Ubuntu Security Notice USN-2897-1

15th February, 2016

nettle vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Nettle.

Software description

• nettle
  – low level cryptographic library (public-key cryptos)

Details

Hanno Böck discovered that Nettle incorrectly handled carry propagation in
the NIST P-256 elliptic curve. (CVE-2015-8803)

Hanno Böck discovered that Nettle incorrectly handled carry propagation in
the NIST P-384 elliptic curve. (CVE-2015-8804)

Niels Moeller discovered that Nettle incorrectly handled carry propagation
in the NIST P-256 elliptic curve. (CVE-2015-8805)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

libnettle6

3.1.1-4ubuntu0.1

Ubuntu 14.04 LTS:

libnettle4

2.7.1-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8803,

CVE-2015-8804,

CVE-2015-8805

Ubuntu Security Notice USN-2896-1

15th February, 2016

libgcrypt11, libgcrypt20 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Libgcrypt could be made to expose sensitive information.

Software description

• libgcrypt11
  – LGPL Crypto library

• libgcrypt20
  – LGPL Crypto library

Details

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that Libgcrypt was susceptible to an attack via physical side channels. A
local attacker could use this attack to possibly recover private keys.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

libgcrypt20

1.6.3-2ubuntu1.1

Ubuntu 14.04 LTS:

libgcrypt11

1.5.3-2ubuntu4.3

Ubuntu 12.04 LTS:

libgcrypt11

1.5.0-3ubuntu0.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-7511

Ubuntu Security Notice USN-2898-2

15th February, 2016

eog vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Eye of GNOME could be made to crash or run programs as your login if it
opened a specially crafted image.

Software description

• eog
  – Eye of GNOME graphics viewer program

Details

It was discovered that Eye of GNOME incorrectly handled certain large
images. If a user were tricked into opening a specially-crafted image, a
remote attacker could use this issue to cause Eye of GNOME to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

eog

3.16.3-1ubuntu2.1

Ubuntu 14.04 LTS:

eog

3.10.2-0ubuntu5.1

Ubuntu 12.04 LTS:

eog

3.4.2-0ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-7447

Ubuntu Security Notice USN-2893-1

11th February, 2016

firefox vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

A same-origin-policy bypass was discovered in Firefox.

Software description

• firefox
  – Mozilla Open Source web browser

Details

Jason Pang discovered that service workers intercept responses to plugin
network requests made through the browser. An attacker could potentially
exploit this to bypass same origin restrictions using the Flash plugin.
(CVE-2016-1949)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

firefox

44.0.2+build1-0ubuntu0.15.10.1

Ubuntu 14.04 LTS:

firefox

44.0.2+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

firefox

44.0.2+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2016-1949

Ubuntu Security Notice USN-2894-1

11th February, 2016

postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

PostgreSQL could be made to crash or run programs if it handled specially
crafted data.

Software description

• postgresql-9.1
  – Object-relational SQL database

• postgresql-9.3
  – Object-relational SQL database

• postgresql-9.4
  – Object-relational SQL database

Details

It was discovered that PostgreSQL incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773)

It was discovered that PostgreSQL incorrectly handled certain configuration
settings (GUCS) for users of PL/Java. A remote attacker could possibly use
this issue to escalate privileges. (CVE-2016-0766)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

postgresql-9.4

9.4.6-0ubuntu0.15.10

Ubuntu 14.04 LTS:

postgresql-9.3

9.3.11-0ubuntu0.14.04

Ubuntu 12.04 LTS:

postgresql-9.1

9.1.20-0ubuntu0.12.04

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References

CVE-2016-0766,

CVE-2016-0773

Ubuntu Security Notice USN-2892-1

9th February, 2016

nginx vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in nginx.

Software description

• nginx
  – small, powerful, scalable web/proxy server

Details

It was discovered that nginx incorrectly handled certain DNS server
responses when the resolver is enabled. A remote attacker could possibly
use this issue to cause nginx to crash, resulting in a denial of service.
(CVE-2016-0742)

It was discovered that nginx incorrectly handled CNAME response processing
when the resolver is enabled. A remote attacker could use this issue to
cause nginx to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-0746)

It was discovered that nginx incorrectly handled CNAME resolution when
the resolver is enabled. A remote attacker could possibly use this issue to
cause nginx to consume resources, resulting in a denial of service.
(CVE-2016-0747)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

nginx-extras

1.9.3-1ubuntu1.1

nginx-full

1.9.3-1ubuntu1.1

nginx-core

1.9.3-1ubuntu1.1

nginx-light

1.9.3-1ubuntu1.1

Ubuntu 14.04 LTS:

nginx-extras

1.4.6-1ubuntu3.4

nginx-full

1.4.6-1ubuntu3.4

nginx-core

1.4.6-1ubuntu3.4

nginx-light

1.4.6-1ubuntu3.4

nginx-naxsi

1.4.6-1ubuntu3.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-0742,

CVE-2016-0746,

CVE-2016-0747

Ubuntu Security Notice USN-2880-2

8th February, 2016

firefox regression

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

USN-2880-1 introduced a regression in Firefox.

