Ubuntu Security Notice USN-2483-1

26th January, 2015

jasper vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

JasPer could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

• jasper
  – Library for manipulating JPEG-2000 files

Details

Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)

Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)

It was discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8157)

It was discovered that JasPer incorrectly handled memory when processing
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8158)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

libjasper1

1.900.1-debian1-2ubuntu0.2

Ubuntu 14.04 LTS:

libjasper1

1.900.1-14ubuntu3.2

Ubuntu 12.04 LTS:

libjasper1

1.900.1-13ubuntu0.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8137,

CVE-2014-8138,

CVE-2014-8157,

CVE-2014-8158

Ubuntu Security Notice USN-2476-1

26th January, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

• oxide-qt
  – Web browser engine library for Qt (QML plugin)

Details

Several memory corruption bugs were discovered in ICU. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer crash
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7923, CVE-2014-7926)

A use-after-free was discovered in the IndexedDB implementation. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the privileges of the user invoking
the program. (CVE-2014-7924)

A use-after free was discovered in the WebAudio implementation in Blink.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2014-7925)

Several memory corruption bugs were discovered in V8. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer crash
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)

Several use-after free bugs were discovered in the DOM implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932,
CVE-2014-7934)

A use-after free was discovered in FFmpeg. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2014-7933)

Multiple off-by-one errors were discovered in FFmpeg. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7937)

A memory corruption bug was discovered in the fonts implementation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7938)

It was discovered that ICU did not initialize memory for a data structure
correctly. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via renderer crash or execute arbitrary code with the privileges
of the sandboxed render process. (CVE-2014-7940)

It was discovered that the fonts implementation did not initialize memory
for a data structure correctly. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via renderer crash or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2014-7942)

An out-of-bounds read was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2014-7943)

An out-of-bounds read was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2014-7946)

It was discovered that the AppCache proceeded with caching for SSL
sessions even if there is a certificate error. A remote attacker could
potentially exploit this by conducting a MITM attack to modify HTML
application content. (CVE-2014-7948)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1205)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-1346)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

liboxideqtcore0

1.4.2-0ubuntu0.14.10.1

oxideqt-codecs

1.4.2-0ubuntu0.14.10.1

oxideqt-codecs-extra

1.4.2-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

liboxideqtcore0

1.4.2-0ubuntu0.14.04.1

oxideqt-codecs

1.4.2-0ubuntu0.14.04.1

oxideqt-codecs-extra

1.4.2-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-7923,

CVE-2014-7924,

CVE-2014-7925,

CVE-2014-7926,

CVE-2014-7927,

CVE-2014-7928,

CVE-2014-7929,

CVE-2014-7930,

CVE-2014-7931,

CVE-2014-7932,

CVE-2014-7933,

CVE-2014-7934,

CVE-2014-7937,

CVE-2014-7938,

CVE-2014-7940,

CVE-2014-7942,

CVE-2014-7943,

CVE-2014-7946,

CVE-2014-7948,

CVE-2015-1205,

CVE-2015-1346

Ubuntu Security Notice USN-2484-1

26th January, 2015

unbound vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS

Summary

Unbound could be made to consume resources if it received specially crafted
network traffic.

Software description

• unbound
  – validating, recursive, caching DNS resolver

Details

Florian Maury discovered that Unbound incorrectly handled delegation. A
remote attacker could possibly use this issue to cause Unbound to consume
resources, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

libunbound2

1.4.22-1ubuntu4.14.10.1

unbound

1.4.22-1ubuntu4.14.10.1

Ubuntu 14.04 LTS:

libunbound2

1.4.22-1ubuntu4.14.04.1

unbound

1.4.22-1ubuntu4.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8602

Ubuntu Security Notice USN-2480-1

22nd January, 2015

mysql-5.5 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in MySQL.

Software description

• mysql-5.5
  – MySQL database

Details

Multiple security issues were discovered in MySQL and this update includes
a new upstream MySQL version to fix these issues. MySQL has been updated to
5.5.41.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

mysql-server-5.5

5.5.41-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

mysql-server-5.5

5.5.41-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

mysql-server-5.5

5.5.41-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-6568,

CVE-2015-0374,

CVE-2015-0381,

CVE-2015-0382,

CVE-2015-0411,

CVE-2015-0432

Ubuntu Security Notice USN-2482-1

22nd January, 2015

elfutils vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

elfutils could be made to overwrite files in the root directory if it received
a specially crafted file.

