Canonical USN OVAL Generator 1 5.11.1 2024-05-04T15:27:14 Copyright (C) 2024 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/. Ubuntu 14.04 LTS Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. (CVE-2014-0473) Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. (CVE-2014-0474) Update Instructions: Run `sudo pro fix USN-2169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.1 python-django - 1.6.1-2ubuntu0.1 No subscription required Medium CVE-2014-0472 CVE-2014-0473 CVE-2014-0474 Ubuntu 14.04 LTS USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory details: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. (CVE-2014-0473) Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. (CVE-2014-0474) Update Instructions: Run `sudo pro fix USN-2169-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.2 python-django - 1.6.1-2ubuntu0.2 No subscription required None https://launchpad.net/bugs/1311433 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html Additionally, Matthias Reichl discovered that the mysql-5.5 packages were missing the patches applied previously in the mysql-5.1 packages to drop the default test database and localhost permissions granting access to any databases starting with "test_". This update reintroduces these patches for Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10. Existing test databases and permissions will not be modified on upgrade. To manually restrict access for existing installations, please refer to the following: http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html Update Instructions: Run `sudo pro fix USN-2170-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.37-0ubuntu0.14.04.1 mysql-client - 5.5.37-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.37-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.37-0ubuntu0.14.04.1 libmysqld-pic - 5.5.37-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.37-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.37-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.37-0ubuntu0.14.04.1 mysql-common - 5.5.37-0ubuntu0.14.04.1 mysql-server - 5.5.37-0ubuntu0.14.04.1 mysql-testsuite - 5.5.37-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.37-0ubuntu0.14.04.1 libmysqld-dev - 5.5.37-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.37-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-0001 CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 Ubuntu 14.04 LTS Ryan Finnie discovered that the rsync daemon incorrectly handled invalid usernames. A remote attacker could use this issue to cause rsync to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2171-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.0-2ubuntu0.1 No subscription required Medium CVE-2014-2855 Ubuntu 14.04 LTS Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-0150) Benoît Canet discovered that QEMU incorrectly handled SMART self-tests. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-2894) Update Instructions: Run `sudo pro fix USN-2182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-user-static - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-misc - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-arm - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-kvm - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-user - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-keymaps - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-utils - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-aarch64 - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-sparc - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-x86 - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-common - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-guest-agent - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-ppc - 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-mips - 2.0.0~rc1+dfsg-0ubuntu3.1 No subscription required Medium CVE-2013-4544 CVE-2014-0150 CVE-2014-2894 Ubuntu 14.04 LTS Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Update Instructions: Run `sudo pro fix USN-2183-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.17.5ubuntu5.1 dselect - 1.17.5ubuntu5.1 libdpkg-dev - 1.17.5ubuntu5.1 dpkg - 1.17.5ubuntu5.1 libdpkg-perl - 1.17.5ubuntu5.1 No subscription required Medium CVE-2014-0471 Ubuntu 14.04 LTS USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory details: Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Update Instructions: Run `sudo pro fix USN-2183-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.17.5ubuntu5.2 dselect - 1.17.5ubuntu5.2 libdpkg-dev - 1.17.5ubuntu5.2 dpkg - 1.17.5ubuntu5.2 libdpkg-perl - 1.17.5ubuntu5.2 No subscription required Medium CVE-2014-0471 Ubuntu 14.04 LTS Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Update Instructions: Run `sudo pro fix USN-2184-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unity-services - 7.2.0+14.04.20140423-0ubuntu1.1 unity-autopilot - 7.2.0+14.04.20140423-0ubuntu1.1 libunity-2d-private0 - 7.2.0+14.04.20140423-0ubuntu1.1 unity-2d-spread - 7.2.0+14.04.20140423-0ubuntu1.1 libunity-core-6.0-9 - 7.2.0+14.04.20140423-0ubuntu1.1 libunity-2d-private-dev - 7.2.0+14.04.20140423-0ubuntu1.1 unity - 7.2.0+14.04.20140423-0ubuntu1.1 unity-2d - 7.2.0+14.04.20140423-0ubuntu1.1 libunity-core-6.0-dev - 7.2.0+14.04.20140423-0ubuntu1.1 unity-2d-shell - 7.2.0+14.04.20140423-0ubuntu1.1 unity-2d-panel - 7.2.0+14.04.20140423-0ubuntu1.1 unity-2d-common - 7.2.0+14.04.20140423-0ubuntu1.1 No subscription required None https://launchpad.net/bugs/1313885 https://launchpad.net/bugs/1308850 Ubuntu 14.04 LTS USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. We apologize for the inconvenience. Original advisory details: Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Update Instructions: Run `sudo pro fix USN-2184-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unity-services - 7.2.0+14.04.20140423-0ubuntu1.2 unity-autopilot - 7.2.0+14.04.20140423-0ubuntu1.2 libunity-2d-private0 - 7.2.0+14.04.20140423-0ubuntu1.2 unity-2d-spread - 7.2.0+14.04.20140423-0ubuntu1.2 libunity-core-6.0-9 - 7.2.0+14.04.20140423-0ubuntu1.2 libunity-2d-private-dev - 7.2.0+14.04.20140423-0ubuntu1.2 unity - 7.2.0+14.04.20140423-0ubuntu1.2 unity-2d - 7.2.0+14.04.20140423-0ubuntu1.2 libunity-core-6.0-dev - 7.2.0+14.04.20140423-0ubuntu1.2 unity-2d-shell - 7.2.0+14.04.20140423-0ubuntu1.2 unity-2d-panel - 7.2.0+14.04.20140423-0ubuntu1.2 unity-2d-common - 7.2.0+14.04.20140423-0ubuntu1.2 No subscription required None https://launchpad.net/bugs/1314247 Ubuntu 14.04 LTS Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519) An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522) Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523) Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1524) Abhishek Arya discovered a use-after-free in the Text Track Manager when processing HTML video. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1525) Jukka Jylänki discovered an out-of-bounds write in Cairo when working with canvas in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1528) Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. An attacker could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1529) It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. An attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530) A use-after-free was discovered when resizing images in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1531) Christian Heimes discovered that NSS did not handle IDNA domain prefixes correctly for wildcard certificates. An attacker could potentially exploit this by using a specially crafted certificate to conduct a machine-in-the-middle attack. (CVE-2014-1492) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1532) Boris Zbarsky discovered that the debugger bypassed XrayWrappers for some objects. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1526) Update Instructions: Run `sudo pro fix USN-2185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-nn - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-nb - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-fa - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-fi - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-fr - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-fy - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-or - 29.0+build1-0ubuntu0.14.04.2 firefox-testsuite - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-oc - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-cs - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ga - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-gd - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-gl - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-gu - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-pa - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-pl - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-cy - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-pt - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-hi - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ms - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-he - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-hy - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-hr - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-hu - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-it - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-as - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ar - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-id - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-mai - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-af - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-is - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-vi - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-an - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-bs - 29.0+build1-0ubuntu0.14.04.2 firefox - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ro - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ja - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ru - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-br - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-zh-hant - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-zh-hans - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-bn - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-be - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-bg - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-sl - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-sk - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-si - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-sw - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-sv - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-sr - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-sq - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ko - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-kn - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-km - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-kk - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ka - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-xh - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ca - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ku - 29.0+build1-0ubuntu0.14.04.2 firefox-mozsymbols - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-lv - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-lt - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-th - 29.0+build1-0ubuntu0.14.04.2 firefox-dev - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-te - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ta - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-lg - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-tr - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-nso - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-de - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-da - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-uk - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-mr - 29.0+build1-0ubuntu0.14.04.2 firefox-globalmenu - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ml - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-mn - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-mk - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-eu - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-et - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-es - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-csb - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-el - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-eo - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-en - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-zu - 29.0+build1-0ubuntu0.14.04.2 firefox-locale-ast - 29.0+build1-0ubuntu0.14.04.2 No subscription required Medium CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1492 CVE-2014-1532 CVE-2014-1526 https://launchpad.net/bugs/1313464 Ubuntu 14.04 LTS Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-0459) Jakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2014-1876) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-2398, CVE-2014-2413) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-2403) Update Instructions: Run `sudo pro fix USN-2187-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u55-2.4.7-1ubuntu1 openjdk-7-source - 7u55-2.4.7-1ubuntu1 icedtea-7-jre-jamvm - 7u55-2.4.7-1ubuntu1 openjdk-7-jre-lib - 7u55-2.4.7-1ubuntu1 openjdk-7-jdk - 7u55-2.4.7-1ubuntu1 openjdk-7-jre-headless - 7u55-2.4.7-1ubuntu1 openjdk-7-jre - 7u55-2.4.7-1ubuntu1 openjdk-7-doc - 7u55-2.4.7-1ubuntu1 openjdk-7-demo - 7u55-2.4.7-1ubuntu1 No subscription required Medium CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 https://launchpad.net/bugs/1283828 Ubuntu 14.04 LTS Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2188-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasm1 - 0.158-0ubuntu5.1 libdw-dev - 0.158-0ubuntu5.1 libelf1 - 0.158-0ubuntu5.1 libelf-dev - 0.158-0ubuntu5.1 elfutils - 0.158-0ubuntu5.1 libdw1 - 0.158-0ubuntu5.1 libasm-dev - 0.158-0ubuntu5.1 No subscription required Medium CVE-2014-0172 Ubuntu 14.04 LTS Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518) Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523) Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1524) Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. If a user had enabled scripting, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1529) It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530) A use-after-free was discovered when resizing images in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1531) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1532) Update Instructions: Run `sudo pro fix USN-2189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:24.5.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:24.5.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:24.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:24.5.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 https://launchpad.net/bugs/1313886 Ubuntu 14.04 LTS Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2190-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jbigkit-bin - 2.0-2ubuntu4.1 libjbig-dev - 2.0-2ubuntu4.1 libjbig0 - 2.0-2ubuntu4.1 No subscription required Medium CVE-2013-6369 Ubuntu 14.04 LTS It was discovered that OpenSSL incorrectly handled memory in the ssl3_read_bytes() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. (CVE-2010-5298) It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0198) Update Instructions: Run `sudo pro fix USN-2192-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.1 libssl-dev - 1.0.1f-1ubuntu2.1 openssl - 1.0.1f-1ubuntu2.1 libssl-doc - 1.0.1f-1ubuntu2.1 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.1 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.1 No subscription required Medium CVE-2010-5298 CVE-2014-0198 Ubuntu 14.04 LTS A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Update Instructions: Run `sudo pro fix USN-2204-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-24-powerpc64-emb - 3.13.0-24.47 linux-image-3.13.0-24-powerpc64-smp - 3.13.0-24.47 linux-image-3.13.0-24-generic - 3.13.0-24.47 linux-image-3.13.0-24-powerpc-smp - 3.13.0-24.47 linux-image-3.13.0-24-powerpc-e500 - 3.13.0-24.47 linux-image-3.13.0-24-generic-lpae - 3.13.0-24.47 linux-image-extra-3.13.0-24-generic - 3.13.0-24.47 linux-image-3.13.0-24-powerpc-e500mc - 3.13.0-24.47 linux-image-3.13.0-24-lowlatency - 3.13.0-24.47 No subscription required Critical CVE-2014-0196 Ubuntu 14.04 LTS Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4231) Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4232) Murray McAllister discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2013-4243) Huzaifa Sidhpurwala discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4244) Update Instructions: Run `sudo pro fix USN-2205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.1 libtiffxx5 - 4.0.3-7ubuntu0.1 libtiff5-dev - 4.0.3-7ubuntu0.1 libtiff4-dev - 4.0.3-7ubuntu0.1 libtiff5-alt-dev - 4.0.3-7ubuntu0.1 libtiff5 - 4.0.3-7ubuntu0.1 libtiff-tools - 4.0.3-7ubuntu0.1 libtiff-doc - 4.0.3-7ubuntu0.1 No subscription required Medium CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 Ubuntu 14.04 LTS Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. (CVE-2014-2707) Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause it to accept browse packets from all hosts, contrary to intended configuration. Update Instructions: Run `sudo pro fix USN-2210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.0.52-0ubuntu1.1 libfontembed1 - 1.0.52-0ubuntu1.1 libcupsfilters-dev - 1.0.52-0ubuntu1.1 cups-filters - 1.0.52-0ubuntu1.1 cups-browsed - 1.0.52-0ubuntu1.1 cups-filters-core-drivers - 1.0.52-0ubuntu1.1 libcupsfilters1 - 1.0.52-0ubuntu1.1 No subscription required High CVE-2014-2707 Ubuntu 14.04 LTS Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. (CVE-2014-0209) Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211) Update Instructions: Run `sudo pro fix USN-2211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfont1 - 1:1.4.7-1ubuntu0.1 libxfont1-udeb - 1:1.4.7-1ubuntu0.1 libxfont-dev - 1:1.4.7-1ubuntu0.1 No subscription required Medium CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 Ubuntu 14.04 LTS Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in Internet Explorer 6 and 7. (CVE-2014-1418) Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers. An attacker may use this to cause unexpected redirects. An update has been provided for 12.04 LTS, 12.10, 13.10, and 14.04 LTS; this issue remains unfixed for 10.04 LTS as no "is_safe_url()" functionality existed in this version. Update Instructions: Run `sudo pro fix USN-2212-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.3 python-django - 1.6.1-2ubuntu0.3 No subscription required Medium CVE-2014-1418 Ubuntu 14.04 LTS It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2213-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.1 dovecot-mysql - 1:2.2.9-1ubuntu2.1 dovecot-sieve - 1:2.2.9-1ubuntu2.1 dovecot-core - 1:2.2.9-1ubuntu2.1 dovecot-ldap - 1:2.2.9-1ubuntu2.1 dovecot-sqlite - 1:2.2.9-1ubuntu2.1 dovecot-dev - 1:2.2.9-1ubuntu2.1 dovecot-pop3d - 1:2.2.9-1ubuntu2.1 dovecot-imapd - 1:2.2.9-1ubuntu2.1 dovecot-managesieved - 1:2.2.9-1ubuntu2.1 mail-stack-delivery - 1:2.2.9-1ubuntu2.1 dovecot-gssapi - 1:2.2.9-1ubuntu2.1 dovecot-solr - 1:2.2.9-1ubuntu2.1 dovecot-lmtpd - 1:2.2.9-1ubuntu2.1 No subscription required Medium CVE-2014-3430 Ubuntu 14.04 LTS Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2214-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.1 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.1 libxml2 - 2.9.1+dfsg1-3ubuntu4.1 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.1 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.1 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.1 No subscription required Medium CVE-2014-0191 Ubuntu 14.04 LTS USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2214-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.2 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.2 libxml2 - 2.9.1+dfsg1-3ubuntu4.2 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.2 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.2 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.2 No subscription required None https://launchpad.net/bugs/1321869 Ubuntu 14.04 LTS USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2214-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.3 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.3 libxml2 - 2.9.1+dfsg1-3ubuntu4.3 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.3 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.3 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.3 No subscription required None https://launchpad.net/bugs/1321869 Ubuntu 14.04 LTS It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2216-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpurple-dev - 1:2.10.9-0ubuntu3.1 pidgin - 1:2.10.9-0ubuntu3.1 pidgin-data - 1:2.10.9-0ubuntu3.1 finch-dev - 1:2.10.9-0ubuntu3.1 pidgin-dev - 1:2.10.9-0ubuntu3.1 libpurple-bin - 1:2.10.9-0ubuntu3.1 finch - 1:2.10.9-0ubuntu3.1 libpurple0 - 1:2.10.9-0ubuntu3.1 No subscription required Medium CVE-2014-3775 Ubuntu 14.04 LTS It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-2217-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.3.3-1ubuntu0.1 python-lxml - 3.3.3-1ubuntu0.1 python-lxml-doc - 3.3.3-1ubuntu0.1 No subscription required Medium CVE-2014-3146 Ubuntu 14.04 LTS Róbert Kisteleki discovered mod_wsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. (CVE-2014-0240) Buck Golemon discovered that mod_wsgi used memory that had been freed. A remote attacker could use this issue to read process memory via the Content-Type response header. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0242) Update Instructions: Run `sudo pro fix USN-2222-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-wsgi - 3.4-4ubuntu2.1.14.04.1 libapache2-mod-wsgi-py3 - 3.4-4ubuntu2.1.14.04.1 No subscription required Medium CVE-2014-0240 CVE-2014-0242 Ubuntu 14.04 LTS Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) Török Edwin discovered a flaw with Xen netback driver when used with Linux configurations that do not allow sleeping in softirq context. A guest administrator could exploit this flaw to cause a denial of service (system crash) on the host. (CVE-2014-2580) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Hannes Frederic Sowa reported a hash collision ordering problem in the xfs filesystem in the Linux kernel. A local user could exploit this flaw to cause filesystem corruption and a denial of service (oops or panic). (CVE-2014-7283) Update Instructions: Run `sudo pro fix USN-2226-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-27-generic - 3.13.0-27.50 linux-image-3.13.0-27-generic-lpae - 3.13.0-27.50 linux-image-3.13.0-27-powerpc-e500 - 3.13.0-27.50 linux-image-3.13.0-27-lowlatency - 3.13.0-27.50 linux-image-3.13.0-27-powerpc-smp - 3.13.0-27.50 linux-image-extra-3.13.0-27-generic - 3.13.0-27.50 linux-image-3.13.0-27-powerpc-e500mc - 3.13.0-27.50 linux-image-3.13.0-27-powerpc64-emb - 3.13.0-27.50 linux-image-3.13.0-27-powerpc64-smp - 3.13.0-27.50 No subscription required High CVE-2014-0077 CVE-2014-1737 CVE-2014-1738 CVE-2014-2580 CVE-2014-2851 CVE-2014-7283 Ubuntu 14.04 LTS Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.1 gnutls26-doc - 2.12.23-12ubuntu2.1 libgnutls26 - 2.12.23-12ubuntu2.1 libgnutls-dev - 2.12.23-12ubuntu2.1 libgnutls-openssl27 - 2.12.23-12ubuntu2.1 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.1 No subscription required Medium CVE-2014-3466 Ubuntu 14.04 LTS Thomas Stangner discovered that chkrootkit incorrectly quoted certain values. A local attacker could use this issue to execute arbitrary code when chkrootkit is run and gain root privileges. Update Instructions: Run `sudo pro fix USN-2230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: chkrootkit - 0.49-4.1ubuntu1.14.04.1 No subscription required Medium CVE-2014-0476 Ubuntu 14.04 LTS Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a machine-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470) Update Instructions: Run `sudo pro fix USN-2232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.2 libssl-dev - 1.0.1f-1ubuntu2.2 openssl - 1.0.1f-1ubuntu2.2 libssl-doc - 1.0.1f-1ubuntu2.2 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.2 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.2 No subscription required Medium CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 Ubuntu 14.04 LTS USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a machine-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470) Update Instructions: Run `sudo pro fix USN-2232-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.3 libssl-dev - 1.0.1f-1ubuntu2.3 openssl - 1.0.1f-1ubuntu2.3 libssl-doc - 1.0.1f-1ubuntu2.3 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.3 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.3 No subscription required None https://launchpad.net/bugs/1329297 Ubuntu 14.04 LTS USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a machine-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470) Update Instructions: Run `sudo pro fix USN-2232-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.4 libssl-dev - 1.0.1f-1ubuntu2.4 openssl - 1.0.1f-1ubuntu2.4 libssl-doc - 1.0.1f-1ubuntu2.4 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.4 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.4 No subscription required None https://launchpad.net/bugs/1332643 Ubuntu 14.04 LTS Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-2568) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122) Update Instructions: Run `sudo pro fix USN-2240-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-29-powerpc64-emb - 3.13.0-29.53 linux-image-3.13.0-29-generic - 3.13.0-29.53 linux-image-3.13.0-29-powerpc64-smp - 3.13.0-29.53 linux-image-3.13.0-29-powerpc-e500mc - 3.13.0-29.53 linux-image-3.13.0-29-lowlatency - 3.13.0-29.53 linux-image-3.13.0-29-powerpc-e500 - 3.13.0-29.53 linux-image-3.13.0-29-powerpc-smp - 3.13.0-29.53 linux-image-3.13.0-29-generic-lpae - 3.13.0-29.53 linux-image-extra-3.13.0-29-generic - 3.13.0-29.53 No subscription required High CVE-2014-2568 CVE-2014-3122 CVE-2014-3153 Ubuntu 14.04 LTS It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Update Instructions: Run `sudo pro fix USN-2242-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.17.5ubuntu5.3 dselect - 1.17.5ubuntu5.3 libdpkg-dev - 1.17.5ubuntu5.3 dpkg - 1.17.5ubuntu5.3 libdpkg-perl - 1.17.5ubuntu5.3 No subscription required Medium CVE-2014-3864 CVE-2014-3865 Ubuntu 14.04 LTS Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1533, CVE-2014-1534) Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Firefox. An attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in the event listener manager. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1540) A use-after-free was discovered in the SMIL animation controller. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1541) Holger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1542) Update Instructions: Run `sudo pro fix USN-2243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-nn - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-nb - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-fa - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-fi - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-fr - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-fy - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-or - 30.0+build1-0ubuntu0.14.04.3 firefox-testsuite - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-oc - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-cs - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ga - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-gd - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-gl - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-gu - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-pa - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-pl - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-cy - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-pt - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-hi - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ms - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-he - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-hy - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-hr - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-hu - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-it - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-as - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ar - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-id - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-mai - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-af - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-is - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-vi - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-an - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-bs - 30.0+build1-0ubuntu0.14.04.3 firefox - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ro - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ja - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ru - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-br - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-zh-hant - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-zh-hans - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-bn - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-be - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-bg - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-sl - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-sk - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-si - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-sw - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-sv - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-sr - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-sq - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ko - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-kn - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-km - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-kk - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ka - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-xh - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ca - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ku - 30.0+build1-0ubuntu0.14.04.3 firefox-mozsymbols - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-lv - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-lt - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-th - 30.0+build1-0ubuntu0.14.04.3 firefox-dev - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-te - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ta - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-lg - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-tr - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-nso - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-de - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-da - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-uk - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-mr - 30.0+build1-0ubuntu0.14.04.3 firefox-globalmenu - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ml - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-mn - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-mk - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-eu - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-et - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-es - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-csb - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-el - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-eo - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-en - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-zu - 30.0+build1-0ubuntu0.14.04.3 firefox-locale-ast - 30.0+build1-0ubuntu0.14.04.3 No subscription required Medium CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 https://launchpad.net/bugs/1326690 Ubuntu 14.04 LTS Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. (CVE-2013-6370) Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. (CVE-2013-6371) Update Instructions: Run `sudo pro fix USN-2245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-3ubuntu1.2 libjson-c-doc - 0.11-3ubuntu1.2 libjson-c-dev - 0.11-3ubuntu1.2 libjson0 - 0.11-3ubuntu1.2 libjson0-dev - 0.11-3ubuntu1.2 No subscription required Medium CVE-2013-6370 CVE-2013-6371 Ubuntu 14.04 LTS Jakub Wilk discovered that APT did not correctly validate signatures when downloading source packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered source packages. Update Instructions: Run `sudo pro fix USN-2246-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.1 apt-doc - 1.0.1ubuntu2.1 apt-transport-https - 1.0.1ubuntu2.1 libapt-pkg-doc - 1.0.1ubuntu2.1 apt - 1.0.1ubuntu2.1 apt-utils - 1.0.1ubuntu2.1 libapt-pkg-dev - 1.0.1ubuntu2.1 libapt-pkg4.12 - 1.0.1ubuntu2.1 No subscription required Medium CVE-2014-0478 Ubuntu 14.04 LTS Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-1068) Bernhard M. Wiedemann and Pedraig Brady discovered that OpenStack Nova did not properly verify the virtual size of a QCOW2 images. A remote authenticated attacker could exploit this to create a denial of service via disk consumption. This issue did not affect Ubuntu 14.04 LTS. (CVE-2013-4463, CVE-2013-4469) JuanFra Rodriguez Cardoso discovered that OpenStack Nova did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default. This issue did not affect Ubuntu 14.04 LTS. (CVE-2013-6491) Loganathan Parthipan discovered that OpenStack Nova did not properly create expected files during KVM live block migration. A remote authenticated attacker could exploit this to obtain root disk snapshot contents via ephemeral storage. This issue did not affect Ubuntu 14.04 LTS. (CVE-2013-7130) Stanislaw Pitucha discovered that OpenStack Nova did not enforce the image format when rescuing an instance. A remote authenticated attacker could exploit this to read host files. In the default installation, attackers would be isolated by the libvirt guest AppArmor profile. This issue only affected Ubuntu 13.10. (CVE-2014-0134) Mark Heckmann discovered that OpenStack Nova did not enforce RBAC policy when adding security group rules via the EC2 API. A remote authenticated user could exploit this to gain unintended access to this API. This issue only affected Ubuntu 13.10. (CVE-2014-0167) Update Instructions: Run `sudo pro fix USN-2247-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 1:2014.1-0ubuntu1.2 nova-common - 1:2014.1-0ubuntu1.2 nova-compute-xen - 1:2014.1-0ubuntu1.2 nova-api-os-compute - 1:2014.1-0ubuntu1.2 nova-objectstore - 1:2014.1-0ubuntu1.2 nova-novncproxy - 1:2014.1-0ubuntu1.2 nova-api-os-volume - 1:2014.1-0ubuntu1.2 nova-compute-lxc - 1:2014.1-0ubuntu1.2 nova-consoleauth - 1:2014.1-0ubuntu1.2 python-nova - 1:2014.1-0ubuntu1.2 nova-network - 1:2014.1-0ubuntu1.2 nova-api-ec2 - 1:2014.1-0ubuntu1.2 nova-api-metadata - 1:2014.1-0ubuntu1.2 nova-compute-kvm - 1:2014.1-0ubuntu1.2 nova-xvpvncproxy - 1:2014.1-0ubuntu1.2 nova-doc - 1:2014.1-0ubuntu1.2 nova-conductor - 1:2014.1-0ubuntu1.2 nova-volume - 1:2014.1-0ubuntu1.2 nova-compute-vmware - 1:2014.1-0ubuntu1.2 nova-spiceproxy - 1:2014.1-0ubuntu1.2 nova-scheduler - 1:2014.1-0ubuntu1.2 nova-console - 1:2014.1-0ubuntu1.2 nova-ajax-console-proxy - 1:2014.1-0ubuntu1.2 nova-cert - 1:2014.1-0ubuntu1.2 nova-baremetal - 1:2014.1-0ubuntu1.2 nova-compute - 1:2014.1-0ubuntu1.2 nova-compute-libvirt - 1:2014.1-0ubuntu1.2 nova-compute-qemu - 1:2014.1-0ubuntu1.2 nova-cells - 1:2014.1-0ubuntu1.2 No subscription required Medium CVE-2013-1068 CVE-2013-4463 CVE-2013-4469 CVE-2013-6491 CVE-2013-7130 CVE-2014-0134 CVE-2014-0167 Ubuntu 14.04 LTS Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in OpenStack Cinder, this vulnerability could be used to escalate privileges. (CVE-2013-1068) Update Instructions: Run `sudo pro fix USN-2248-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cinder - 1:2014.1-0ubuntu1.1 cinder-backup - 1:2014.1-0ubuntu1.1 cinder-api - 1:2014.1-0ubuntu1.1 cinder-volume - 1:2014.1-0ubuntu1.1 cinder-common - 1:2014.1-0ubuntu1.1 cinder-scheduler - 1:2014.1-0ubuntu1.1 No subscription required Medium CVE-2013-1068 Ubuntu 14.04 LTS Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time. Update Instructions: Run `sudo pro fix USN-2249-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heat-api-cloudwatch - 2014.1-0ubuntu1.1 heat-api-cfn - 2014.1-0ubuntu1.1 heat-common - 2014.1-0ubuntu1.1 python-heat - 2014.1-0ubuntu1.1 heat-engine - 2014.1-0ubuntu1.1 heat-api - 2014.1-0ubuntu1.1 No subscription required Medium CVE-2014-3801 Ubuntu 14.04 LTS Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1533) Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1538) A use-after-free was discovered in the SMIL animation controller. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1541) Update Instructions: Run `sudo pro fix USN-2250-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:24.6.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:24.6.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:24.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:24.6.