Software description

• firefox
  – Mozilla Open Source web browser

Details

USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a
regression which caused Firefox to crash on startup with some configurations.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,
Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith,
and Gabor Krizsanits discovered multiple memory safety issues in Firefox.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1930, CVE-2016-1931)

Gustavo Grieco discovered an out-of-memory crash when loading GIF images
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could exploit this to cause a denial of
service. (CVE-2016-1933)

Aki Helin discovered a buffer overflow when rendering WebGL content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2016-1935)

It was discovered that a delay was missing when focusing the protocol
handler dialog. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct
clickjacking attacks. (CVE-2016-1937)

Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS
produce incorrect results in some circumstances, resulting in
cryptographic weaknesses. (CVE-2016-1938)

Nicholas Hurley discovered that Firefox allows for control characters to
be set in cookie names. An attacker could potentially exploit this to
conduct cookie injection attacks on some web servers. (CVE-2016-1939)

It was discovered that when certain invalid URLs are pasted in to the
addressbar, the addressbar contents may be manipulated to show the
location of arbitrary websites. An attacker could potentially exploit this
to conduct URL spoofing attacks. (CVE-2016-1942)

Ronald Crane discovered three vulnerabilities through code inspection. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946)

François Marier discovered that Application Reputation lookups didn’t
work correctly, disabling warnings for potentially malicious downloads. An
attacker could potentially exploit this by tricking a user in to
downloading a malicious file. Other parts of the Safe Browsing feature
were unaffected by this. (CVE-2016-1947)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

firefox

44.0.1+build2-0ubuntu0.15.10.1

Ubuntu 14.04 LTS:

firefox

44.0.1+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:

firefox

44.0.1+build2-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 1538724

Ubuntu Security Notice USN-2891-1

3rd February, 2016

qemu, qemu-kvm vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in QEMU.

Software description

• qemu
  – Machine emulator and virtualizer

• qemu-kvm
  – Machine emulator and virtualizer

Details

Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2015-7549)

Lian Yihan discovered that QEMU incorrectly handled the VNC server. A
remote attacker could use this issue to cause QEMU to crash, resulting in a
denial of service. (CVE-2015-8504)

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation
support. An attacker inside the guest could use this issue to cause QEMU to
consume resources, resulting in a denial of service. (CVE-2015-8558)

Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device.
An attacker inside the guest could use this issue to cause QEMU to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)

Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA
emulation. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)

Ling Liu discovered that QEMU incorrectly handled the Human Monitor
Interface. A local attacker could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)

David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset
emulation when performing VM guest migrations. An attacker could use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)

Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2015-8743)

It was discovered that QEMU incorrectly handled the vmxnet3 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)

Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An
attacker inside the guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile.
(CVE-2016-1568)

Donghai Zhu discovered that QEMU incorrect handled the firmware
configuration device. An attacker inside the guest could use this issue to
cause a denial of service, or possibly execute arbitrary code on the host
as the user running the QEMU process. In the default installation, when
QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2016-1714)

It was discovered that QEMU incorrectly handled the e1000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2016-1981)

Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 15.10.
(CVE-2016-2197)

Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2016-2198)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

qemu-system-misc

1:2.3+dfsg-5ubuntu9.2

qemu-system

1:2.3+dfsg-5ubuntu9.2

qemu-system-aarch64

1:2.3+dfsg-5ubuntu9.2

qemu-system-x86

1:2.3+dfsg-5ubuntu9.2

qemu-system-sparc

1:2.3+dfsg-5ubuntu9.2

qemu-system-arm

1:2.3+dfsg-5ubuntu9.2

qemu-system-ppc

1:2.3+dfsg-5ubuntu9.2

qemu-system-mips

1:2.3+dfsg-5ubuntu9.2

Ubuntu 14.04 LTS:

qemu-system-misc

2.0.0+dfsg-2ubuntu1.22

qemu-system

2.0.0+dfsg-2ubuntu1.22

qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.22

qemu-system-x86

2.0.0+dfsg-2ubuntu1.22

qemu-system-sparc

2.0.0+dfsg-2ubuntu1.22

qemu-system-arm

2.0.0+dfsg-2ubuntu1.22

qemu-system-ppc

2.0.0+dfsg-2ubuntu1.22

qemu-system-mips

2.0.0+dfsg-2ubuntu1.22

Ubuntu 12.04 LTS:

qemu-kvm

1.0+noroms-0ubuntu14.27

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

CVE-2015-7549,

CVE-2015-8504,

CVE-2015-8550,

CVE-2015-8558,

CVE-2015-8567,

CVE-2015-8568,

CVE-2015-8613,

CVE-2015-8619,

CVE-2015-8666,

CVE-2015-8743,

CVE-2015-8744,

CVE-2015-8745,

CVE-2016-1568,

CVE-2016-1714,

CVE-2016-1922,

CVE-2016-1981,

CVE-2016-2197,

CVE-2016-2198

Ubuntu Security Notice USN-2884-1

1st February, 2016

openjdk-7 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 15.10
• Ubuntu 15.04
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in OpenJDK 7.

