Ubuntu Secutity Notices

Subscribe to Ubuntu Secutity Notices hírcsatorna
Ubuntu Security Notices feed
Frissítve: 16 perc 43 másodperc
2017. szeptember 22.

USN-3428-1: Emacs vulnerability

Ubuntu Security Notice USN-3428-1

21st September, 2017

emacs25 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Emacs could be made to run programs as your login if it opened a specially crafted file.

Software description
  • emacs25 - GNU Emacs editor
Details

Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file (e.g., email
messages in gnus), an attacker could possibly use this to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
emacs25 25.1+1-3ubuntu4.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14482

2017. szeptember 22.

USN-3427-1: Emacs vulnerability

Ubuntu Security Notice USN-3427-1

21st September, 2017

emacs24 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Emacs could be made to run programs as your login if it opened a specially crafted file.

Software description
  • emacs24 - GNU Emacs editor
Details

Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
emacs24 24.5+1-6ubuntu1.1
Ubuntu 14.04 LTS:
emacs24 24.3+1-2ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14482

2017. szeptember 21.

USN-3426-1: Samba vulnerabilities

Ubuntu Security Notice USN-3426-1

21st September, 2017

samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Samba could be made to expose sensitive information over the network.

Software description
  • samba - SMB/CIFS file, print, and login server for Unix
Details

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a man
in the middle attack. (CVE-2017-12150)

Stefan Metzmacher discovered that Samba incorrectly handled encryption
across DFS redirects. A remote attacker could use this issue to perform a
man in the middle attack. (CVE-2017-12151)

Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
samba 2:4.5.8+dfsg-0ubuntu0.17.04.7
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.11
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-12150, CVE-2017-12151, CVE-2017-12163

2017. szeptember 20.

USN-3414-2: QEMU regression

Ubuntu Security Notice USN-3414-2

20th September, 2017

qemu regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

USN-3414-1 introduced a regression in QEMU.

Software description
  • qemu - Machine emulator and virtualizer
Details

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for
CVE-2017-9375 was incomplete and caused a regression in the USB xHCI
controller emulation support. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control.
A guest attacker could use this issue to elevate privileges inside the
guest. (CVE-2017-7493)

Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.
A privileged attacker inside the guest could use this issue to cause QEMU
to consume resources or crash, resulting in a denial of service.
(CVE-2017-8112)

It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host
Bus Adapter emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly to obtain sensitive host memory. This issue only affected Ubuntu
16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An
attacker inside the guest could use this issue to cause QEMU to consume
resources and crash, resulting in a denial of service. This issue only
affected Ubuntu 17.04. (CVE-2017-9060)

Li Qiang discovered that QEMU incorrectly handled the e1000e device. A
privileged attacker inside the guest could use this issue to cause QEMU to
hang, resulting in a denial of service. This issue only affected Ubuntu
17.04. (CVE-2017-9310)

Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation
support. An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2017-9330)

Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9373)

Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9374)

Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)

Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2
Host Bus Adapter emulation support. A privileged attacker inside the guest
could use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2017-9503)

It was discovered that the QEMU qemu-nbd server incorrectly handled
initialization. A remote attacker could use this issue to cause the server
to crash, resulting in a denial of service. (CVE-2017-9524)

It was discovered that the QEMU qemu-nbd server incorrectly handled
signals. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2017-10664)

Li Qiang discovered that the QEMU USB redirector incorrectly handled
logging debug messages. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)

Anthony Perard discovered that QEMU incorrectly handled Xen block-interface
responses. An attacker inside the guest could use this issue to cause QEMU
to leak contents of host memory. (CVE-2017-10911)

Reno Robert discovered that QEMU incorrectly handled certain DHCP options
strings. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2017-11434)

Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device
drives. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
qemu-system-misc 1:2.8+dfsg-3ubuntu2.5
qemu-system-s390x 1:2.8+dfsg-3ubuntu2.5
qemu-system 1:2.8+dfsg-3ubuntu2.5
qemu-system-aarch64 1:2.8+dfsg-3ubuntu2.5
qemu-system-x86 1:2.8+dfsg-3ubuntu2.5
qemu-system-sparc 1:2.8+dfsg-3ubuntu2.5
qemu-system-arm 1:2.8+dfsg-3ubuntu2.5
qemu-system-ppc 1:2.8+dfsg-3ubuntu2.5
qemu-system-mips 1:2.8+dfsg-3ubuntu2.5
Ubuntu 16.04 LTS:
qemu-system-misc 1:2.5+dfsg-5ubuntu10.16
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.16
qemu-system 1:2.5+dfsg-5ubuntu10.16
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.16
qemu-system-x86 1:2.5+dfsg-5ubuntu10.16
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.16
qemu-system-arm 1:2.5+dfsg-5ubuntu10.16
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.16
qemu-system-mips 1:2.5+dfsg-5ubuntu10.16
Ubuntu 14.04 LTS:
qemu-system-misc 2.0.0+dfsg-2ubuntu1.36
qemu-system 2.0.0+dfsg-2ubuntu1.36
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.36
qemu-system-x86 2.0.0+dfsg-2ubuntu1.36
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.36
qemu-system-arm 2.0.0+dfsg-2ubuntu1.36
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.36
qemu-system-mips 2.0.0+dfsg-2ubuntu1.36

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

LP: 1718222

2017. szeptember 19.

USN-3425-1: Apache HTTP Server vulnerability

Ubuntu Security Notice USN-3425-1

19th September, 2017

apache2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Apache HTTP Server could be made to expose sensitive information over the network.

Software description
  • apache2 - Apache HTTP server
Details

Hanno Böck discovered that the Apache HTTP Server incorrectly handled
Limit directives in .htaccess files. In certain configurations, a remote
attacker could possibly use this issue to read arbitrary server memory,
including sensitive information. This issue is known as Optionsbleed.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
apache2-bin 2.4.25-3ubuntu2.3
Ubuntu 16.04 LTS:
apache2-bin 2.4.18-2ubuntu3.5
Ubuntu 14.04 LTS:
apache2-bin 2.4.7-1ubuntu4.18

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-9798

2017. szeptember 19.

USN-3424-1: libxml2 vulnerabilities

Ubuntu Security Notice USN-3424-1

18th September, 2017

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in libxml2.

Software description
  • libxml2 - GNOME XML library
Details

It was discovered that a type confusion error existed in libxml2. An
attacker could use this to specially construct XML data that
could cause a denial of service or possibly execute arbitrary
code. (CVE-2017-0663)

It was discovered that libxml2 did not properly validate parsed entity
references. An attacker could use this to specially construct XML
data that could expose sensitive information. (CVE-2017-7375)

It was discovered that a buffer overflow existed in libxml2 when
handling HTTP redirects. An attacker could use this to specially
construct XML data that could cause a denial of service or possibly
execute arbitrary code. (CVE-2017-7376)

Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in
libxml2 when handling elements. An attacker could use this to specially
construct XML data that could cause a denial of service or possibly
execute arbitrary code. (CVE-2017-9047)

Marcel Böhme and Van-Thuan Pham discovered a buffer overread
in libxml2 when handling elements. An attacker could use this
to specially construct XML data that could cause a denial of
service. (CVE-2017-9048)

Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads
in libxml2 when handling parameter-entity references. An attacker
could use these to specially construct XML data that could cause a
denial of service. (CVE-2017-9049, CVE-2017-9050)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libxml2 2.9.4+dfsg1-2.2ubuntu0.1
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.3
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

2017. szeptember 19.

USN-3423-1: Linux kernel vulnerability

Ubuntu Security Notice USN-3423-1

18th September, 2017

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

The system could be made to crash if it received specially crafted bluetooth traffic.

Software description
  • linux - Linux kernel
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash).

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-powerpc-smp 3.2.0.131.145
linux-image-3.2.0-131-omap 3.2.0-131.177
linux-image-3.2.0-131-powerpc-smp 3.2.0-131.177
linux-image-generic 3.2.0.131.145
linux-image-3.2.0-131-generic-pae 3.2.0-131.177
linux-image-3.2.0-131-highbank 3.2.0-131.177
linux-image-generic-pae 3.2.0.131.145
linux-image-3.2.0-131-virtual 3.2.0-131.177
linux-image-highbank 3.2.0.131.145
linux-image-virtual 3.2.0.131.145
linux-image-powerpc64-smp 3.2.0.131.145
linux-image-3.2.0-131-generic 3.2.0-131.177
linux-image-omap 3.2.0.131.145
linux-image-3.2.0-131-powerpc64-smp 3.2.0-131.177

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251

2017. szeptember 19.