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1533 CVE-2014-1538 CVE-2014-1541 https://launchpad.net/bugs/1328003 Ubuntu 14.04 LTS It was discovered that LibreOffice unconditionally executed certain VBA macros, contrary to user expectations. Update Instructions: Run `sudo pro fix USN-2253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.4-0ubuntu2 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.4-0ubuntu2 No subscription required libreoffice-presentation-minimizer - 1:4.2.4-0ubuntu2 libreoffice-impress - 1:4.2.4-0ubuntu2 libreoffice-officebean - 1:4.2.4-0ubuntu2 libreoffice-base - 1:4.2.4-0ubuntu2 libreoffice-librelogo - 1:4.2.4-0ubuntu2 libreoffice-java-common - 1:4.2.4-0ubuntu2 browser-plugin-libreoffice - 1:4.2.4-0ubuntu2 libreoffice-subsequentcheckbase - 1:4.2.4-0ubuntu2 libreoffice-style-tango - 1:4.2.4-0ubuntu2 libreoffice-style-crystal - 1:4.2.4-0ubuntu2 libreoffice-kde - 1:4.2.4-0ubuntu2 libreoffice-l10n-ku - 1:4.2.4-0ubuntu2 libreoffice-style-galaxy - 1:4.2.4-0ubuntu2 libreoffice-style-hicontrast - 1:4.2.4-0ubuntu2 libreoffice-core - 1:4.2.4-0ubuntu2 libreoffice-presenter-console - 1:4.2.4-0ubuntu2 libreoffice-script-provider-bsh - 1:4.2.4-0ubuntu2 libreoffice-avmedia-backend-gstreamer - 1:4.2.4-0ubuntu2 libreoffice-script-provider-python - 1:4.2.4-0ubuntu2 libreoffice-common - 1:4.2.4-0ubuntu2 libreoffice-gnome - 1:4.2.4-0ubuntu2 libreoffice-dev - 1:4.2.4-0ubuntu2 libreoffice-gtk3 - 1:4.2.4-0ubuntu2 libreoffice-report-builder - 1:4.2.4-0ubuntu2 libreoffice-pdfimport - 1:4.2.4-0ubuntu2 libreoffice-base-core - 1:4.2.4-0ubuntu2 libreoffice-ogltrans - 1:4.2.4-0ubuntu2 libreoffice-sdbc-hsqldb - 1:4.2.4-0ubuntu2 libreoffice-gtk - 1:4.2.4-0ubuntu2 libreoffice-calc - 1:4.2.4-0ubuntu2 libreoffice-base-drivers - 1:4.2.4-0ubuntu2 libreoffice-style-oxygen - 1:4.2.4-0ubuntu2 libreoffice-emailmerge - 1:4.2.4-0ubuntu2 libreoffice-style-human - 1:4.2.4-0ubuntu2 libreoffice-sdbc-firebird - 1:4.2.4-0ubuntu2 python3-uno - 1:4.2.4-0ubuntu2 libreoffice-math - 1:4.2.4-0ubuntu2 libreoffice-writer - 1:4.2.4-0ubuntu2 libreoffice-report-builder-bin - 1:4.2.4-0ubuntu2 libreoffice-script-provider-js - 1:4.2.4-0ubuntu2 libreoffice - 1:4.2.4-0ubuntu2 libreoffice-draw - 1:4.2.4-0ubuntu2 libreoffice-style-sifr - 1:4.2.4-0ubuntu2 libreoffice-dev-doc - 1:4.2.4-0ubuntu2 libreoffice-l10n-in - 1:4.2.4-0ubuntu2 libreoffice-l10n-za - 1:4.2.4-0ubuntu2 libreoffice-sdbc-postgresql - 1:4.2.4-0ubuntu2 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.4-0ubuntu2 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.4-0ubuntu2 No subscription required uno-libs3 - 4.2.4-0ubuntu2 ure - 4.2.4-0ubuntu2 No subscription required Medium CVE-2014-0247 Ubuntu 14.04 LTS Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185) Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0237, CVE-2014-0238) Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4049) Update Instructions: Run `sudo pro fix USN-2254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.1 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.1 php5-curl - 5.5.9+dfsg-1ubuntu4.1 php5-intl - 5.5.9+dfsg-1ubuntu4.1 php5-snmp - 5.5.9+dfsg-1ubuntu4.1 php5-mysql - 5.5.9+dfsg-1ubuntu4.1 php5-odbc - 5.5.9+dfsg-1ubuntu4.1 php5-xsl - 5.5.9+dfsg-1ubuntu4.1 php5-gd - 5.5.9+dfsg-1ubuntu4.1 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.1 php5-tidy - 5.5.9+dfsg-1ubuntu4.1 php5-dev - 5.5.9+dfsg-1ubuntu4.1 php5-pgsql - 5.5.9+dfsg-1ubuntu4.1 php5-enchant - 5.5.9+dfsg-1ubuntu4.1 php5-readline - 5.5.9+dfsg-1ubuntu4.1 php5-gmp - 5.5.9+dfsg-1ubuntu4.1 php5-fpm - 5.5.9+dfsg-1ubuntu4.1 php5-cgi - 5.5.9+dfsg-1ubuntu4.1 php5-sqlite - 5.5.9+dfsg-1ubuntu4.1 php5-ldap - 5.5.9+dfsg-1ubuntu4.1 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.1 php5 - 5.5.9+dfsg-1ubuntu4.1 php5-cli - 5.5.9+dfsg-1ubuntu4.1 php-pear - 5.5.9+dfsg-1ubuntu4.1 php5-sybase - 5.5.9+dfsg-1ubuntu4.1 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.1 php5-pspell - 5.5.9+dfsg-1ubuntu4.1 php5-common - 5.5.9+dfsg-1ubuntu4.1 libphp5-embed - 5.5.9+dfsg-1ubuntu4.1 No subscription required Medium CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-4049 Ubuntu 14.04 LTS USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager (FPM) UNIX socket. This update grants socket access to the www-data user and group so installations and documentation relying on the previous socket permissions will continue to function. Original advisory details: Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185) Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0237, CVE-2014-0238) Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4049) Update Instructions: Run `sudo pro fix USN-2254-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.2 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.2 php5-curl - 5.5.9+dfsg-1ubuntu4.2 php5-intl - 5.5.9+dfsg-1ubuntu4.2 php5-snmp - 5.5.9+dfsg-1ubuntu4.2 php5-mysql - 5.5.9+dfsg-1ubuntu4.2 php5-odbc - 5.5.9+dfsg-1ubuntu4.2 php5-xsl - 5.5.9+dfsg-1ubuntu4.2 php5-gd - 5.5.9+dfsg-1ubuntu4.2 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.2 php5-tidy - 5.5.9+dfsg-1ubuntu4.2 php5-dev - 5.5.9+dfsg-1ubuntu4.2 php5-pgsql - 5.5.9+dfsg-1ubuntu4.2 php5-enchant - 5.5.9+dfsg-1ubuntu4.2 php5-readline - 5.5.9+dfsg-1ubuntu4.2 php5-gmp - 5.5.9+dfsg-1ubuntu4.2 php5-fpm - 5.5.9+dfsg-1ubuntu4.2 php5-cgi - 5.5.9+dfsg-1ubuntu4.2 php5-sqlite - 5.5.9+dfsg-1ubuntu4.2 php5-ldap - 5.5.9+dfsg-1ubuntu4.2 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.2 php5 - 5.5.9+dfsg-1ubuntu4.2 php5-cli - 5.5.9+dfsg-1ubuntu4.2 php-pear - 5.5.9+dfsg-1ubuntu4.2 php5-sybase - 5.5.9+dfsg-1ubuntu4.2 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.2 php5-pspell - 5.5.9+dfsg-1ubuntu4.2 php5-common - 5.5.9+dfsg-1ubuntu4.2 libphp5-embed - 5.5.9+dfsg-1ubuntu4.2 No subscription required None https://launchpad.net/bugs/1334337 Ubuntu 14.04 LTS Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. (CVE-2013-6433) Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in OpenStack Neutron did not properly perform input validation when creating security group rules when specifying --remote-ip-prefix. A remote authenticated attacker could exploit this to prevent application of additional rules. (CVE-2014-0187) Thiago Martins discovered that OpenStack Neutron would inappropriately apply SNAT rules to IPv6 subnets when using the L3-agent. A remote authenticated attacker could exploit this to prevent floating IPv4 addresses from being attached throughout the cloud. (CVE-2014-4167) Update Instructions: Run `sudo pro fix USN-2255-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: neutron-plugin-nicira - 1:2014.1-0ubuntu1.3 neutron-plugin-ibm - 1:2014.1-0ubuntu1.3 neutron-plugin-openvswitch-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-nec - 1:2014.1-0ubuntu1.3 neutron-l3-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-linuxbridge - 1:2014.1-0ubuntu1.3 neutron-plugin-ml2 - 1:2014.1-0ubuntu1.3 neutron-plugin-vpn-agent - 1:2014.1-0ubuntu1.3 neutron-lbaas-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-metering-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-vmware - 1:2014.1-0ubuntu1.3 neutron-plugin-cisco - 1:2014.1-0ubuntu1.3 neutron-plugin-oneconvergence-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-linuxbridge-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-mlnx-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-metaplugin - 1:2014.1-0ubuntu1.3 neutron-dhcp-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-mlnx - 1:2014.1-0ubuntu1.3 neutron-plugin-openflow-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-midonet - 1:2014.1-0ubuntu1.3 neutron-plugin-ryu-agent - 1:2014.1-0ubuntu1.3 neutron-metering-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-hyperv - 1:2014.1-0ubuntu1.3 neutron-server - 1:2014.1-0ubuntu1.3 neutron-vpn-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-openvswitch - 1:2014.1-0ubuntu1.3 python-neutron - 1:2014.1-0ubuntu1.3 neutron-plugin-plumgrid - 1:2014.1-0ubuntu1.3 neutron-plugin-ryu - 1:2014.1-0ubuntu1.3 neutron-plugin-bigswitch - 1:2014.1-0ubuntu1.3 neutron-plugin-nec-agent - 1:2014.1-0ubuntu1.3 neutron-metadata-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-bigswitch-agent - 1:2014.1-0ubuntu1.3 neutron-plugin-ibm-agent - 1:2014.1-0ubuntu1.3 neutron-common - 1:2014.1-0ubuntu1.3 neutron-plugin-brocade - 1:2014.1-0ubuntu1.3 neutron-plugin-oneconvergence - 1:2014.1-0ubuntu1.3 No subscription required Medium CVE-2013-6433 CVE-2014-0187 CVE-2014-4167 Ubuntu 14.04 LTS John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Update Instructions: Run `sudo pro fix USN-2256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: swift-account - 1.13.1-0ubuntu1.1 python-swift - 1.13.1-0ubuntu1.1 swift-doc - 1.13.1-0ubuntu1.1 swift-proxy - 1.13.1-0ubuntu1.1 swift-container - 1.13.1-0ubuntu1.1 swift - 1.13.1-0ubuntu1.1 swift-object-expirer - 1.13.1-0ubuntu1.1 swift-object - 1.13.1-0ubuntu1.1 No subscription required Medium CVE-2014-3497 Ubuntu 14.04 LTS Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178) It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239) Daniel Berteaud discovered that the Samba NetBIOS name service daemon incorrectly handled certain malformed packets. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0244) Simon Arlott discovered that Samba incorrectly handled certain unicode path names. A remote authenticated attacker could use this issue to cause Samba to stop responding, resulting in a denial of service. (CVE-2014-3493) Update Instructions: Run `sudo pro fix USN-2257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.2 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.2 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.2 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.2 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.2 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.2 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.2 No subscription required Medium CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 Ubuntu 14.04 LTS Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2258-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-udeb - 1.4.16-1ubuntu2.1 gpgv - 1.4.16-1ubuntu2.1 gpgv-udeb - 1.4.16-1ubuntu2.1 gnupg - 1.4.16-1ubuntu2.1 gnupg-curl - 1.4.16-1ubuntu2.1 No subscription required scdaemon - 2.0.22-3ubuntu1.1 gpgsm - 2.0.22-3ubuntu1.1 gnupg-agent - 2.0.22-3ubuntu1.1 gnupg2 - 2.0.22-3ubuntu1.1 gpgv2 - 2.0.22-3ubuntu1.1 No subscription required Medium CVE-2014-4617 Ubuntu 14.04 LTS Abhishek Arya discovered that NSPR incorrectly handled certain console functions. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Update Instructions: Run `sudo pro fix USN-2265-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnspr4-dev - 2:4.10.2-1ubuntu1.1 libnspr4 - 2:4.10.2-1ubuntu1.1 libnspr4-0d - 2:4.10.2-1ubuntu1.1 No subscription required Medium CVE-2014-1545 Ubuntu 14.04 LTS Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-30-powerpc-e500mc - 3.13.0-30.55 linux-image-3.13.0-30-powerpc64-smp - 3.13.0-30.55 linux-image-3.13.0-30-powerpc-e500 - 3.13.0-30.55 linux-image-extra-3.13.0-30-generic - 3.13.0-30.55 linux-image-3.13.0-30-powerpc-smp - 3.13.0-30.55 linux-image-3.13.0-30-powerpc64-emb - 3.13.0-30.55 linux-image-3.13.0-30-lowlatency - 3.13.0-30.55 linux-image-3.13.0-30-generic - 3.13.0-30.55 linux-image-3.13.0-30-generic-lpae - 3.13.0-30.55 No subscription required High CVE-2014-4699 Ubuntu 14.04 LTS Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. (CVE-2014-3477) Alban Crequy discovered that dbus-daemon incorrectly handled certain file descriptors. A local attacker could use this issue to cause services or clients to disconnect, resulting in a denial of service. (CVE-2014-3532, CVE-2014-3533) Update Instructions: Run `sudo pro fix USN-2275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.1 dbus-x11 - 1.6.18-0ubuntu4.1 libdbus-1-3 - 1.6.18-0ubuntu4.1 libdbus-1-dev - 1.6.18-0ubuntu4.1 dbus-1-doc - 1.6.18-0ubuntu4.1 No subscription required Medium CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 Ubuntu 14.04 LTS Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Stefan Esser discovered that PHP incorrectly handled unserializing SPL extension objects. An attacker could use this issue to execute arbitrary code. (CVE-2014-3515) It was discovered that PHP incorrectly handled certain SPL Iterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4670) It was discovered that PHP incorrectly handled certain ArrayIterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4698) Stefan Esser discovered that PHP incorrectly handled variable types when calling phpinfo(). An attacker could use this issue to possibly gain access to arbitrary memory, possibly containing sensitive information. (CVE-2014-4721) Update Instructions: Run `sudo pro fix USN-2276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.3 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.3 php5-curl - 5.5.9+dfsg-1ubuntu4.3 php5-intl - 5.5.9+dfsg-1ubuntu4.3 php5-snmp - 5.5.9+dfsg-1ubuntu4.3 php5-mysql - 5.5.9+dfsg-1ubuntu4.3 php5-odbc - 5.5.9+dfsg-1ubuntu4.3 php5-xsl - 5.5.9+dfsg-1ubuntu4.3 php5-gd - 5.5.9+dfsg-1ubuntu4.3 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.3 php5-tidy - 5.5.9+dfsg-1ubuntu4.3 php5-dev - 5.5.9+dfsg-1ubuntu4.3 php5-pgsql - 5.5.9+dfsg-1ubuntu4.3 php5-enchant - 5.5.9+dfsg-1ubuntu4.3 php5-readline - 5.5.9+dfsg-1ubuntu4.3 php5-gmp - 5.5.9+dfsg-1ubuntu4.3 php5-fpm - 5.5.9+dfsg-1ubuntu4.3 php5-cgi - 5.5.9+dfsg-1ubuntu4.3 php5-sqlite - 5.5.9+dfsg-1ubuntu4.3 php5-ldap - 5.5.9+dfsg-1ubuntu4.3 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.3 php5 - 5.5.9+dfsg-1ubuntu4.3 php5-cli - 5.5.9+dfsg-1ubuntu4.3 php-pear - 5.5.9+dfsg-1ubuntu4.3 php5-sybase - 5.5.9+dfsg-1ubuntu4.3 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.3 php5-pspell - 5.5.9+dfsg-1ubuntu4.3 php5-common - 5.5.9+dfsg-1ubuntu4.3 libphp5-embed - 5.5.9+dfsg-1ubuntu4.3 No subscription required Medium CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 Ubuntu 14.04 LTS Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2013-7345) Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Jan Kaluža discovered that file did not properly restrict the amount of data read during regex searches. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2014-3538) Update Instructions: Run `sudo pro fix USN-2278-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.14-2ubuntu3.1 python-magic - 1:5.14-2ubuntu3.1 libmagic1 - 1:5.14-2ubuntu3.1 python3-magic - 1:5.14-2ubuntu3.1 file - 1:5.14-2ubuntu3.1 No subscription required Medium CVE-2013-7345 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 Ubuntu 14.04 LTS Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: transmission-common - 2.82-1.1ubuntu3.1 transmission - 2.82-1.1ubuntu3.1 transmission-daemon - 2.82-1.1ubuntu3.1 transmission-qt - 2.82-1.1ubuntu3.1 transmission-gtk - 2.82-1.1ubuntu3.1 transmission-cli - 2.82-1.1ubuntu3.1 No subscription required Medium CVE-2014-4909 Ubuntu 14.04 LTS It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libminiupnpc-dev - 1.6-3ubuntu2.14.04.1 libminiupnpc8 - 1.6-3ubuntu2.14.04.1 miniupnpc - 1.6-3ubuntu2.14.04.1 No subscription required Medium CVE-2014-3985 Ubuntu 14.04 LTS Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739) A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3144) A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3145) A flaw was discovered in the Linux kernel's handling of hugetlb entries. A local user could exploit this flaw to cause a denial service (memory corruption or system crash). (CVE-2014-3940) Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel's implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact. (CVE-2014-4611) Tuomas Räsänen reported the Linux kernel on certain Intel processors does not properly initialize random seeds for network operations, causing TCP sequence numbers, TCP and UDP port numbers and IP ID values to be predictable. A remote attacker could exploit this flaw to spoof or disrupt IP communication. (CVE-2014-7284) Update Instructions: Run `sudo pro fix USN-2290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-32-powerpc64-smp - 3.13.0-32.57 linux-image-3.13.0-32-powerpc-e500 - 3.13.0-32.57 linux-image-3.13.0-32-generic - 3.13.0-32.57 linux-image-3.13.0-32-powerpc-smp - 3.13.0-32.57 linux-image-3.13.0-32-powerpc64-emb - 3.13.0-32.57 linux-image-extra-3.13.0-32-generic - 3.13.0-32.57 linux-image-3.13.0-32-generic-lpae - 3.13.0-32.57 linux-image-3.13.0-32-lowlatency - 3.13.0-32.57 linux-image-3.13.0-32-powerpc-e500mc - 3.13.0-32.57 No subscription required High CVE-2014-1739 CVE-2014-3144 CVE-2014-3145 CVE-2014-3940 CVE-2014-4611 CVE-2014-4943 CVE-2014-7284 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Update Instructions: Run `sudo pro fix USN-2291-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.38-0ubuntu0.14.04.1 mysql-client - 5.5.38-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.38-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.38-0ubuntu0.14.04.1 libmysqld-pic - 5.5.38-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.38-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.38-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.38-0ubuntu0.14.04.1 mysql-common - 5.5.38-0ubuntu0.14.04.1 mysql-server - 5.5.38-0ubuntu0.14.04.1 mysql-testsuite - 5.5.38-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.38-0ubuntu0.14.04.1 libmysqld-dev - 5.5.38-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.38-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 Ubuntu 14.04 LTS It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the LWP::Protocol::https module. Update Instructions: Run `sudo pro fix USN-2292-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblwp-protocol-https-perl - 6.04-2ubuntu0.1 No subscription required Medium CVE-2014-3230 Ubuntu 14.04 LTS Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. Update Instructions: Run `sudo pro fix USN-2293-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.1 libcups2-dev - 1.7.2-0ubuntu1.1 cups-bsd - 1.7.2-0ubuntu1.1 libcupsmime1 - 1.7.2-0ubuntu1.1 cups-common - 1.7.2-0ubuntu1.1 cups-core-drivers - 1.7.2-0ubuntu1.1 cups-server-common - 1.7.2-0ubuntu1.1 libcupsimage2 - 1.7.2-0ubuntu1.1 cups-client - 1.7.2-0ubuntu1.1 libcupscgi1-dev - 1.7.2-0ubuntu1.1 libcups2 - 1.7.2-0ubuntu1.1 libcupsmime1-dev - 1.7.2-0ubuntu1.1 cups-ppdc - 1.7.2-0ubuntu1.1 libcupsppdc1 - 1.7.2-0ubuntu1.1 cups - 1.7.2-0ubuntu1.1 libcupsppdc1-dev - 1.7.2-0ubuntu1.1 libcupsimage2-dev - 1.7.2-0ubuntu1.1 cups-daemon - 1.7.2-0ubuntu1.1 No subscription required Medium CVE-2014-3537 Ubuntu 14.04 LTS It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3467) It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3468) It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3469) Update Instructions: Run `sudo pro fix USN-2294-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 3.4-3ubuntu0.1 libtasn1-3-bin - 3.4-3ubuntu0.1 libtasn1-bin - 3.4-3ubuntu0.1 libtasn1-3-dev - 3.4-3ubuntu0.1 libtasn1-6 - 3.4-3ubuntu0.1 No subscription required Medium CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 Ubuntu 14.04 LTS Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, Steve Fink, Terrence Cole, Gijs Kruitbosch and Cătălin Badea discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1547, CVE-2014-1548) Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1549) Atte Kettunen discovered a use-after-free in WebAudio. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1550) David Chan and Gijs Kruitbosch discovered that web content could spoof UI customization events in some circumstances, resulting in a limited ability to move UI icons. (CVE-2014-1561) Jethro Beekman discovered a use-after-free when the FireOnStateChange event is triggered in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1555) Patrick Cozzi discovered a crash when using the Cesium JS library to generate WebGL content. An attacker could potentially exploit this to execute arbitrary code with the privilges of the user invoking Firefox. (CVE-2014-1556) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in CERT_DestroyCertificate. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1544) A crash was discovered in Skia when scaling an image, if the scaling operation takes too long. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1557) Christian Holler discovered several issues when parsing certificates with non-standard character encoding, resulting in the inability to use valid SSL certificates in some circumstances. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560) Boris Zbarsky discovered that network redirects could cause an iframe to escape the confinements defined by its sandbox attribute in some circumstances. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2014-1552) Update Instructions: Run `sudo pro fix USN-2295-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-nn - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-nb - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-fa - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-fi - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-fr - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-fy - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-or - 31.0+build1-0ubuntu0.14.04.1 firefox-testsuite - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-oc - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-cs - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ga - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-gd - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-gl - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-gu - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-pa - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-pl - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-cy - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-pt - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-hi - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ms - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-he - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-hy - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-hr - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-hu - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-it - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-as - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ar - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-id - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-mai - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-af - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-is - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-vi - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-an - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-bs - 31.0+build1-0ubuntu0.14.04.1 firefox - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ro - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ja - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ru - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-br - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-bn - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-be - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-bg - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-sl - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-sk - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-si - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-sw - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-sv - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-sr - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-sq - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ko - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-kn - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-km - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-kk - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ka - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-xh - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ca - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ku - 31.0+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-lv - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-lt - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-th - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 31.0+build1-0ubuntu0.14.04.1 firefox-dev - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-te - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ta - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-lg - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-tr - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-nso - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-de - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-da - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-uk - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-mr - 31.0+build1-0ubuntu0.14.04.1 firefox-globalmenu - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ml - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-mn - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-mk - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-eu - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-et - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-es - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-csb - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-el - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-eo - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-en - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-zu - 31.0+build1-0ubuntu0.14.04.1 firefox-locale-ast - 31.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1561 CVE-2014-1555 CVE-2014-1556 CVE-2014-1544 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1552 https://launchpad.net/bugs/1342311 Ubuntu 14.04 LTS Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1547) Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1549) Atte Kettunen discovered a use-after-free in WebAudio. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1550) Jethro Beekman discovered a use-after-free when the FireOnStateChange event is triggered in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1555) Patrick Cozzi discovered a crash when using the Cesium JS library to generate WebGL content. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privilges of the user invoking Thunderbird. (CVE-2014-1556) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in CERT_DestroyCertificate. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1544) A crash was discovered in Skia when scaling an image, if the scaling operation takes too long. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1557) Christian Holler discovered several issues when parsing certificates with non-standard character encoding, resulting in the inability to use valid SSL certificates in some circumstances. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560) Boris Zbarsky discovered that network redirects could cause an iframe to escape the confinements defined by its sandbox attribute in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2014-1552) Update Instructions: Run `sudo pro fix USN-2296-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1547 CVE-2014-1549 CVE-2014-1550 CVE-2014-1555 CVE-2014-1556 CVE-2014-1544 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1552 https://launchpad.net/bugs/1346007 Ubuntu 14.04 LTS A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730) A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1731) Multiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1735, CVE-2014-3162) Multiple use-after-free issues were discovered in the WebSockets implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1740) Multiple integer overflows were discovered in CharacterData implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1741) Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1742, CVE-2014-1743) An integer overflow bug was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1744) An out-of-bounds read was discovered in Chromium. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1746) It was discovered that Blink allowed scrollbar painting to extend in to the parent frame in some circumstances. An attacker could potentially exploit this to conduct clickjacking attacks via UI redress. (CVE-2014-1748) An integer underflow was discovered in Blink. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3152) A use-after-free was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3154) A security issue was discovered in the SPDY implementation. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3155) A heap overflow was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3157) It was discovered that Blink did not enforce security rules for subresource loading in SVG images. If a user opened a site that embedded a specially crafted image, an attacker could exploit this to log page views. (CVE-2014-3160) It was discovered that the SpeechInput feature in Blink could be activated without consent or any visible indication. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to eavesdrop on the user. (CVE-2014-3803) Update Instructions: Run `sudo pro fix USN-2298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.0.4-0ubuntu0.14.04.1 oxideqt-codecs - 1.0.4-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.0.4-0ubuntu0.14.04.1 oxideqmlscene - 1.0.4-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.0.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1730 CVE-2014-1731 CVE-2014-1735 CVE-2014-1740 CVE-2014-1741 CVE-2014-1742 CVE-2014-1743 CVE-2014-1744 CVE-2014-1746 CVE-2014-1748 CVE-2014-3152 CVE-2014-3154 CVE-2014-3155 CVE-2014-3157 CVE-2014-3160 CVE-2014-3162 CVE-2014-3803 https://launchpad.net/bugs/1337301 Ubuntu 14.04 LTS Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118) Marek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226) Rainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. (CVE-2014-0231) Update Instructions: Run `sudo pro fix USN-2299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.1 libapache2-mod-macro - 1:2.4.7-1ubuntu4.1 No subscription required apache2-data - 2.4.7-1ubuntu4.1 apache2.2-bin - 2.4.7-1ubuntu4.1 apache2-utils - 2.4.7-1ubuntu4.1 apache2-dev - 2.4.7-1ubuntu4.1 apache2-mpm-worker - 2.4.7-1ubuntu4.1 apache2-suexec-custom - 2.4.7-1ubuntu4.1 apache2-suexec - 2.4.7-1ubuntu4.1 apache2 - 2.4.7-1ubuntu4.1 apache2-suexec-pristine - 2.4.7-1ubuntu4.1 apache2-doc - 2.4.7-1ubuntu4.1 apache2-mpm-prefork - 2.4.7-1ubuntu4.1 apache2-mpm-itk - 2.4.7-1ubuntu4.1 apache2-mpm-event - 2.4.7-1ubuntu4.1 apache2-bin - 2.4.7-1ubuntu4.1 No subscription required Medium CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 Ubuntu 14.04 LTS Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2300-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblzo2-dev - 2.06-1.2ubuntu1.1 liblzo2-2-udeb - 2.06-1.2ubuntu1.1 liblzo2-2 - 2.06-1.2ubuntu1.1 No subscription required Medium CVE-2014-4607 Ubuntu 14.04 LTS David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. (CVE-2014-0075) It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. (CVE-2014-0096) It was discovered that Tomcat incorrectly handled certain Content-Length headers. A remote attacker could use this flaw in configurations where Tomcat is behind a reverse proxy to perform HTTP request smuggling attacks. (CVE-2014-0099) Update Instructions: Run `sudo pro fix USN-2302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.1 libservlet3.0-java - 7.0.52-1ubuntu0.1 tomcat7-docs - 7.0.52-1ubuntu0.1 libservlet3.0-java-doc - 7.0.52-1ubuntu0.1 tomcat7 - 7.0.52-1ubuntu0.1 libtomcat7-java - 7.0.52-1ubuntu0.1 tomcat7-user - 7.0.52-1ubuntu0.1 tomcat7-admin - 7.0.52-1ubuntu0.1 tomcat7-examples - 7.0.52-1ubuntu0.1 No subscription required Medium CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 Ubuntu 14.04 LTS It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session. Update Instructions: Run `sudo pro fix USN-2303-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unity-services - 7.2.2+14.04.20140714-0ubuntu1.1 unity-autopilot - 7.2.2+14.04.20140714-0ubuntu1.1 libunity-2d-private0 - 7.2.2+14.04.20140714-0ubuntu1.1 unity-2d-spread - 7.2.2+14.04.20140714-0ubuntu1.1 libunity-core-6.0-9 - 7.2.2+14.04.20140714-0ubuntu1.1 libunity-2d-private-dev - 7.2.2+14.04.20140714-0ubuntu1.1 unity - 7.2.2+14.04.20140714-0ubuntu1.1 unity-2d - 7.2.2+14.04.20140714-0ubuntu1.1 libunity-core-6.0-dev - 7.2.2+14.04.20140714-0ubuntu1.1 unity-2d-shell - 7.2.2+14.04.20140714-0ubuntu1.1 unity-2d-panel - 7.2.2+14.04.20140714-0ubuntu1.1 unity-2d-common - 7.2.2+14.04.20140714-0ubuntu1.1 No subscription required None https://launchpad.net/bugs/1349128 Ubuntu 14.04 LTS It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations. Update Instructions: Run `sudo pro fix USN-2304-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libknewstuff3-4 - 4:4.13.2a-0ubuntu0.3 libktexteditor4 - 4:4.13.2a-0ubuntu0.3 libkde3support4 - 4:4.13.2a-0ubuntu0.3 libkutils4 - 4:4.13.2a-0ubuntu0.3 libkdeui5 - 4:4.13.2a-0ubuntu0.3 libnepomukutils4 - 4:4.13.2a-0ubuntu0.3 libkprintutils4 - 4:4.13.2a-0ubuntu0.3 kdelibs5-data - 4:4.13.2a-0ubuntu0.3 kdelibs-bin - 4:4.13.2a-0ubuntu0.3 libsolid4 - 4:4.13.2a-0ubuntu0.3 libkdeclarative5 - 4:4.13.2a-0ubuntu0.3 libknotifyconfig4 - 4:4.13.2a-0ubuntu0.3 kdelibs5-plugins - 4:4.13.2a-0ubuntu0.3 libkdnssd4 - 4:4.13.2a-0ubuntu0.3 libkhtml5 - 4:4.13.2a-0ubuntu0.3 libkemoticons4 - 4:4.13.2a-0ubuntu0.3 libkunitconversion4 - 4:4.13.2a-0ubuntu0.3 libkidletime4 - 4:4.13.2a-0ubuntu0.3 libkmediaplayer4 - 4:4.13.2a-0ubuntu0.3 libplasma3 - 4:4.13.2a-0ubuntu0.3 libkdecore5 - 4:4.13.2a-0ubuntu0.3 libkntlm4 - 4:4.13.2a-0ubuntu0.3 libnepomuk4 - 4:4.13.2a-0ubuntu0.3 libkpty4 - 4:4.13.2a-0ubuntu0.3 libkparts4 - 4:4.13.2a-0ubuntu0.3 libkdewebkit5 - 4:4.13.2a-0ubuntu0.3 libnepomukquery4a - 4:4.13.2a-0ubuntu0.3 libkrosscore4 - 4:4.13.2a-0ubuntu0.3 libkfile4 - 4:4.13.2a-0ubuntu0.3 kdelibs5-dev - 4:4.13.2a-0ubuntu0.3 libkio5 - 4:4.13.2a-0ubuntu0.3 libkcmutils4 - 4:4.13.2a-0ubuntu0.3 libknewstuff2-4 - 4:4.13.2a-0ubuntu0.3 libkdesu5 - 4:4.13.2a-0ubuntu0.3 libkrossui4 - 4:4.13.2a-0ubuntu0.3 libkimproxy4 - 4:4.13.2a-0ubuntu0.3 libthreadweaver4 - 4:4.13.2a-0ubuntu0.3 libkjsembed4 - 4:4.13.2a-0ubuntu0.3 kdoctools - 4:4.13.2a-0ubuntu0.3 libkjsapi4 - 4:4.13.2a-0ubuntu0.3 No subscription required Medium CVE-2014-5033 Ubuntu 14.04 LTS Volker Lendecke discovered that the Samba NetBIOS name service daemon incorrectly handled certain memory operations. A remote attacker could use this issue to execute arbitrary code as the root user. Update Instructions: Run `sudo pro fix USN-2305-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.3 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.3 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.3 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.3 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.3 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.3 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.3 No subscription required High CVE-2014-3560 Ubuntu 14.04 LTS Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458) Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. (CVE-2014-4043) Update Instructions: Run `sudo pro fix USN-2306-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.1 libnss-dns-udeb - 2.19-0ubuntu6.1 libc6-ppc64 - 2.19-0ubuntu6.1 libc-bin - 2.19-0ubuntu6.1 libc6-x32 - 2.19-0ubuntu6.1 libc6-armel - 2.19-0ubuntu6.1 eglibc-source - 2.19-0ubuntu6.1 libc6-pic - 2.19-0ubuntu6.1 libc6-dev-ppc64 - 2.19-0ubuntu6.1 libc6-dev-armel - 2.19-0ubuntu6.1 libnss-files-udeb - 2.19-0ubuntu6.1 glibc-doc - 2.19-0ubuntu6.1 nscd - 2.19-0ubuntu6.1 multiarch-support - 2.19-0ubuntu6.1 libc6-dev - 2.19-0ubuntu6.1 libc6-amd64 - 2.19-0ubuntu6.1 libc6-dev-amd64 - 2.19-0ubuntu6.1 libc6 - 2.19-0ubuntu6.1 libc6-dev-x32 - 2.19-0ubuntu6.1 libc6-udeb - 2.19-0ubuntu6.1 libc6-dev-i386 - 2.19-0ubuntu6.1 libc-dev-bin - 2.19-0ubuntu6.1 libc6-prof - 2.19-0ubuntu6.1 No subscription required Medium CVE-2013-4357 CVE-2013-4458 CVE-2014-0475 CVE-2014-4043 Ubuntu 14.04 LTS Tomáš Trnka discovered that GPGME incorrectly handled certain certificate line lengths. An attacker could use this issue to cause applications using GPGME to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2307-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgpgme11 - 1.4.3-0.1ubuntu5.1 libgpgme11-dev - 1.4.3-0.1ubuntu5.1 No subscription required Medium CVE-2014-3564 Ubuntu 14.04 LTS Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505) Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2014-3506) Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507) Ivan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508) Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509) Felix Gröbert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510) David Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello messages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511) Sean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote attacker could use this with applications that use SRP to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512) Joonas Kuorilehto and Riku Hietamäki discovered that OpenSSL incorrectly handled certain Server Hello messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139) Update Instructions: Run `sudo pro fix USN-2308-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.5 libssl-dev - 1.0.1f-1ubuntu2.5 openssl - 1.0.1f-1ubuntu2.5 libssl-doc - 1.0.1f-1ubuntu2.5 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.5 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.5 No subscription required Medium CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 Ubuntu 14.04 LTS It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415) It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ requests. A remote authenticated attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416) It was discovered that Kerberos incorrectly handled certain crafted requests when multiple realms were configured. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1418, CVE-2013-6800) It was discovered that Kerberos incorrectly handled certain invalid tokens. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be used to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4341, CVE-2014-4342) It was discovered that Kerberos incorrectly handled certain mechanisms when used with SPNEGO. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be used to cause clients to crash, resulting in a denial of service. (CVE-2014-4343) It was discovered that Kerberos incorrectly handled certain continuation tokens during SPNEGO negotiations. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4345) Update Instructions: Run `sudo pro fix USN-2310-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit8 - 1.12+dfsg-2ubuntu4.2 libk5crypto3 - 1.12+dfsg-2ubuntu4.2 krb5-user - 1.12+dfsg-2ubuntu4.2 libgssrpc4 - 1.12+dfsg-2ubuntu4.2 libkrb5support0 - 1.12+dfsg-2ubuntu4.2 krb5-doc - 1.12+dfsg-2ubuntu4.2 libkrb5-dev - 1.12+dfsg-2ubuntu4.2 krb5-pkinit - 1.12+dfsg-2ubuntu4.2 libkrb5-3 - 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap - 1.12+dfsg-2ubuntu4.2 krb5-otp - 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu4.2 krb5-gss-samples - 1.12+dfsg-2ubuntu4.2 krb5-multidev - 1.12+dfsg-2ubuntu4.2 krb5-locales - 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 - 1.12+dfsg-2ubuntu4.2 krb5-kdc - 1.12+dfsg-2ubuntu4.2 libkrad-dev - 1.12+dfsg-2ubuntu4.2 libkrad0 - 1.12+dfsg-2ubuntu4.2 libkdb5-7 - 1.12+dfsg-2ubuntu4.2 krb5-admin-server - 1.12+dfsg-2ubuntu4.2 No subscription required Medium CVE-2012-1016 CVE-2013-1415 CVE-2013-1416 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 Ubuntu 14.04 LTS Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Update Instructions: Run `sudo pro fix USN-2311-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pycadf - 0.4.1-0ubuntu1.1 No subscription required Medium CVE-2014-4615 Ubuntu 14.04 LTS USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory details: Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Update Instructions: Run `sudo pro fix USN-2311-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceilometer-collector - 2014.1.2-0ubuntu1.1 ceilometer-alarm-notifier - 2014.1.2-0ubuntu1.1 python-ceilometer - 2014.1.2-0ubuntu1.1 ceilometer-api - 2014.1.2-0ubuntu1.1 ceilometer-alarm-evaluator - 2014.1.2-0ubuntu1.1 ceilometer-agent-compute - 2014.1.2-0ubuntu1.1 ceilometer-common - 2014.1.2-0ubuntu1.1 ceilometer-agent-notification - 2014.1.2-0ubuntu1.1 ceilometer-agent-central - 2014.1.2-0ubuntu1.1 No subscription required Medium CVE-2014-4615 Ubuntu 14.04 LTS An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Update Instructions: Run `sudo pro fix USN-2314-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-33-generic - 3.13.0-33.58 linux-image-3.13.0-33-powerpc-e500mc - 3.13.0-33.58 linux-image-3.13.0-33-lowlatency - 3.13.0-33.58 linux-image-3.13.0-33-powerpc-smp - 3.13.0-33.58 linux-image-3.13.0-33-powerpc-e500 - 3.13.0-33.58 linux-image-3.13.0-33-generic-lpae - 3.13.0-33.58 linux-image-3.13.0-33-powerpc64-smp - 3.13.0-33.58 linux-image-3.13.0-33-powerpc64-emb - 3.13.0-33.58 linux-image-extra-3.13.0-33-generic - 3.13.0-33.58 No subscription required High CVE-2014-3917 Ubuntu 14.04 LTS Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. Update Instructions: Run `sudo pro fix USN-2315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libserf-1-1 - 1.3.3-1ubuntu0.1 libserf-dev - 1.3.3-1ubuntu0.1 No subscription required Medium CVE-2014-3504 Ubuntu 14.04 LTS Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032) Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522) Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. (CVE-2014-3528) Update Instructions: Run `sudo pro fix USN-2316-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.8.8-1ubuntu3.1 ruby-svn - 1.8.8-1ubuntu3.1 subversion-tools - 1.8.8-1ubuntu3.1 libapache2-svn - 1.8.8-1ubuntu3.1 libapache2-mod-svn - 1.8.8-1ubuntu3.1 python-subversion - 1.8.8-1ubuntu3.1 libsvn-java - 1.8.8-1ubuntu3.1 subversion - 1.8.8-1ubuntu3.1 libsvn-doc - 1.8.8-1ubuntu3.1 libsvn1 - 1.8.8-1ubuntu3.1 libsvn-perl - 1.8.8-1ubuntu3.1 libsvn-ruby1.8 - 1.8.8-1ubuntu3.1 No subscription required Medium CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 Ubuntu 14.04 LTS Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. (CVE-2014-5207) Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. (CVE-2014-5206) Update Instructions: Run `sudo pro fix USN-2318-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-34-generic - 3.13.0-34.60 linux-image-3.13.0-34-lowlatency - 3.13.0-34.60 linux-image-3.13.0-34-powerpc-e500 - 3.13.0-34.60 linux-image-3.13.0-34-powerpc64-smp - 3.13.0-34.60 linux-image-3.13.0-34-generic-lpae - 3.13.0-34.60 linux-image-extra-3.13.0-34-generic - 3.13.0-34.60 linux-image-3.13.0-34-powerpc-smp - 3.13.0-34.60 linux-image-3.13.0-34-powerpc64-emb - 3.13.0-34.60 linux-image-3.13.0-34-powerpc-e500mc - 3.13.0-34.60 No subscription required High CVE-2014-5206 CVE-2014-5207 Ubuntu 14.04 LTS Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268) Update Instructions: Run `sudo pro fix USN-2319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-source - 7u65-2.5.1-4ubuntu1~0.14.04.1 icedtea-7-jre-jamvm - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-jre-lib - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-jdk - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-jre-headless - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-jre - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-doc - 7u65-2.5.1-4ubuntu1~0.14.04.1 openjdk-7-demo - 7u65-2.5.1-4ubuntu1~0.14.04.1 No subscription required Medium CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 Ubuntu 14.04 LTS USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268) Update Instructions: Run `sudo pro fix USN-2319-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-source - 7u65-2.5.1-4ubuntu1~0.14.04.2 icedtea-7-jre-jamvm - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-jre-lib - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-jdk - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-jre-headless - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-jre - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-doc - 7u65-2.5.1-4ubuntu1~0.14.04.2 openjdk-7-demo - 7u65-2.5.1-4ubuntu1~0.14.04.2 No subscription required None https://launchpad.net/bugs/1360392 Ubuntu 14.04 LTS USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268) Update Instructions: Run `sudo pro fix USN-2319-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u65-2.5.2-3~14.04 openjdk-7-source - 7u65-2.5.2-3~14.04 icedtea-7-jre-jamvm - 7u65-2.5.2-3~14.04 openjdk-7-jre-lib - 7u65-2.5.2-3~14.04 openjdk-7-jdk - 7u65-2.5.2-3~14.04 openjdk-7-jre-headless - 7u65-2.5.2-3~14.04 openjdk-7-jre - 7u65-2.5.2-3~14.04 openjdk-7-doc - 7u65-2.5.2-3~14.04 openjdk-7-demo - 7u65-2.5.2-3~14.04 No subscription required None https://launchpad.net/bugs/1370307 Ubuntu 14.04 LTS A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-3165) An issue was discovered in the Public Key Pinning implementation in Chromium. An attacker could potentially exploit this to obtain sensitive information. (CVE-2014-3166) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3167) Update Instructions: Run `sudo pro fix USN-2320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.0.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.0.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.0.5-0ubuntu0.14.04.1 oxideqmlscene - 1.0.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.0.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 https://launchpad.net/bugs/1356372 Ubuntu 14.04 LTS Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. (CVE-2014-3555) Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. (CVE-2014-4615) Update Instructions: Run `sudo pro fix USN-2321-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: neutron-plugin-nicira - 1:2014.1.2-0ubuntu1.1 neutron-plugin-ibm - 1:2014.1.2-0ubuntu1.1 neutron-plugin-openvswitch-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-nec - 1:2014.1.2-0ubuntu1.1 neutron-l3-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-linuxbridge - 1:2014.1.2-0ubuntu1.1 neutron-plugin-ml2 - 1:2014.1.2-0ubuntu1.1 neutron-plugin-vpn-agent - 1:2014.1.2-0ubuntu1.1 neutron-lbaas-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-metering-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-vmware - 1:2014.1.2-0ubuntu1.1 neutron-plugin-cisco - 1:2014.1.2-0ubuntu1.1 neutron-plugin-oneconvergence-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-linuxbridge-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-mlnx-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-metaplugin - 1:2014.1.2-0ubuntu1.1 neutron-dhcp-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-mlnx - 1:2014.1.2-0ubuntu1.1 neutron-plugin-openflow-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-midonet - 1:2014.1.2-0ubuntu1.1 neutron-plugin-ryu-agent - 1:2014.1.2-0ubuntu1.1 neutron-metering-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-hyperv - 1:2014.1.2-0ubuntu1.1 neutron-server - 1:2014.1.2-0ubuntu1.1 neutron-vpn-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-openvswitch - 1:2014.1.2-0ubuntu1.1 python-neutron - 1:2014.1.2-0ubuntu1.1 neutron-plugin-plumgrid - 1:2014.1.2-0ubuntu1.1 neutron-plugin-ryu - 1:2014.1.2-0ubuntu1.1 neutron-plugin-bigswitch - 1:2014.1.2-0ubuntu1.1 neutron-plugin-nec-agent - 1:2014.1.2-0ubuntu1.1 neutron-metadata-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-bigswitch-agent - 1:2014.1.2-0ubuntu1.1 neutron-plugin-ibm-agent - 1:2014.1.2-0ubuntu1.1 neutron-common - 1:2014.1.2-0ubuntu1.1 neutron-plugin-brocade - 1:2014.1.2-0ubuntu1.1 neutron-plugin-oneconvergence - 1:2014.1.2-0ubuntu1.1 No subscription required Medium CVE-2014-3555 CVE-2014-4615 Ubuntu 14.04 LTS Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not properly honor the image_size_cap configuration option. A remote authenticated attacker could exploit this to cause a denial of service via disk consumption. Update Instructions: Run `sudo pro fix USN-2322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glance-api - 1:2014.1.2-0ubuntu1.1 python-glance-doc - 1:2014.1.2-0ubuntu1.1 glance-common - 1:2014.1.2-0ubuntu1.1 python-glance - 1:2014.1.2-0ubuntu1.1 glance - 1:2014.1.2-0ubuntu1.1 glance-registry - 1:2014.1.2-0ubuntu1.1 No subscription required Medium CVE-2014-5356 Ubuntu 14.04 LTS Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2014-3473) Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. (CVE-2014-3474) Michael Xin discovered that OpenStack Horizon did not properly perform input sanitization when adding users. If an admin user were tricked into viewing the users page containing a crafted email address, an attacker could conduct cross-site scripting attacks. (CVE-2014-3475) Dennis Felsch and Mario Heiderich discovered that OpenStack Horizon did not properly perform input sanitization when creating host aggregates. If an admin user were tricked into viewing the Host Aggregates page containing a crafted availability zone name, an attacker could conduct cross-site scripting attacks. (CVE-2014-3594) Update Instructions: Run `sudo pro fix USN-2323-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openstack-dashboard - 1:2014.1.2-0ubuntu1.1 python-django-horizon - 1:2014.1.2-0ubuntu1.1 python-django-openstack - 1:2014.1.2-0ubuntu1.1 openstack-dashboard-ubuntu-theme - 1:2014.1.2-0ubuntu1.1 No subscription required Medium CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-3594 Ubuntu 14.04 LTS Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. (CVE-2014-3476) Jamie Lennox discovered that OpenStack Keystone did not properly validate the project id. A remote authenticated attacker may be able to use this to access other projects. (CVE-2014-3520) Brant Knudson and Lance Bragstad discovered that OpenStack Keystone would not always revoke tokens correctly. If Keystone were configured to use revocation events, a remote authenticated attacker could continue to have access to resources. (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253) Update Instructions: Run `sudo pro fix USN-2324-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-keystone - 1:2014.1.2.1-0ubuntu1.1 keystone-doc - 1:2014.1.2.1-0ubuntu1.1 keystone - 1:2014.1.2.1-0ubuntu1.1 No subscription required Medium CVE-2014-3476 CVE-2014-3520 CVE-2014-5251 CVE-2014-5252 CVE-2014-5253 Ubuntu 14.04 LTS Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance. Update Instructions: Run `sudo pro fix USN-2325-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 1:2014.1.2-0ubuntu1.1 nova-common - 1:2014.1.2-0ubuntu1.1 nova-compute-xen - 1:2014.1.2-0ubuntu1.1 nova-api-os-compute - 1:2014.1.2-0ubuntu1.1 nova-objectstore - 1:2014.1.2-0ubuntu1.1 nova-novncproxy - 1:2014.1.2-0ubuntu1.1 nova-api-os-volume - 1:2014.1.2-0ubuntu1.1 nova-compute-lxc - 1:2014.1.2-0ubuntu1.1 nova-consoleauth - 1:2014.1.2-0ubuntu1.1 python-nova - 1:2014.1.2-0ubuntu1.1 nova-network - 1:2014.1.2-0ubuntu1.1 nova-api-ec2 - 1:2014.1.2-0ubuntu1.1 nova-api-metadata - 1:2014.1.2-0ubuntu1.1 nova-compute-kvm - 1:2014.1.2-0ubuntu1.1 nova-xvpvncproxy - 1:2014.1.2-0ubuntu1.1 nova-doc - 1:2014.1.2-0ubuntu1.1 nova-conductor - 1:2014.1.2-0ubuntu1.1 nova-volume - 1:2014.1.2-0ubuntu1.1 nova-compute-vmware - 1:2014.1.2-0ubuntu1.1 nova-spiceproxy - 1:2014.1.2-0ubuntu1.1 nova-scheduler - 1:2014.1.2-0ubuntu1.1 nova-console - 1:2014.1.2-0ubuntu1.1 nova-ajax-console-proxy - 1:2014.1.2-0ubuntu1.1 nova-cert - 1:2014.1.2-0ubuntu1.1 nova-baremetal - 1:2014.1.2-0ubuntu1.1 nova-compute - 1:2014.1.2-0ubuntu1.1 nova-compute-libvirt - 1:2014.1.2-0ubuntu1.1 nova-compute-qemu - 1:2014.1.2-0ubuntu1.1 nova-cells - 1:2014.1.2-0ubuntu1.1 No subscription required Medium CVE-2014-3517 Ubuntu 14.04 LTS A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3168) A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3169) A use-after-free was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3171) It was discovered that WebGL clear calls did not interact properly with the state of a draw buffer. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-3173) A threading issue was discovered in the Web Audio API during attempts to update biquad filter coefficients. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-3174) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3175) Update Instructions: Run `sudo pro fix USN-2326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.1.2-0ubuntu0.14.04.1 oxideqt-codecs - 1.1.2-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.1.2-0ubuntu0.14.04.1 oxideqmlscene - 1.1.2-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.1.2-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-3168 CVE-2014-3169 CVE-2014-3171 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 Ubuntu 14.04 LTS Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service. Update Instructions: Run `sudo pro fix USN-2327-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.3.8-1ubuntu6.1 squid-cgi - 3.3.8-1ubuntu6.1 squid3-common - 3.3.8-1ubuntu6.1 squid-purge - 3.3.8-1ubuntu6.1 squidclient - 3.3.8-1ubuntu6.1 squid3 - 3.3.8-1ubuntu6.1 No subscription required Medium CVE-2014-3609 Ubuntu 14.04 LTS Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119) USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-2328-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.3 libnss-dns-udeb - 2.19-0ubuntu6.3 libc6-ppc64 - 2.19-0ubuntu6.3 libc-bin - 2.19-0ubuntu6.3 libc6-x32 - 2.19-0ubuntu6.3 libc6-armel - 2.19-0ubuntu6.3 eglibc-source - 2.19-0ubuntu6.3 libc6-pic - 2.19-0ubuntu6.3 libc6-dev-ppc64 - 2.19-0ubuntu6.3 libc6-dev-armel - 2.19-0ubuntu6.3 libnss-files-udeb - 2.19-0ubuntu6.3 glibc-doc - 2.19-0ubuntu6.3 nscd - 2.19-0ubuntu6.3 multiarch-support - 2.19-0ubuntu6.3 libc6-dev - 2.19-0ubuntu6.3 libc6-amd64 - 2.19-0ubuntu6.3 libc6-dev-amd64 - 2.19-0ubuntu6.3 libc6 - 2.19-0ubuntu6.3 libc6-dev-x32 - 2.19-0ubuntu6.3 libc6-udeb - 2.19-0ubuntu6.3 libc6-dev-i386 - 2.19-0ubuntu6.3 libc-dev-bin - 2.19-0ubuntu6.3 libc6-prof - 2.19-0ubuntu6.3 No subscription required High CVE-2014-5119 Ubuntu 14.04 LTS Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1567) Update Instructions: Run `sudo pro fix USN-2329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-nn - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-nb - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-fa - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-fi - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-fr - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-fy - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-or - 32.0+build1-0ubuntu0.14.04.1 firefox-testsuite - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-oc - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-cs - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ga - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-gd - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-gl - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-gu - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-pa - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-pl - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-cy - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-pt - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-hi - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ms - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-he - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-hy - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-hr - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-hu - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-it - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-as - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ar - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-id - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-mai - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-af - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-is - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-vi - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-an - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-bs - 32.0+build1-0ubuntu0.14.04.1 firefox - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ro - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ja - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ru - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-br - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-bn - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-be - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-bg - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-sl - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-sk - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-si - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-sw - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-sv - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-sr - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-sq - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ko - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-kn - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-km - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-kk - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ka - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-xh - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ca - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ku - 32.0+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-lv - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-lt - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-th - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 32.0+build1-0ubuntu0.14.04.1 firefox-dev - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-te - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ta - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-lg - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-tr - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-nso - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-de - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-da - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-uk - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-mr - 32.0+build1-0ubuntu0.14.04.1 firefox-globalmenu - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ml - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-mn - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-mk - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-eu - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-et - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-es - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-csb - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-el - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-eo - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-en - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-zu - 32.0+build1-0ubuntu0.14.04.1 firefox-locale-ast - 32.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1553 CVE-2014-1554 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 Ubuntu 14.04 LTS Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1553, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1567) Update Instructions: Run `sudo pro fix USN-2330-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.1.1+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.1.1+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.1.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1553 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 Ubuntu 14.04 LTS Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed for command injection when opening spreadsheets. If a user were tricked into opening a crafted Calc spreadsheet, an attacker could exploit this to run programs as your login. Update Instructions: Run `sudo pro fix USN-2331-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.6.3-0ubuntu1 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.6.3-0ubuntu1 No subscription required libreoffice-presentation-minimizer - 1:4.2.6.3-0ubuntu1 libreoffice-impress - 1:4.2.6.3-0ubuntu1 libreoffice-officebean - 1:4.2.6.3-0ubuntu1 libreoffice-base - 1:4.2.6.3-0ubuntu1 libreoffice-librelogo - 1:4.2.6.3-0ubuntu1 libreoffice-java-common - 1:4.2.6.3-0ubuntu1 browser-plugin-libreoffice - 1:4.2.6.3-0ubuntu1 libreoffice-subsequentcheckbase - 1:4.2.6.3-0ubuntu1 libreoffice-style-tango - 1:4.2.6.3-0ubuntu1 libreoffice-style-crystal - 1:4.2.6.3-0ubuntu1 libreoffice-kde - 1:4.2.6.3-0ubuntu1 libreoffice-l10n-ku - 1:4.2.6.3-0ubuntu1 libreoffice-style-galaxy - 1:4.2.6.3-0ubuntu1 libreoffice-style-hicontrast - 1:4.2.6.3-0ubuntu1 libreoffice-core - 1:4.2.6.3-0ubuntu1 libreoffice-presenter-console - 1:4.2.6.3-0ubuntu1 libreoffice-script-provider-bsh - 1:4.2.6.3-0ubuntu1 libreoffice-avmedia-backend-gstreamer - 1:4.2.6.3-0ubuntu1 libreoffice-script-provider-python - 1:4.2.6.3-0ubuntu1 libreoffice-common - 1:4.2.6.3-0ubuntu1 libreoffice-gnome - 1:4.2.6.3-0ubuntu1 libreoffice-dev - 1:4.2.6.3-0ubuntu1 libreoffice-gtk3 - 1:4.2.6.3-0ubuntu1 libreoffice-report-builder - 1:4.2.6.3-0ubuntu1 libreoffice-pdfimport - 1:4.2.6.3-0ubuntu1 libreoffice-base-core - 1:4.2.6.3-0ubuntu1 libreoffice-ogltrans - 1:4.2.6.3-0ubuntu1 libreoffice-sdbc-hsqldb - 1:4.2.6.3-0ubuntu1 libreoffice-gtk - 1:4.2.6.3-0ubuntu1 libreoffice-calc - 1:4.2.6.3-0ubuntu1 libreoffice-base-drivers - 1:4.2.6.3-0ubuntu1 libreoffice-style-oxygen - 1:4.2.6.3-0ubuntu1 libreoffice-emailmerge - 1:4.2.6.3-0ubuntu1 libreoffice-style-human - 1:4.2.6.3-0ubuntu1 libreoffice-sdbc-firebird - 1:4.2.6.3-0ubuntu1 python3-uno - 1:4.2.6.3-0ubuntu1 libreoffice-math - 1:4.2.6.3-0ubuntu1 libreoffice-writer - 1:4.2.6.3-0ubuntu1 libreoffice-report-builder-bin - 1:4.2.6.3-0ubuntu1 libreoffice-script-provider-js - 1:4.2.6.3-0ubuntu1 libreoffice - 1:4.2.6.3-0ubuntu1 libreoffice-draw - 1:4.2.6.3-0ubuntu1 libreoffice-style-sifr - 1:4.2.6.3-0ubuntu1 libreoffice-dev-doc - 1:4.2.6.3-0ubuntu1 libreoffice-l10n-in - 1:4.2.6.3-0ubuntu1 libreoffice-l10n-za - 1:4.2.6.3-0ubuntu1 libreoffice-sdbc-postgresql - 1:4.2.6.3-0ubuntu1 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.6.3-0ubuntu1 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.6.3-0ubuntu1 No subscription required uno-libs3 - 4.2.6.3-0ubuntu1 ure - 4.2.6.3-0ubuntu1 No subscription required Low CVE-2014-3524 Ubuntu 14.04 LTS A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155) Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. (CVE-2014-0181) An information leak was discovered in the Linux kernels aio_read_events_ring function. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-0206) A flaw was discovered in the Linux kernel's implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027) Sasha Levin reported an issue with the Linux kernel's shared memory subsystem when used with range notifications and hole punching. A local user could exploit this flaw to cause a denial of service. (CVE-2014-4171) Toralf Förster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508) An information leak was discovered in the control implemenation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-4652) A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653) A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654) A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655) An integer overflow flaw was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA). A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4656) An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. (CVE-2014-4667) Vasily Averin discover a reference count flaw during attempts to umount in conjunction with a symlink. A local user could exploit this flaw to cause a denial of service (memory consumption or use after free) or possibly have other unspecified impact. (CVE-2014-5045) Update Instructions: Run `sudo pro fix USN-2337-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-35-generic - 3.13.0-35.62 linux-image-3.13.0-35-generic-lpae - 3.13.0-35.62 linux-image-3.13.0-35-powerpc64-smp - 3.13.0-35.62 linux-image-3.13.0-35-powerpc64-emb - 3.13.0-35.62 linux-image-3.13.0-35-powerpc-e500 - 3.13.0-35.62 linux-image-3.13.0-35-generic - 3.13.0-35.62 linux-image-3.13.0-35-lowlatency - 3.13.0-35.62 linux-image-3.13.0-35-powerpc-smp - 3.13.0-35.62 linux-image-3.13.0-35-powerpc-e500mc - 3.13.0-35.62 No subscription required Medium CVE-2014-0155 CVE-2014-0181 CVE-2014-0206 CVE-2014-4014 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4667 CVE-2014-5045 Ubuntu 14.04 LTS It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2338-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblua5.1-0 - 5.1.5-5ubuntu0.1 lua5.1 - 5.1.5-5ubuntu0.1 lua5.1-doc - 5.1.5-5ubuntu0.1 liblua5.1-0-dev - 5.1.5-5ubuntu0.1 No subscription required Medium CVE-2014-5461 Ubuntu 14.04 LTS Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Update Instructions: Run `sudo pro fix USN-2339-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.1 libgcrypt11-udeb - 1.5.3-2ubuntu4.1 libgcrypt11-dev - 1.5.3-2ubuntu4.1 libgcrypt11 - 1.5.3-2ubuntu4.1 No subscription required Medium CVE-2014-5270 Ubuntu 14.04 LTS Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: procmail - 3.22-21ubuntu0.1 No subscription required Medium CVE-2014-3618 Ubuntu 14.04 LTS Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. Update Instructions: Run `sudo pro fix USN-2341-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.2 libcups2-dev - 1.7.2-0ubuntu1.2 cups-bsd - 1.7.2-0ubuntu1.2 libcupsmime1 - 1.7.2-0ubuntu1.2 cups-common - 1.7.2-0ubuntu1.2 cups-core-drivers - 1.7.2-0ubuntu1.2 cups-server-common - 1.7.2-0ubuntu1.2 libcupsimage2 - 1.7.2-0ubuntu1.2 cups-client - 1.7.2-0ubuntu1.2 libcupscgi1-dev - 1.7.2-0ubuntu1.2 libcups2 - 1.7.2-0ubuntu1.2 libcupsmime1-dev - 1.7.2-0ubuntu1.2 cups-ppdc - 1.7.2-0ubuntu1.2 libcupsppdc1 - 1.7.2-0ubuntu1.2 cups - 1.7.2-0ubuntu1.2 libcupsppdc1-dev - 1.7.2-0ubuntu1.2 libcupsimage2-dev - 1.7.2-0ubuntu1.2 cups-daemon - 1.7.2-0ubuntu1.2 No subscription required Medium CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 Ubuntu 14.04 LTS Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and others discovered multiple issues in the QEMU block drivers. An attacker able to modify disk images could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223) It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service. (CVE-2014-3471) Update Instructions: Run `sudo pro fix USN-2342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.3 qemu-user-static - 2.0.0+dfsg-2ubuntu1.3 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.3 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.3 qemu-kvm - 2.0.0+dfsg-2ubuntu1.3 qemu-user - 2.0.0+dfsg-2ubuntu1.3 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.3 qemu-system - 2.0.0+dfsg-2ubuntu1.3 qemu-utils - 2.0.0+dfsg-2ubuntu1.3 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.3 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.3 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.3 qemu-common - 2.0.0+dfsg-2ubuntu1.3 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.3 qemu - 2.0.0+dfsg-2ubuntu1.3 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.3 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.3 No subscription required Medium CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3471 Ubuntu 14.04 LTS Tyson Smith and Jesse Schwartzentruber discovered that NSS contained a race condition when performing certificate validation. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2343-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.15.4-1ubuntu7.1 libnss3-dev - 2:3.15.4-1ubuntu7.1 libnss3 - 2:3.15.4-1ubuntu7.1 libnss3-1d - 2:3.15.4-1ubuntu7.1 libnss3-tools - 2:3.15.4-1ubuntu7.1 No subscription required Medium CVE-2014-1544 Ubuntu 14.04 LTS It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587) It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records. (CVE-2014-3597) Update Instructions: Run `sudo pro fix USN-2344-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.4 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.4 php5-curl - 5.5.9+dfsg-1ubuntu4.4 php5-intl - 5.5.9+dfsg-1ubuntu4.4 php5-snmp - 5.5.9+dfsg-1ubuntu4.4 php5-mysql - 5.5.9+dfsg-1ubuntu4.4 php5-odbc - 5.5.9+dfsg-1ubuntu4.4 php5-xsl - 5.5.9+dfsg-1ubuntu4.4 php5-gd - 5.5.9+dfsg-1ubuntu4.4 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.4 php5-tidy - 5.5.9+dfsg-1ubuntu4.4 php5-dev - 5.5.9+dfsg-1ubuntu4.4 php5-pgsql - 5.5.9+dfsg-1ubuntu4.4 php5-enchant - 5.5.9+dfsg-1ubuntu4.4 php5-readline - 5.5.9+dfsg-1ubuntu4.4 php5-gmp - 5.5.9+dfsg-1ubuntu4.4 php5-fpm - 5.5.9+dfsg-1ubuntu4.4 php5-cgi - 5.5.9+dfsg-1ubuntu4.4 php5-sqlite - 5.5.9+dfsg-1ubuntu4.4 php5-ldap - 5.5.9+dfsg-1ubuntu4.4 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.4 php5 - 5.5.9+dfsg-1ubuntu4.4 php5-cli - 5.5.9+dfsg-1ubuntu4.4 php-pear - 5.5.9+dfsg-1ubuntu4.4 php5-sybase - 5.5.9+dfsg-1ubuntu4.4 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.4 php5-pspell - 5.5.9+dfsg-1ubuntu4.4 php5-common - 5.5.9+dfsg-1ubuntu4.4 libphp5-embed - 5.5.9+dfsg-1ubuntu4.4 No subscription required Medium CVE-2014-3587 CVE-2014-3597 Ubuntu 14.04 LTS Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3178, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3179, CVE-2014-3200) It was discovered that Chromium did not properly handle the interaction of IPC and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3188) A use-after-free was discovered in the web workers implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via applicatin crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3194) It was discovered that V8 did not correctly handle Javascript heap allocations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-3195) It was discovered that Blink did not properly provide substitute data for pages blocked by the XSS auditor. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-3197) It was discovered that the wrap function for Event's in the V8 bindings in Blink produced an erroneous result in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service by stopping a worker process that was handling an Event object. (CVE-2014-3199) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7967) Update Instructions: Run `sudo pro fix USN-2345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.2.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.2.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.2.5-0ubuntu0.14.04.1 oxideqmlscene - 1.2.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.2.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-3178 CVE-2014-3179 CVE-2014-3188 CVE-2014-3190 CVE-2014-3191 CVE-2014-3192 CVE-2014-3194 CVE-2014-3195 CVE-2014-3197 CVE-2014-3199 CVE-2014-3200 CVE-2014-7967 Ubuntu 14.04 LTS Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. (CVE-2014-3613) Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites. (CVE-2014-3620) Update Instructions: Run `sudo pro fix USN-2346-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.1 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.1 libcurl4-openssl-dev - 7.35.0-1ubuntu2.1 libcurl3-gnutls - 7.35.0-1ubuntu2.1 libcurl3-udeb - 7.35.0-1ubuntu2.1 libcurl4-doc - 7.35.0-1ubuntu2.1 libcurl3-nss - 7.35.0-1ubuntu2.1 libcurl4-nss-dev - 7.35.0-1ubuntu2.1 libcurl3 - 7.35.0-1ubuntu2.1 curl - 7.35.0-1ubuntu2.1 No subscription required Medium CVE-2014-3613 CVE-2014-3620 Ubuntu 14.04 LTS Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. (CVE-2014-0480) David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service. (CVE-2014-0481) David Greisen discovered that Django incorrectly handled certain headers in contrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user could use this issue to hijack web sessions. (CVE-2014-0482) Collin Anderson discovered that Django incorrectly checked if a field represented a relationship between models in the administrative interface. A remote authenticated user could use this issue to possibly obtain sensitive information. (CVE-2014-0483) Update Instructions: Run `sudo pro fix USN-2347-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.4 python-django - 1.6.1-2ubuntu0.4 No subscription required Medium CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 Ubuntu 14.04 LTS It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn't met. (CVE-2014-0487) It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. (CVE-2014-0488) It was discovered that the APT Acquire::GzipIndexes option caused APT to skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS, and was not enabled by default. (CVE-2014-0489) It was discovered that APT did not correctly validate signatures when manually downloading packages using the download command. This issue only applied to Ubuntu 12.04 LTS. (CVE-2014-0490) Update Instructions: Run `sudo pro fix USN-2348-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.3 apt-doc - 1.0.1ubuntu2.3 apt-transport-https - 1.0.1ubuntu2.3 libapt-pkg-doc - 1.0.1ubuntu2.3 apt - 1.0.1ubuntu2.3 apt-utils - 1.0.1ubuntu2.3 libapt-pkg-dev - 1.0.1ubuntu2.3 libapt-pkg4.12 - 1.0.1ubuntu2.3 No subscription required High CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 CVE-2014-0490 Ubuntu 14.04 LTS The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-2350-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.17-0ubuntu0.14.04.1 libnss3-dev - 2:3.17-0ubuntu0.14.04.1 libnss3 - 2:3.17-0ubuntu0.14.04.1 libnss3-1d - 2:3.17-0ubuntu0.14.04.1 libnss3-tools - 2:3.17-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1372410 Ubuntu 14.04 LTS Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host. Update Instructions: Run `sudo pro fix USN-2351-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.1 nginx-core - 1.4.6-1ubuntu3.1 nginx-common - 1.4.6-1ubuntu3.1 nginx-full - 1.4.6-1ubuntu3.1 nginx - 1.4.6-1ubuntu3.1 nginx-doc - 1.4.6-1ubuntu3.1 nginx-naxsi - 1.4.6-1ubuntu3.1 nginx-naxsi-ui - 1.4.6-1ubuntu3.1 nginx-light - 1.4.6-1ubuntu3.1 No subscription required Medium CVE-2014-3616 Ubuntu 14.04 LTS Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3635) Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3636) Alban Crequy discovered that DBus incorrectly handled certain file descriptor messages. A local attacker could use this issue to cause DBus to maintain persistent connections, possibly resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3637) Alban Crequy discovered that DBus incorrectly handled a large number of parallel connections and parallel message calls. A local attacker could use this issue to cause DBus to consume resources, possibly resulting in a denial of service. (CVE-2014-3638) Alban Crequy discovered that DBus incorrectly handled incomplete connections. A local attacker could use this issue to cause DBus to fail legitimate connection attempts, resulting in a denial of service. (CVE-2014-3639) Update Instructions: Run `sudo pro fix USN-2352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.2 dbus-x11 - 1.6.18-0ubuntu4.2 libdbus-1-3 - 1.6.18-0ubuntu4.2 libdbus-1-dev - 1.6.18-0ubuntu4.2 dbus-1-doc - 1.6.18-0ubuntu4.2 No subscription required Medium CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 Ubuntu 14.04 LTS It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-6273) In addition, this update fixes regressions introduced by the USN-2348-1 security update: APT incorrectly handled file:/// sources on a different partition, incorrectly handled Dir::state::lists set to a relative path, and incorrectly handled cdrom: sources. Update Instructions: Run `sudo pro fix USN-2353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.4.1 apt-doc - 1.0.1ubuntu2.4.1 apt-transport-https - 1.0.1ubuntu2.4.1 libapt-pkg-doc - 1.0.1ubuntu2.4.1 apt - 1.0.1ubuntu2.4.1 apt-utils - 1.0.1ubuntu2.4.1 libapt-pkg-dev - 1.0.1ubuntu2.4.1 libapt-pkg4.12 - 1.0.1ubuntu2.4.1 No subscription required Medium CVE-2014-6273 Ubuntu 14.04 LTS Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472) Update Instructions: Run `sudo pro fix USN-2359-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-36-powerpc64-emb - 3.13.0-36.63 linux-image-3.13.0-36-generic - 3.13.0-36.63 linux-image-3.13.0-36-powerpc64-smp - 3.13.0-36.63 linux-image-3.13.0-36-powerpc-e500mc - 3.13.0-36.63 linux-image-3.13.0-36-lowlatency - 3.13.0-36.63 linux-image-3.13.0-36-powerpc-e500 - 3.13.0-36.63 linux-image-3.13.0-36-powerpc-smp - 3.13.0-36.63 linux-image-3.13.0-36-generic-lpae - 3.13.0-36.63 linux-image-extra-3.13.0-36-generic - 3.13.0-36.63 No subscription required Medium CVE-2014-3601 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 Ubuntu 14.04 LTS Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Update Instructions: Run `sudo pro fix USN-2360-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nn - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nb - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fa - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fi - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fr - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fy - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-or - 32.0.3+build1-0ubuntu0.14.04.1 firefox-testsuite - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-oc - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cs - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ga - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gd - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gl - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gu - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pa - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pl - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cy - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pt - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hi - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ms - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-he - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hy - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hr - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hu - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-it - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-as - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ar - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-id - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mai - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-af - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-is - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-vi - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-an - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bs - 32.0.3+build1-0ubuntu0.14.04.1 firefox - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ro - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ja - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ru - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-br - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bn - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-be - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bg - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sl - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sk - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-si - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sw - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sv - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sr - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sq - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ko - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kn - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-km - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kk - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ka - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-xh - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ca - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ku - 32.0.3+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lv - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lt - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-th - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 32.0.3+build1-0ubuntu0.14.04.1 firefox-dev - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-te - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ta - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lg - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-tr - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nso - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-de - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-da - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uk - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mr - 32.0.3+build1-0ubuntu0.14.04.1 firefox-globalmenu - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ml - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mn - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mk - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eu - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-et - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-es - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-csb - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-el - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eo - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-en - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zu - 32.