kernel vulnerabilities

February 4, 2015 007admin

Ubuntu Security Notice USN-2492-1

3rd February, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Andy Lutomirski discovered an information leak in the Linux kernel’s Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel’s ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.2.0-76-highbank

3.2.0-76.111; linux-image-3.2.0-76-virtual

3.2.0-76.111; linux-image-3.2.0-76-powerpc64-smp

3.2.0-76.111; linux-image-3.2.0-76-generic-pae

3.2.0-76.111; linux-image-3.2.0-76-omap

3.2.0-76.111; linux-image-3.2.0-76-generic

3.2.0-76.111; linux-image-3.2.0-76-powerpc-smp

3.2.0-76.111

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-8133,

CVE-2014-8559,

CVE-2014-9420

Ubuntu Security Notice USN-2500-1

xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2488-2

clamav vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2499-1

postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2498-1

krb5 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2495-1

oxide-qt vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2496-1

binutils vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2497-1

ntp vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2494-1

file vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2469-2

python-django regression

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2492-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information