USN-3422-2: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu Security Notice USN-3422-2

18th September, 2017

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM
Details

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-generic-lpae-lts-trusty 3.13.0.132.122
linux-image-3.13.0-132-generic 3.13.0-132.181~precise1
linux-image-generic-lts-trusty 3.13.0.132.122
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181~precise1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650, CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191, CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970, CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187, CVE-2017-7472, CVE-2017-7541

2017. szeptember 19.

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities

Ubuntu Security Notice USN-3420-2

18th September, 2017

linux-lts-xenial vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
Details

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code
in the ISDN subsystem of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV
Decoder driver for the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-8831)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial 4.4.0.96.80
linux-image-generic-lpae-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-powerpc64-emb 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-powerpc-smp 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-lowlatency 4.4.0-96.119~14.04.1
linux-image-lowlatency-lts-xenial 4.4.0.96.80
linux-image-generic-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-generic 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-generic-lpae 4.4.0-96.119~14.04.1
linux-image-powerpc64-smp-lts-xenial 4.4.0.96.80
linux-image-powerpc64-emb-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-powerpc-e500mc 4.4.0-96.119~14.04.1
linux-image-powerpc-e500mc-lts-xenial 4.4.0.96.80
linux-image-4.4.0-96-powerpc64-smp 4.4.0-96.119~14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831

2017. szeptember 19.

USN-3419-2: Linux kernel (HWE) vulnerabilities

Ubuntu Security Notice USN-3419-2

18th September, 2017

linux-hwe vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-hwe - Linux hardware enablement (HWE) kernel
Details

USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-lowlatency-hwe-16.04 4.10.0.35.37
linux-image-4.10.0-35-generic 4.10.0-35.39~16.04.1
linux-image-4.10.0-35-lowlatency 4.10.0-35.39~16.04.1
linux-image-generic-lpae-hwe-16.04 4.10.0.35.37
linux-image-generic-hwe-16.04 4.10.0.35.37
linux-image-4.10.0-35-generic-lpae 4.10.0-35.39~16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-7541

2017. szeptember 19.

USN-3419-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3419-1

18th September, 2017

linux, linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
linux-image-generic 4.10.0.35.35
linux-image-4.10.0-35-generic 4.10.0-35.39
linux-image-4.10.0-35-lowlatency 4.10.0-35.39
linux-image-4.10.0-35-generic-lpae 4.10.0-35.39
linux-image-generic-lpae 4.10.0.35.35
linux-image-lowlatency 4.10.0.35.35
linux-image-raspi2 4.10.0.1018.19
linux-image-4.10.0-1018-raspi2 4.10.0-1018.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-7541

2017. szeptember 19.

USN-3420-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3420-1

18th September, 2017

linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-gke - Linux kernel for Google Container Engine (GKE) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code
in the ISDN subsystem of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV
Decoder driver for the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-8831)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-powerpc-e500mc 4.4.0.96.101
linux-image-4.4.0-1076-snapdragon 4.4.0-1076.81
linux-image-4.4.0-1031-gke 4.4.0-1031.31
linux-image-4.4.0-96-powerpc-e500mc 4.4.0-96.119
linux-image-4.4.0-96-powerpc64-emb 4.4.0-96.119
linux-image-4.4.0-96-generic-lpae 4.4.0-96.119
linux-image-snapdragon 4.4.0.1076.68
linux-image-4.4.0-96-powerpc64-smp 4.4.0-96.119
linux-image-powerpc64-emb 4.4.0.96.101
linux-image-gke 4.4.0.1031.32
linux-image-generic 4.4.0.96.101
linux-image-4.4.0-96-powerpc-smp 4.4.0-96.119
linux-image-4.4.0-96-lowlatency 4.4.0-96.119
linux-image-4.4.0-96-generic 4.4.0-96.119
linux-image-aws 4.4.0.1035.37
linux-image-kvm 4.4.0.1007.7
linux-image-raspi2 4.4.0.1074.74
linux-image-4.4.0-1074-raspi2 4.4.0-1074.82
linux-image-powerpc-smp 4.4.0.96.101
linux-image-generic-lpae 4.4.0.96.101
linux-image-4.4.0-1035-aws 4.4.0-1035.44
linux-image-4.4.0-1007-kvm 4.4.0-1007.12
linux-image-powerpc64-smp 4.4.0.96.101
linux-image-lowlatency 4.4.0.96.101

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831

2017. szeptember 19.