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ast - 32.0.3+build1-0ubuntu0.14.04.1 No subscription required High CVE-2014-1568 Ubuntu 14.04 LTS USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Update Instructions: Run `sudo pro fix USN-2360-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.1.2+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.1.2+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.1.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.1.2+build1-0ubuntu0.14.04.1 No subscription required High CVE-2014-1568 Ubuntu 14.04 LTS Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Update Instructions: Run `sudo pro fix USN-2361-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.17.1-0ubuntu0.14.04.1 libnss3-dev - 2:3.17.1-0ubuntu0.14.04.1 libnss3 - 2:3.17.1-0ubuntu0.14.04.1 libnss3-1d - 2:3.17.1-0ubuntu0.14.04.1 libnss3-tools - 2:3.17.1-0ubuntu0.14.04.1 No subscription required High CVE-2014-1568 Ubuntu 14.04 LTS Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments. Update Instructions: Run `sudo pro fix USN-2362-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.1 bash-doc - 4.3-7ubuntu1.1 bash-static - 4.3-7ubuntu1.1 bash - 4.3-7ubuntu1.1 No subscription required High CVE-2014-6271 Ubuntu 14.04 LTS Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. (CVE-2014-7169) Update Instructions: Run `sudo pro fix USN-2363-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.2 bash-doc - 4.3-7ubuntu1.2 bash-static - 4.3-7ubuntu1.2 bash - 4.3-7ubuntu1.2 No subscription required High CVE-2014-7169 Ubuntu 14.04 LTS USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. (CVE-2014-7169) Update Instructions: Run `sudo pro fix USN-2363-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.3 bash-doc - 4.3-7ubuntu1.3 bash-static - 4.3-7ubuntu1.3 bash - 4.3-7ubuntu1.3 No subscription required High CVE-2014-7169 Ubuntu 14.04 LTS Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-7186, CVE-2014-7187) In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions. Update Instructions: Run `sudo pro fix USN-2364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.4 bash-doc - 4.3-7ubuntu1.4 bash-static - 4.3-7ubuntu1.4 bash - 4.3-7ubuntu1.4 No subscription required Medium CVE-2014-7186 CVE-2014-7187 Ubuntu 14.04 LTS Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052) Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6053) Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling factor values. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6054) Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the file transfer feature. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6055) Update Instructions: Run `sudo pro fix USN-2365-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linuxvnc - 0.9.9+dfsg-1ubuntu1.1 libvncserver0 - 0.9.9+dfsg-1ubuntu1.1 libvncserver-config - 0.9.9+dfsg-1ubuntu1.1 libvncserver-dev - 0.9.9+dfsg-1ubuntu1.1 No subscription required Medium CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 Ubuntu 14.04 LTS Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu 14.04 LTS. (CVE-2014-0179, CVE-2014-5177) Luyao Huang discovered that libvirt incorrectly handled certain blkiotune queries. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3633) Update Instructions: Run `sudo pro fix USN-2366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.5 libvirt-dev - 1.2.2-0ubuntu13.1.5 libvirt-doc - 1.2.2-0ubuntu13.1.5 libvirt-bin - 1.2.2-0ubuntu13.1.5 No subscription required Medium CVE-2014-0179 CVE-2014-3633 CVE-2014-5177 Ubuntu 14.04 LTS It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2369-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.14-2ubuntu3.2 python-magic - 1:5.14-2ubuntu3.2 libmagic1 - 1:5.14-2ubuntu3.2 python3-magic - 1:5.14-2ubuntu3.2 file - 1:5.14-2ubuntu3.2 No subscription required Low CVE-2014-3587 Ubuntu 14.04 LTS Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions. Update Instructions: Run `sudo pro fix USN-2370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.5 apt-doc - 1.0.1ubuntu2.5 apt-transport-https - 1.0.1ubuntu2.5 libapt-pkg-doc - 1.0.1ubuntu2.5 apt - 1.0.1ubuntu2.5 apt-utils - 1.0.1ubuntu2.5 libapt-pkg-dev - 1.0.1ubuntu2.5 libapt-pkg4.12 - 1.0.1ubuntu2.5 No subscription required Medium CVE-2014-7206 Ubuntu 14.04 LTS It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exuberant-ctags - 1:5.9~svn20110310-7ubuntu0.1 No subscription required Medium CVE-2014-7204 Ubuntu 14.04 LTS Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard, Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and Jeff Walden discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1574, CVE-2014-1575) Atte Kettunen discovered a buffer overflow during CSS manipulation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1576) Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-1577) Abhishek Arya discovered an out-of-bounds write when buffering WebM video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1578) Michal Zalewski discovered that memory may not be correctly initialized when rendering a malformed GIF in to a canvas in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-1580) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1581) Patrick McManus and David Keeler discovered 2 issues that could result in certificate pinning being bypassed in some circumstances. An attacker with a fraudulent certificate could potentially exploit this conduct a machine-in-the-middle attack. (CVE-2014-1582, CVE-2014-1584) Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video sharing via WebRTC in iframes, where video continues to be shared after being stopped and navigating to a new site doesn't turn off the camera. An attacker could potentially exploit this to access the camera without the user being aware. (CVE-2014-1585, CVE-2014-1586) Boris Zbarsky discovered that webapps could use the Alarm API to read the values of cross-origin references. If a user were tricked in to installing a specially crafter webapp, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2014-1583) Update Instructions: Run `sudo pro fix USN-2372-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 33.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 33.0+build2-0ubuntu0.14.04.1 firefox - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 33.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 33.0+build2-0ubuntu0.14.04.1 firefox-dev - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 33.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 33.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 33.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 CVE-2014-1583 Ubuntu 14.04 LTS Bobby Holley, Christian Holler, David Bolter, Byron Campen and Jon Coppeard discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1574) Atte Kettunen discovered a buffer overflow during CSS manipulation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1576) Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-1577) Abhishek Arya discovered an out-of-bounds write when buffering WebM video in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1578) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1581) Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video sharing via WebRTC in iframes, where video continues to be shared after being stopped and navigating to a new site doesn't turn off the camera. An attacker could potentially exploit this to access the camera without the user being aware. (CVE-2014-1585, CVE-2014-1586) Update Instructions: Run `sudo pro fix USN-2373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.2.0+build2-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.2.0+build2-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-dev - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.2.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.2.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 Ubuntu 14.04 LTS Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184) Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. (CVE-2014-3185) Steven Vittitoe reported a buffer overflow in the Linux kernel's PicoLCD HID device driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via a specially craft device. (CVE-2014-3186) A flaw was discovered in the Linux kernel's associative-array garbage collection implementation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact by using keyctl operations. (CVE-2014-3631) A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410) James Eckersall discovered a buffer overflow in the Ceph filesystem in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (memory consumption and panic) or possibly have other unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416) James Eckersall discovered a flaw in the handling of memory allocation failures in the Ceph filesystem. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-6417) James Eckersall discovered a flaw in how the Ceph filesystem validates auth replies. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-6418) Update Instructions: Run `sudo pro fix USN-2379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-37-generic-lpae - 3.13.0-37.64 linux-image-3.13.0-37-lowlatency - 3.13.0-37.64 linux-image-3.13.0-37-powerpc64-emb - 3.13.0-37.64 linux-image-3.13.0-37-generic - 3.13.0-37.64 linux-image-3.13.0-37-powerpc-smp - 3.13.0-37.64 linux-image-3.13.0-37-powerpc-e500 - 3.13.0-37.64 linux-image-3.13.0-37-powerpc64-smp - 3.13.0-37.64 linux-image-extra-3.13.0-37-generic - 3.13.0-37.64 linux-image-3.13.0-37-powerpc-e500mc - 3.13.0-37.64 No subscription required Medium CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3631 CVE-2014-6410 CVE-2014-6416 CVE-2014-6417 CVE-2014-6418 Ubuntu 14.04 LTS Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278) Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Update Instructions: Run `sudo pro fix USN-2380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.5 bash-doc - 4.3-7ubuntu1.5 bash-static - 4.3-7ubuntu1.5 bash - 4.3-7ubuntu1.5 No subscription required Medium CVE-2014-6277 CVE-2014-6278 Ubuntu 14.04 LTS It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss. (CVE-2014-3634, CVE-2014-3683) Update Instructions: Run `sudo pro fix USN-2381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsyslog-pgsql - 7.4.4-1ubuntu2.3 rsyslog-gssapi - 7.4.4-1ubuntu2.3 rsyslog-mysql - 7.4.4-1ubuntu2.3 rsyslog-gnutls - 7.4.4-1ubuntu2.3 rsyslog - 7.4.4-1ubuntu2.3 rsyslog-doc - 7.4.4-1ubuntu2.3 rsyslog-relp - 7.4.4-1ubuntu2.3 No subscription required Medium CVE-2014-3634 CVE-2014-3683 Ubuntu 14.04 LTS Jakub Wilk discovered that Requests incorrectly reused authentication credentials after being redirected. An attacker could possibly use this issue to obtain authentication credentials intended for another site. (CVE-2014-1829, CVE-2014-1830) Update Instructions: Run `sudo pro fix USN-2382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-requests - 2.2.1-1ubuntu0.1 python-requests - 2.2.1-1ubuntu0.1 No subscription required Medium CVE-2014-1829 CVE-2014-1830 Ubuntu 14.04 LTS Jouni Malinen discovered that the wpa_cli tool incorrectly sanitized strings when being used with action scripts. A remote attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-2383-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.1 No subscription required wpagui - 2.1-0ubuntu1.1 wpasupplicant-udeb - 2.1-0ubuntu1.1 wpasupplicant - 2.1-0ubuntu1.1 No subscription required Medium CVE-2014-3686 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Update Instructions: Run `sudo pro fix USN-2384-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.40-0ubuntu0.14.04.1 mysql-client - 5.5.40-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.40-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.40-0ubuntu0.14.04.1 libmysqld-pic - 5.5.40-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.40-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.40-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.40-0ubuntu0.14.04.1 mysql-common - 5.5.40-0ubuntu0.14.04.1 mysql-server - 5.5.40-0ubuntu0.14.04.1 mysql-testsuite - 5.5.40-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.40-0ubuntu0.14.04.1 libmysqld-dev - 5.5.40-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.40-0ubuntu0.14.04.1 No subscription required Medium CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 Ubuntu 14.04 LTS It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3513) It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2014-3567) In addition, this update introduces support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version for interoperability reasons. Update Instructions: Run `sudo pro fix USN-2385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.7 libssl-dev - 1.0.1f-1ubuntu2.7 openssl - 1.0.1f-1ubuntu2.7 libssl-doc - 1.0.1f-1ubuntu2.7 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.7 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.7 No subscription required Medium CVE-2014-3513 CVE-2014-3567 Ubuntu 14.04 LTS The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the one currently used on the server. Update Instructions: Run `sudo pro fix USN-2387-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pollinate - 4.7-0ubuntu1.2 No subscription required None https://launchpad.net/bugs/1381359 Ubuntu 14.04 LTS A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-6506, CVE-2014-6513) Update Instructions: Run `sudo pro fix USN-2388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-source - 7u71-2.5.3-0ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-jre-lib - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-jdk - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-jre-headless - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-jre - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-doc - 7u71-2.5.3-0ubuntu0.14.04.1 openjdk-7-demo - 7u71-2.5.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6558 https://launchpad.net/bugs/1382205 Ubuntu 14.04 LTS It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2389-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.4 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.4 libxml2 - 2.9.1+dfsg1-3ubuntu4.4 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.4 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.4 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.4 No subscription required Medium CVE-2014-3660 Ubuntu 14.04 LTS Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3694) Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain malformed MXit emoticons. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2014-3695) Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain malformed Groupwise messages. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2014-3696) Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handled memory when processing XMPP messages. A malicious remote server or user could use this issue to cause Pidgin to disclosure arbitrary memory, resulting in an information leak. (CVE-2014-3698) Update Instructions: Run `sudo pro fix USN-2390-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpurple-dev - 1:2.10.9-0ubuntu3.2 pidgin - 1:2.10.9-0ubuntu3.2 pidgin-data - 1:2.10.9-0ubuntu3.2 finch-dev - 1:2.10.9-0ubuntu3.2 pidgin-dev - 1:2.10.9-0ubuntu3.2 libpurple-bin - 1:2.10.9-0ubuntu3.2 finch - 1:2.10.9-0ubuntu3.2 libpurple0 - 1:2.10.9-0ubuntu3.2 No subscription required Medium CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Ubuntu 14.04 LTS Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3669) Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3670) Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3710) It was discovered that PHP incorrectly handled NULL bytes when processing certain URLs with the curl functions. A remote attacker could possibly use this issue to bypass filename restrictions and obtain access to sensitive files. (No CVE number) Update Instructions: Run `sudo pro fix USN-2391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.5 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.5 php5-curl - 5.5.9+dfsg-1ubuntu4.5 php5-intl - 5.5.9+dfsg-1ubuntu4.5 php5-snmp - 5.5.9+dfsg-1ubuntu4.5 php5-mysql - 5.5.9+dfsg-1ubuntu4.5 php5-odbc - 5.5.9+dfsg-1ubuntu4.5 php5-xsl - 5.5.9+dfsg-1ubuntu4.5 php5-gd - 5.5.9+dfsg-1ubuntu4.5 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.5 php5-tidy - 5.5.9+dfsg-1ubuntu4.5 php5-dev - 5.5.9+dfsg-1ubuntu4.5 php5-pgsql - 5.5.9+dfsg-1ubuntu4.5 php5-enchant - 5.5.9+dfsg-1ubuntu4.5 php5-readline - 5.5.9+dfsg-1ubuntu4.5 php5-gmp - 5.5.9+dfsg-1ubuntu4.5 php5-fpm - 5.5.9+dfsg-1ubuntu4.5 php5-cgi - 5.5.9+dfsg-1ubuntu4.5 php5-sqlite - 5.5.9+dfsg-1ubuntu4.5 php5-ldap - 5.5.9+dfsg-1ubuntu4.5 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.5 php5 - 5.5.9+dfsg-1ubuntu4.5 php5-cli - 5.5.9+dfsg-1ubuntu4.5 php-pear - 5.5.9+dfsg-1ubuntu4.5 php5-sybase - 5.5.9+dfsg-1ubuntu4.5 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.5 php5-pspell - 5.5.9+dfsg-1ubuntu4.5 php5-common - 5.5.9+dfsg-1ubuntu4.5 libphp5-embed - 5.5.9+dfsg-1ubuntu4.5 No subscription required Medium CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 Ubuntu 14.04 LTS HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution. Update Instructions: Run `sudo pro fix USN-2393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.15-1ubuntu1.14.04.1 wget-udeb - 1.15-1ubuntu1.14.04.1 No subscription required Medium CVE-2014-4877 Ubuntu 14.04 LTS Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A bounds check error was discovered in the driver for the Logitech Unifying receivers and devices. A physically proximate attacker could exploit this flaw to to cause a denial of service (invalid kfree) or to execute arbitrary code. (CVE-2014-3182) Raphael Geissert reported a NULL pointer dereference in the Linux kernel's CIFS client. A remote CIFS server could cause a denial of service (system crash) or possibly have other unspecified impact by deleting IPC$ share during resolution of DFS referrals. (CVE-2014-7145) Update Instructions: Run `sudo pro fix USN-2395-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-39-lowlatency - 3.13.0-39.66 linux-image-3.13.0-39-powerpc64-emb - 3.13.0-39.66 linux-image-extra-3.13.0-39-generic - 3.13.0-39.66 linux-image-3.13.0-39-powerpc-smp - 3.13.0-39.66 linux-image-3.13.0-39-generic-lpae - 3.13.0-39.66 linux-image-3.13.0-39-powerpc-e500 - 3.13.0-39.66 linux-image-3.13.0-39-generic - 3.13.0-39.66 linux-image-3.13.0-39-powerpc-e500mc - 3.13.0-39.66 linux-image-3.13.0-39-powerpc64-smp - 3.13.0-39.66 No subscription required High CVE-2014-3182 CVE-2014-3610 CVE-2014-3611 CVE-2014-3646 CVE-2014-3647 CVE-2014-7145 Ubuntu 14.04 LTS Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-4975) Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. (CVE-2014-8080) Update Instructions: Run `sudo pro fix USN-2397-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.1 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.1 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.1 ruby1.9.1-full - 1.9.3.484-2ubuntu1.1 libruby1.9.1 - 1.9.3.484-2ubuntu1.1 ri1.9.1 - 1.9.3.484-2ubuntu1.1 ruby1.9.1 - 1.9.3.484-2ubuntu1.1 ruby1.9.3 - 1.9.3.484-2ubuntu1.1 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.1 libruby2.0 - 2.0.0.484-1ubuntu2.1 ruby2.0-doc - 2.0.0.484-1ubuntu2.1 ruby2.0 - 2.0.0.484-1ubuntu2.1 ruby2.0-dev - 2.0.0.484-1ubuntu2.1 No subscription