Software description

• elfutils
  – collection of utilities to handle ELF objects

Details

Alexander Cherepanov discovered that libelf1 incorrectly handled certain
filesystem paths while extracting ar archives. An attacker could use this flaw
to perform a directory traversal attack on the root directory if the process
extracting the ar archive has write access to the root directory.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

libelf1

0.160-0ubuntu2.1

Ubuntu 14.04 LTS:

libelf1

0.158-0ubuntu5.2

Ubuntu 12.04 LTS:

libelf1

0.152-1ubuntu3.1

Ubuntu 10.04 LTS:

libelf1

0.143-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart applications using libelf1
to make all the necessary changes.

References

CVE-2014-9447

Ubuntu Security Notice USN-2481-1

22nd January, 2015

samba vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS

Summary

A security issue was fixed in Samba.

Software description

• samba
  – SMB/CIFS file, print, and login server for Unix

Details

Andrew Bartlett discovered that Samba incorrectly handled delegation of
authority when being used as an Active Directory Domain Controller. An
attacker given delegation privileges could use this issue to escalate their
privileges further.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

samba

2:4.1.11+dfsg-1ubuntu2.1

Ubuntu 14.04 LTS:

samba

2:4.1.6+dfsg-1ubuntu2.14.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8143

Ubuntu Security Notice USN-2479-1

19th January, 2015

rpm vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in RPM.

Software description

• rpm
  – package manager for RPM

Details

Florian Weimer discovered that RPM incorrectly handled temporary files. A
local attacker could use this issue to execute arbitrary code.
(CVE-2013-6435)

Florian Weimer discovered that RPM incorrectly handled certain CPIO
headers. If a user or automated system were tricked into installing a
malicious package file, a remote attacker could use this issue to cause RPM
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-8118)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

rpm

4.11.2-3ubuntu0.1

Ubuntu 14.04 LTS:

rpm

4.11.1-3ubuntu0.1

Ubuntu 12.04 LTS:

rpm

4.9.1.1-1ubuntu0.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-6435,

CVE-2014-8118

Ubuntu Security Notice USN-2478-1

19th January, 2015

libssh vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

libssh could be made to crash if it received specially crafted network
traffic.

Software description

• libssh
  – A tiny C SSH library

Details

It was discovered that libssh incorrectly handled certain kexinit packets.
A remote attacker could possibly use this issue to cause libssh to crash,
resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

libssh-4

0.6.3-2ubuntu1.1

Ubuntu 14.04 LTS:

libssh-4

0.6.1-0ubuntu3.1

Ubuntu 12.04 LTS:

libssh-4

0.5.2-1ubuntu0.12.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8132

Ubuntu Security Notice USN-2477-1

19th January, 2015

libevent vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

libevent could be made to crash or run programs if it processed specially
crafted data.

Software description

• libevent
  – Asynchronous event notification library

Details

Andrew Bartlett discovered that libevent incorrectly handled large inputs
to the evbuffer API. A remote attacker could possibly use this issue with
an application that uses libevent to cause a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

libevent-2.0-5

2.0.21-stable-1ubuntu1.14.10.1

Ubuntu 14.04 LTS:

libevent-2.0-5

2.0.21-stable-1ubuntu1.14.04.1

Ubuntu 12.04 LTS:

libevent-2.0-5

2.0.16-stable-1ubuntu0.1

Ubuntu 10.04 LTS:

libevent-1.4-2

1.4.13-stable-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-6272

Ubuntu Security Notice USN-2460-1

19th January, 2015

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird
  – Mozilla Open Source mail and newsgroup client

Details

Christian Holler and Patrick McManus discovered multiple memory safety
issues in Thunderbird. If a user were tricked in to opening a specially
crafted message with scripting enabled, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2014-8634)

Muneaki Nishimura discovered that requests from navigator.sendBeacon()
lack an origin header. If a user were tricked in to opening a specially
crafted message with scripting enabled, an attacker could potentially
exploit this to conduct cross-site request forgery (XSRF) attacks.
(CVE-2014-8638)

Xiaofeng Zheng discovered that a web proxy returning a 407 response
could inject cookies in to the originally requested domain. If a user
connected to a malicious web proxy, an attacker could potentially exploit
this to conduct session-fixation attacks. (CVE-2014-8639)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

thunderbird

1:31.4.0+build1-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

thunderbird

1:31.4.0+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

thunderbird

1:31.4.0+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2014-8634,

CVE-2014-8638,

CVE-2014-8639