USN-3421-1: Libidn2 vulnerability

Ubuntu Security Notice USN-3421-1

18th September, 2017

libidn2-0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Libidn2 could be made to crash if it received specially crafted input.

Software description
  • libidn2-0 - Internationalized domain names (IDNA2008) library
Details

It was discovered that Libidn2 incorrectly handled certain input. A
remote attacker could possibly use this issue to cause Libidn2 to crash,
resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libidn2-0 0.16-1ubuntu0.1
idn2 0.16-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14062

2017. szeptember 19.

USN-3422-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3422-1

18th September, 2017

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
Details

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp 3.13.0.132.141
linux-image-powerpc-e500mc 3.13.0.132.141
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181
linux-image-3.13.0-132-powerpc-e500mc 3.13.0-132.181
linux-image-generic 3.13.0.132.141
linux-image-3.13.0-132-powerpc-e500 3.13.0-132.181
linux-image-3.13.0-132-generic 3.13.0-132.181
linux-image-3.13.0-132-powerpc64-emb 3.13.0-132.181
linux-image-powerpc64-emb 3.13.0.132.141
linux-image-powerpc-e500 3.13.0.132.141
linux-image-powerpc64-smp 3.13.0.132.141
linux-image-generic-lpae 3.13.0.132.141
linux-image-3.13.0-132-powerpc-smp 3.13.0-132.181
linux-image-3.13.0-132-powerpc64-smp 3.13.0-132.181
linux-image-lowlatency 3.13.0.132.141
linux-image-3.13.0-132-lowlatency 3.13.0-132.181

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650, CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191, CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970, CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187, CVE-2017-7472, CVE-2017-7541

2017. szeptember 18.

USN-3346-2: Bind regression

Ubuntu Security Notice USN-3346-2

18th September, 2017

bind9 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

USN-3346-1 introduced a regression in Bind.

Software description
  • bind9 - Internet Domain Name Server
Details

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142
introduced a regression in the ability to receive an AXFR or IXFR in the
case where TSIG is used and not every message is signed. This update fixes
the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory details:

Clément Berthaux discovered that Bind did not correctly check TSIG
authentication for zone update requests. An attacker could use this
to improperly perform zone updates. (CVE-2017-3143)

Clément Berthaux discovered that Bind did not correctly check TSIG
authentication for zone transfer requests. An attacker could use this
to improperly transfer entire zones. (CVE-2017-3142)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.2
Ubuntu 16.04 LTS:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.8
Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.16

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Bind to make
all the necessary changes.

References

LP: 1717981

2017. szeptember 18.

USN-3418-1: GDK-PixBuf vulnerabilities

Ubuntu Security Notice USN-3418-1

18th September, 2017

gdk-pixbuf vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.

Software description
  • gdk-pixbuf - GDK Pixbuf library
Details

It was discovered that the GDK-PixBuf library did not properly handle
certain jpeg images. If an user or automated system were tricked into
opening a specially crafted jpeg file, a remote attacker could use this
flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2017-2862)

It was discovered that the GDK-PixBuf library did not properly handle
certain tiff images. If an user or automated system were tricked into
opening a specially crafted tiff file, a remote attacker could use this
flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2017-2870)

Ariel Zelivansky discovered that the GDK-PixBuf library did not properly
handle printing certain error messages. If an user or automated system were
tricked into opening a specially crafted image file, a remote attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of
service. (CVE-2017-6311)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libgdk-pixbuf2.0-0 2.36.5-3ubuntu0.2
Ubuntu 16.04 LTS:
libgdk-pixbuf2.0-0 2.32.2-1ubuntu1.3
Ubuntu 14.04 LTS:
libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2017-2862, CVE-2017-2870, CVE-2017-6311

2017. szeptember 15.

USN-3416-1: Thunderbird vulnerabilities

Ubuntu Security Notice USN-3416-1

14th September, 2017

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in Thunderbird.