Software description

• openjdk-7
  – Open Source Java implementation

Details

Multiple vulnerabilities were discovered in the OpenJDK JRE related
to information disclosure, data integrity, and availability. An
attacker could exploit these to cause a denial of service, expose
sensitive data over the network, or possibly execute arbitrary code.
(CVE-2016-0483, CVE-2016-0494)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this to expose sensitive data
over the network or possibly execute arbitrary code. (CVE-2016-0402)

It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used
for TLS connections. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to expose
sensitive information. (CVE-2015-7575)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit this to expose
sensitive data over the network. (CVE-2016-0448)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could exploit this to cause a denial of
service. (CVE-2016-0466)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:

openjdk-7-jre-lib

7u95-2.6.4-0ubuntu0.15.10.1

openjdk-7-jre-zero

7u95-2.6.4-0ubuntu0.15.10.1

icedtea-7-jre-jamvm

7u95-2.6.4-0ubuntu0.15.10.1

openjdk-7-jre-headless

7u95-2.6.4-0ubuntu0.15.10.1

openjdk-7-jre

7u95-2.6.4-0ubuntu0.15.10.1

Ubuntu 15.04:

openjdk-7-jre-lib

7u95-2.6.4-0ubuntu0.15.04.1

openjdk-7-jre-zero

7u95-2.6.4-0ubuntu0.15.04.1

icedtea-7-jre-jamvm

7u95-2.6.4-0ubuntu0.15.04.1

openjdk-7-jre-headless

7u95-2.6.4-0ubuntu0.15.04.1

openjdk-7-jre

7u95-2.6.4-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:

openjdk-7-jre-lib

7u95-2.6.4-0ubuntu0.14.04.1

openjdk-7-jre-zero

7u95-2.6.4-0ubuntu0.14.04.1

icedtea-7-jre-jamvm

7u95-2.6.4-0ubuntu0.14.04.1

openjdk-7-jre-headless

7u95-2.6.4-0ubuntu0.14.04.1

openjdk-7-jre

7u95-2.6.4-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

CVE-2015-7575,

CVE-2016-0402,

CVE-2016-0448,

CVE-2016-0466,

CVE-2016-0483,

CVE-2016-0494

Ubuntu Security Notice USN-2886-1

1st February, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux
  – Linux kernel

Details

It was discovered that a use-after-free vulnerability existed in the
AF_UNIX implementation in the Linux kernel. A local attacker could use
crafted epoll_ctl calls to cause a denial of service (system crash) or
expose sensitive information. (CVE-2013-7446)

It was discovered that the KVM implementation in the Linux kernel did not
properly restore the values of the Programmable Interrupt Timer (PIT). A
user-assisted attacker in a KVM guest could cause a denial of service in
the host (system crash). (CVE-2015-7513)

郭永刚 discovered that the ppp implementation in the Linux kernel did
not ensure that certain slot numbers are valid. A local attacker with the
privilege to call ioctl() on /dev/ppp could cause a denial of service
(system crash). (CVE-2015-7799)

Sasha Levin discovered that the Reliable Datagram Sockets (RDS)
implementation in the Linux kernel had a race condition when checking
whether a socket was bound or not. A local attacker could use this to cause
a denial of service (system crash). (CVE-2015-7990)

It was discovered that the Btrfs implementation in the Linux kernel
incorrectly handled compressed inline extants on truncation. A local
attacker could use this to expose sensitive information. (CVE-2015-8374)

郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)

Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)

David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)

It was discovered that the Linux kernel’s Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

linux-image-3.2.0-98-omap

3.2.0-98.138

linux-image-3.2.0-98-powerpc-smp

3.2.0-98.138

linux-image-3.2.0-98-generic-pae

3.2.0-98.138

linux-image-3.2.0-98-virtual

3.2.0-98.138

linux-image-3.2.0-98-highbank

3.2.0-98.138

linux-image-3.2.0-98-generic

3.2.0-98.138

linux-image-3.2.0-98-powerpc64-smp

3.2.0-98.138

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2013-7446,

CVE-2015-7513,

CVE-2015-7799,

CVE-2015-7990,

CVE-2015-8374,

CVE-2015-8543,

CVE-2015-8569,

CVE-2015-8575,

CVE-2015-8785