Software description
  • thunderbird - Mozilla Open Source mail and newsgroup client
Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to bypass same-origin
restrictions, bypass CSP restrictions, obtain sensitive information, spoof
the origin of modal alerts, cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779,
CVE-2017-7784, CVE-2017-7785, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,
CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807,
CVE-2017-7809)

A buffer overflow was discovered when displaying SVG content in some
circumstances. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-7786)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
thunderbird 1:52.3.0+build1-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
thunderbird 1:52.3.0+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
thunderbird 1:52.3.0+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809

2017. szeptember 14.

USN-3417-1: Libgcrypt vulnerability

Ubuntu Security Notice USN-3417-1

14th September, 2017

libgcrypt20 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
Summary

Libgcrypt could be made to expose sensitive information.

Software description
  • libgcrypt20 - LGPL Crypto library
Details

Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was
susceptible to an attack via side channels. A local attacker could use this
attack to recover Curve25519 private keys.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
libgcrypt20 1.7.6-1ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-0379

2017. szeptember 14.

USN-3415-2: tcpdump vulnerabilities

Ubuntu Security Notice USN-3415-2

13th September, 2017

tcpdump vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in tcpdump

Software description
  • tcpdump - command-line network traffic analyzer
Details

USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the
corresponding tcpdump update for Ubuntu 12.04 ESM.

Original advisory details:

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder
in tcpdump. A remote attacker could use this to cause a denial
of service (application crash) or possibly execute arbitrary
code. (CVE-2017-11543)

Bhargava Shastry discovered a buffer overflow in the bitfield converter
utility function bittok2str_internal() in tcpdump. A remote attacker
could use this to cause a denial of service (application crash)
or possibly execute arbitrary code. (CVE-2017-13011)

Otto Airamo and Antti Levomäki discovered logic errors in different
protocol parsers in tcpdump that could lead to an infinite loop. A
remote attacker could use these to cause a denial of service
(application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,
CVE-2017-12997)

Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz,
Katie Holly, Kim Gwan Yeong, Antti Levomäki, Henri Salo, and Bhargava
Shastry discovered out-of-bounds reads in muliptle protocol parsers
in tcpdump. A remote attacker could use these to cause a denial
of service (application crash). (CVE-2017-11108, CVE-2017-11541,
CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895,
CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899,
CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985,
CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991,
CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996,
CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001,
CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005,
CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009,
CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,
CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,
CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,
CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,
CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,
CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,
CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,
CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,
CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,
CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,
CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,
CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,
CVE-2017-13690, CVE-2017-13725)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
tcpdump 4.9.2-0ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725

2017. szeptember 14.

USN-3415-1: tcpdump vulnerabilities

Ubuntu Security Notice USN-3415-1

13th September, 2017

tcpdump vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in tcpdump.

Software description
  • tcpdump - command-line network traffic analyzer
Details

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder
in tcpdump. A remote attacker could use this to cause a denial
of service (application crash) or possibly execute arbitrary
code. (CVE-2017-11543)

Bhargava Shastry discovered a buffer overflow in the bitfield converter
utility function bittok2str_internal() in tcpdump. A remote attacker
could use this to cause a denial of service (application crash)
or possibly execute arbitrary code. (CVE-2017-13011)

Otto Airamo and Antti Levomäki discovered logic errors in different
protocol parsers in tcpdump that could lead to an infinite loop. A
remote attacker could use these to cause a denial of service
(application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,
CVE-2017-12997)

Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz,
Katie Holly, Kim Gwan Yeong, Antti Levomäki, Henri Salo, and Bhargava
Shastry discovered out-of-bounds reads in muliptle protocol parsers
in tcpdump. A remote attacker could use these to cause a denial
of service (application crash). (CVE-2017-11108, CVE-2017-11541,
CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895,
CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899,
CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985,
CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991,
CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996,
CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001,
CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005,
CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009,
CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,
CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,
CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,
CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,
CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,
CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,
CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,
CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,
CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,
CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,
CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,
CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,
CVE-2017-13690, CVE-2017-13725)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
tcpdump 4.9.2-0ubuntu0.17.04.2
Ubuntu 16.04 LTS:
tcpdump 4.9.2-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
tcpdump 4.9.2-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725