required Medium CVE-2014-4975 CVE-2014-8080 Ubuntu 14.04 LTS It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.7-0ubuntu1 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.7-0ubuntu1 No subscription required libreoffice-presentation-minimizer - 1:4.2.7-0ubuntu1 libreoffice-impress - 1:4.2.7-0ubuntu1 libreoffice-officebean - 1:4.2.7-0ubuntu1 libreoffice-base - 1:4.2.7-0ubuntu1 libreoffice-librelogo - 1:4.2.7-0ubuntu1 libreoffice-java-common - 1:4.2.7-0ubuntu1 browser-plugin-libreoffice - 1:4.2.7-0ubuntu1 libreoffice-subsequentcheckbase - 1:4.2.7-0ubuntu1 libreoffice-style-tango - 1:4.2.7-0ubuntu1 libreoffice-style-crystal - 1:4.2.7-0ubuntu1 libreoffice-kde - 1:4.2.7-0ubuntu1 libreoffice-l10n-ku - 1:4.2.7-0ubuntu1 libreoffice-style-galaxy - 1:4.2.7-0ubuntu1 libreoffice-style-hicontrast - 1:4.2.7-0ubuntu1 libreoffice-core - 1:4.2.7-0ubuntu1 libreoffice-presenter-console - 1:4.2.7-0ubuntu1 libreoffice-script-provider-bsh - 1:4.2.7-0ubuntu1 libreoffice-avmedia-backend-gstreamer - 1:4.2.7-0ubuntu1 libreoffice-script-provider-python - 1:4.2.7-0ubuntu1 libreoffice-common - 1:4.2.7-0ubuntu1 libreoffice-gnome - 1:4.2.7-0ubuntu1 libreoffice-dev - 1:4.2.7-0ubuntu1 libreoffice-gtk3 - 1:4.2.7-0ubuntu1 libreoffice-report-builder - 1:4.2.7-0ubuntu1 libreoffice-pdfimport - 1:4.2.7-0ubuntu1 libreoffice-base-core - 1:4.2.7-0ubuntu1 libreoffice-ogltrans - 1:4.2.7-0ubuntu1 libreoffice-sdbc-hsqldb - 1:4.2.7-0ubuntu1 libreoffice-gtk - 1:4.2.7-0ubuntu1 libreoffice-calc - 1:4.2.7-0ubuntu1 libreoffice-base-drivers - 1:4.2.7-0ubuntu1 libreoffice-style-oxygen - 1:4.2.7-0ubuntu1 libreoffice-emailmerge - 1:4.2.7-0ubuntu1 libreoffice-style-human - 1:4.2.7-0ubuntu1 libreoffice-sdbc-firebird - 1:4.2.7-0ubuntu1 python3-uno - 1:4.2.7-0ubuntu1 libreoffice-math - 1:4.2.7-0ubuntu1 libreoffice-writer - 1:4.2.7-0ubuntu1 libreoffice-report-builder-bin - 1:4.2.7-0ubuntu1 libreoffice-script-provider-js - 1:4.2.7-0ubuntu1 libreoffice - 1:4.2.7-0ubuntu1 libreoffice-draw - 1:4.2.7-0ubuntu1 libreoffice-style-sifr - 1:4.2.7-0ubuntu1 libreoffice-dev-doc - 1:4.2.7-0ubuntu1 libreoffice-l10n-in - 1:4.2.7-0ubuntu1 libreoffice-l10n-za - 1:4.2.7-0ubuntu1 libreoffice-sdbc-postgresql - 1:4.2.7-0ubuntu1 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.7-0ubuntu1 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.7-0ubuntu1 No subscription required uno-libs3 - 4.2.7-0ubuntu1 ure - 4.2.7-0ubuntu1 No subscription required Medium CVE-2014-3693 Ubuntu 14.04 LTS Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may result in sensitive data being incorrectly sent to the remote server. Update Instructions: Run `sudo pro fix USN-2399-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.2 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.2 libcurl4-openssl-dev - 7.35.0-1ubuntu2.2 libcurl3-gnutls - 7.35.0-1ubuntu2.2 libcurl3-udeb - 7.35.0-1ubuntu2.2 libcurl4-doc - 7.35.0-1ubuntu2.2 libcurl3-nss - 7.35.0-1ubuntu2.2 libcurl4-nss-dev - 7.35.0-1ubuntu2.2 libcurl3 - 7.35.0-1ubuntu2.2 curl - 7.35.0-1ubuntu2.2 No subscription required Medium CVE-2014-3707 Ubuntu 14.04 LTS Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. (CVE-2014-3657) Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. (CVE-2014-7823) Update Instructions: Run `sudo pro fix USN-2404-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.7 libvirt-dev - 1.2.2-0ubuntu13.1.7 libvirt-doc - 1.2.2-0ubuntu13.1.7 libvirt-bin - 1.2.2-0ubuntu13.1.7 No subscription required Medium CVE-2014-3657 CVE-2014-7823 Ubuntu 14.04 LTS Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. (CVE-2014-3641) Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Cinder log files could obtain access to sensitive information. (CVE-2014-7230) Update Instructions: Run `sudo pro fix USN-2405-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cinder - 1:2014.1.3-0ubuntu1.1 cinder-backup - 1:2014.1.3-0ubuntu1.1 cinder-api - 1:2014.1.3-0ubuntu1.1 cinder-volume - 1:2014.1.3-0ubuntu1.1 cinder-common - 1:2014.1.3-0ubuntu1.1 cinder-scheduler - 1:2014.1.3-0ubuntu1.1 No subscription required Medium CVE-2014-3641 CVE-2014-7230 Ubuntu 14.04 LTS Brant Knudson discovered that OpenStack Keystone did not properly perform input sanitization when performing endpoint catalog substitution. A remote attacker with privileged access for creating endpoints could exploit this to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-2406-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-keystone - 1:2014.1.3-0ubuntu2.1 keystone-doc - 1:2014.1.3-0ubuntu2.1 keystone - 1:2014.1.3-0ubuntu2.1 No subscription required Medium CVE-2014-3621 Ubuntu 14.04 LTS Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. (CVE-2014-3608) Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information. (CVE-2014-7230) Update Instructions: Run `sudo pro fix USN-2407-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 1:2014.1.3-0ubuntu1.1 nova-common - 1:2014.1.3-0ubuntu1.1 nova-compute-xen - 1:2014.1.3-0ubuntu1.1 nova-api-os-compute - 1:2014.1.3-0ubuntu1.1 nova-objectstore - 1:2014.1.3-0ubuntu1.1 nova-novncproxy - 1:2014.1.3-0ubuntu1.1 nova-api-os-volume - 1:2014.1.3-0ubuntu1.1 nova-compute-lxc - 1:2014.1.3-0ubuntu1.1 nova-consoleauth - 1:2014.1.3-0ubuntu1.1 python-nova - 1:2014.1.3-0ubuntu1.1 nova-network - 1:2014.1.3-0ubuntu1.1 nova-api-ec2 - 1:2014.1.3-0ubuntu1.1 nova-api-metadata - 1:2014.1.3-0ubuntu1.1 nova-compute-kvm - 1:2014.1.3-0ubuntu1.1 nova-xvpvncproxy - 1:2014.1.3-0ubuntu1.1 nova-doc - 1:2014.1.3-0ubuntu1.1 nova-conductor - 1:2014.1.3-0ubuntu1.1 nova-volume - 1:2014.1.3-0ubuntu1.1 nova-compute-vmware - 1:2014.1.3-0ubuntu1.1 nova-spiceproxy - 1:2014.1.3-0ubuntu1.1 nova-scheduler - 1:2014.1.3-0ubuntu1.1 nova-console - 1:2014.1.3-0ubuntu1.1 nova-ajax-console-proxy - 1:2014.1.3-0ubuntu1.1 nova-cert - 1:2014.1.3-0ubuntu1.1 nova-baremetal - 1:2014.1.3-0ubuntu1.1 nova-compute - 1:2014.1.3-0ubuntu1.1 nova-compute-libvirt - 1:2014.1.3-0ubuntu1.1 nova-compute-qemu - 1:2014.1.3-0ubuntu1.1 nova-cells - 1:2014.1.3-0ubuntu1.1 No subscription required Low CVE-2014-3608 CVE-2014-7230 Ubuntu 14.04 LTS Elena Ezhova discovered that OpenStack Neutron did not properly perform access control checks for attributes. A remote authenticated attacker could exploit this to bypass intended access controls and reset admin-only attributes to default values. Update Instructions: Run `sudo pro fix USN-2408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: neutron-plugin-nicira - 1:2014.1.3-0ubuntu1.1 neutron-plugin-ibm - 1:2014.1.3-0ubuntu1.1 neutron-plugin-openvswitch-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-nec - 1:2014.1.3-0ubuntu1.1 neutron-l3-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-linuxbridge - 1:2014.1.3-0ubuntu1.1 neutron-plugin-ml2 - 1:2014.1.3-0ubuntu1.1 neutron-plugin-vpn-agent - 1:2014.1.3-0ubuntu1.1 neutron-lbaas-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-metering-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-vmware - 1:2014.1.3-0ubuntu1.1 neutron-plugin-cisco - 1:2014.1.3-0ubuntu1.1 neutron-plugin-oneconvergence-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-linuxbridge-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-mlnx-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-metaplugin - 1:2014.1.3-0ubuntu1.1 neutron-dhcp-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-mlnx - 1:2014.1.3-0ubuntu1.1 neutron-plugin-openflow-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-midonet - 1:2014.1.3-0ubuntu1.1 neutron-plugin-ryu-agent - 1:2014.1.3-0ubuntu1.1 neutron-metering-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-hyperv - 1:2014.1.3-0ubuntu1.1 neutron-server - 1:2014.1.3-0ubuntu1.1 neutron-vpn-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-openvswitch - 1:2014.1.3-0ubuntu1.1 python-neutron - 1:2014.1.3-0ubuntu1.1 neutron-plugin-plumgrid - 1:2014.1.3-0ubuntu1.1 neutron-plugin-ryu - 1:2014.1.3-0ubuntu1.1 neutron-plugin-bigswitch - 1:2014.1.3-0ubuntu1.1 neutron-plugin-nec-agent - 1:2014.1.3-0ubuntu1.1 neutron-metadata-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-bigswitch-agent - 1:2014.1.3-0ubuntu1.1 neutron-plugin-ibm-agent - 1:2014.1.3-0ubuntu1.1 neutron-common - 1:2014.1.3-0ubuntu1.1 neutron-plugin-brocade - 1:2014.1.3-0ubuntu1.1 neutron-plugin-oneconvergence - 1:2014.1.3-0ubuntu1.1 No subscription required Medium CVE-2014-6414 Ubuntu 14.04 LTS Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3615) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (CVE-2014-3640) It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (CVE-2014-3689) It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5263) Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5388) James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (CVE-2014-7815) Update Instructions: Run `sudo pro fix USN-2409-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.7 qemu-user-static - 2.0.0+dfsg-2ubuntu1.7 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.7 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.7 qemu-kvm - 2.0.0+dfsg-2ubuntu1.7 qemu-user - 2.0.0+dfsg-2ubuntu1.7 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.7 qemu-system - 2.0.0+dfsg-2ubuntu1.7 qemu-utils - 2.0.0+dfsg-2ubuntu1.7 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.7 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.7 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.7 qemu-common - 2.0.0+dfsg-2ubuntu1.7 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.7 qemu - 2.0.0+dfsg-2ubuntu1.7 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.7 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.7 No subscription required Medium CVE-2014-3615 CVE-2014-3640 CVE-2014-3689 CVE-2014-5263 CVE-2014-5388 CVE-2014-7815 Ubuntu 14.04 LTS A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7907) An integer overflow was discovered in media. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7908) An uninitialized memory read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7909) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7910) Update Instructions: Run `sudo pro fix USN-2410-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.3.4-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.3.4-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.3.4-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.3.4-0ubuntu0.14.04.1 oxideqmlscene - 1.3.4-0ubuntu0.14.04.1 oxideqt-codecs - 1.3.4-0ubuntu0.14.04.1 liboxideqtquick0 - 1.3.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-7904 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 Ubuntu 14.04 LTS Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2412-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.2 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.2 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.2 ruby1.9.1-full - 1.9.3.484-2ubuntu1.2 libruby1.9.1 - 1.9.3.484-2ubuntu1.2 ri1.9.1 - 1.9.3.484-2ubuntu1.2 ruby1.9.1 - 1.9.3.484-2ubuntu1.2 ruby1.9.3 - 1.9.3.484-2ubuntu1.2 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.2 libruby2.0 - 2.0.0.484-1ubuntu2.2 ruby2.0-doc - 2.0.0.484-1ubuntu2.2 ruby2.0 - 2.0.0.484-1ubuntu2.2 ruby2.0-dev - 2.0.0.484-1ubuntu2.2 No subscription required Medium CVE-2014-8090 Ubuntu 14.04 LTS An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under certain circumstances, a malicious application could use this flaw to perform operations that are not allowed by AppArmor policy. The flaw may also prevent applications from accessing resources that are allowed by AppArmor policy. Update Instructions: Run `sudo pro fix USN-2413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apparmor-docs - 2.8.95~2430-0ubuntu5.1 python-apparmor - 2.8.95~2430-0ubuntu5.1 libapparmor-dev - 2.8.95~2430-0ubuntu5.1 libapparmor-perl - 2.8.95~2430-0ubuntu5.1 libapparmor1 - 2.8.95~2430-0ubuntu5.1 apparmor-notify - 2.8.95~2430-0ubuntu5.1 apparmor-profiles - 2.8.95~2430-0ubuntu5.1 python3-libapparmor - 2.8.95~2430-0ubuntu5.1 python-libapparmor - 2.8.95~2430-0ubuntu5.1 libpam-apparmor - 2.8.95~2430-0ubuntu5.1 apparmor-easyprof - 2.8.95~2430-0ubuntu5.1 apparmor - 2.8.95~2430-0ubuntu5.1 python3-apparmor - 2.8.95~2430-0ubuntu5.1 apparmor-utils - 2.8.95~2430-0ubuntu5.1 libapache2-mod-apparmor - 2.8.95~2430-0ubuntu5.1 dh-apparmor - 2.8.95~2430-0ubuntu5.1 No subscription required Medium CVE-2014-1424 Ubuntu 14.04 LTS A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (CVE-2014-3690) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (CVE-2014-7975) Update Instructions: Run `sudo pro fix USN-2420-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-40-lowlatency - 3.13.0-40.69 linux-image-3.13.0-40-powerpc64-emb - 3.13.0-40.69 linux-image-extra-3.13.0-40-generic - 3.13.0-40.69 linux-image-3.13.0-40-powerpc-smp - 3.13.0-40.69 linux-image-3.13.0-40-generic-lpae - 3.13.0-40.69 linux-image-3.13.0-40-powerpc-e500 - 3.13.0-40.69 linux-image-3.13.0-40-generic - 3.13.0-40.69 linux-image-3.13.0-40-powerpc-e500mc - 3.13.0-40.69 linux-image-3.13.0-40-powerpc64-smp - 3.13.0-40.69 No subscription required Medium CVE-2014-3690 CVE-2014-4608 CVE-2014-7970 CVE-2014-7975 Ubuntu 14.04 LTS Sebastian Krahmer discovered that the Squid pinger incorrectly handled certain malformed ICMP packets. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.3.8-1ubuntu6.2 squid-cgi - 3.3.8-1ubuntu6.2 squid3-common - 3.3.8-1ubuntu6.2 squid-purge - 3.3.8-1ubuntu6.2 squidclient - 3.3.8-1ubuntu6.2 squid3 - 3.3.8-1ubuntu6.2 No subscription required Low CVE-2014-7141 CVE-2014-7142 Ubuntu 14.04 LTS Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6497) Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9050) Update Instructions: Run `sudo pro fix USN-2423-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav-testfiles - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav-base - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav - 0.98.5+addedllvm-0ubuntu0.14.04.1 libclamav6 - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav-daemon - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav-milter - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav-docs - 0.98.5+addedllvm-0ubuntu0.14.04.1 clamav-freshclam - 0.98.5+addedllvm-0ubuntu0.14.04.1 No subscription required Medium CVE-2013-6497 CVE-2014-9050 Ubuntu 14.04 LTS Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1587, CVE-2014-1588) Cody Crews discovered a way to trigger chrome-level XBL bindings from web content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-1589) Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-1590) Muneaki Nishimura discovered that CSP violation reports did not remove path information in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2014-1591) Berend-Jan Wever discovered a use-after-free during HTML parsing. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1592) Abhishek Arya discovered a buffer overflow when parsing media content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1593) Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the compositor. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause undefined behaviour, a denial of service via application crash or execute abitrary code with the privileges of the user invoking Firefox. (CVE-2014-1594) Update Instructions: Run `sudo pro fix USN-2424-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 34.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 34.0+build2-0ubuntu0.14.04.1 firefox - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 34.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 34.0+build2-0ubuntu0.14.04.1 firefox-dev - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 34.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 34.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 34.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 Ubuntu 14.04 LTS It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. (CVE-2014-7824) Update Instructions: Run `sudo pro fix USN-2425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.3 dbus-x11 - 1.6.18-0ubuntu4.3 libdbus-1-3 - 1.6.18-0ubuntu4.3 libdbus-1-dev - 1.6.18-0ubuntu4.3 dbus-1-doc - 1.6.18-0ubuntu4.3 No subscription required Medium CVE-2014-7824 Ubuntu 14.04 LTS Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2426-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflac-doc - 1.3.0-2ubuntu0.14.04.1 libflac-dev - 1.3.0-2ubuntu0.14.04.1 libflac++-dev - 1.3.0-2ubuntu0.14.04.1 flac - 1.3.0-2ubuntu0.14.04.1 libflac++6 - 1.3.0-2ubuntu0.14.04.1 libflac8 - 1.3.0-2ubuntu0.14.04.1 No subscription required Medium CVE-2014-8962 CVE-2014-9028 Ubuntu 14.04 LTS Hanno Böck discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2427-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.0-3ubuntu0.14.04.1 libksba-dev - 1.3.0-3ubuntu0.14.04.1 No subscription required Medium CVE-2014-9087 Ubuntu 14.04 LTS Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1587) Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-1590) Berend-Jan Wever discovered a use-after-free during HTML parsing. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1592) Abhishek Arya discovered a buffer overflow when parsing media content. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1593) Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the compositor. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause undefined behaviour, a denial of service via application crash or execute abitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1594) Update Instructions: Run `sudo pro fix USN-2428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.3.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.3.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.3.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 Ubuntu 14.04 LTS It was discovered that ppp incorrectly handled certain options files. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-2429-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.5-5.1ubuntu2.1 ppp - 2.4.5-5.1ubuntu2.1 ppp-dev - 2.4.5-5.1ubuntu2.1 No subscription required Medium CVE-2014-3158 Ubuntu 14.04 LTS Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvpn - 2.3.2-7ubuntu3.1 No subscription required Medium CVE-2014-8104 Ubuntu 14.04 LTS It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode. Update Instructions: Run `sudo pro fix USN-2431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-wsgi - 3.4-4ubuntu2.1.14.04.2 libapache2-mod-wsgi-py3 - 3.4-4ubuntu2.1.14.04.2 No subscription required Medium CVE-2014-8583 Ubuntu 14.04 LTS USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode. Update Instructions: Run `sudo pro fix USN-2431-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: maas-dhcp - 1.5.4+bzr2294-0ubuntu1.2 maas-cli - 1.5.4+bzr2294-0ubuntu1.2 maas-common - 1.5.4+bzr2294-0ubuntu1.2 python-maas-client - 1.5.4+bzr2294-0ubuntu1.2 maas - 1.5.4+bzr2294-0ubuntu1.2 maas-dns - 1.5.4+bzr2294-0ubuntu1.2 python-django-maas - 1.5.4+bzr2294-0ubuntu1.2 maas-region-controller-min - 1.5.4+bzr2294-0ubuntu1.2 maas-cluster-controller - 1.5.4+bzr2294-0ubuntu1.2 maas-region-controller - 1.5.4+bzr2294-0ubuntu1.2 python-maas-provisioningserver - 1.5.4+bzr2294-0ubuntu1.2 No subscription required None https://launchpad.net/bugs/1399016 Ubuntu 14.04 LTS Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656) Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. (CVE-2014-6040) Tim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2014-7817) Update Instructions: Run `sudo pro fix USN-2432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.4 libnss-dns-udeb - 2.19-0ubuntu6.4 libc6-ppc64 - 2.19-0ubuntu6.4 libc-bin - 2.19-0ubuntu6.4 libc6-x32 - 2.19-0ubuntu6.4 libc6-armel - 2.19-0ubuntu6.4 eglibc-source - 2.19-0ubuntu6.4 libc6-pic - 2.19-0ubuntu6.4 libc6-dev-ppc64 - 2.19-0ubuntu6.4 libc6-dev-armel - 2.19-0ubuntu6.4 libnss-files-udeb - 2.19-0ubuntu6.4 glibc-doc - 2.19-0ubuntu6.4 nscd - 2.19-0ubuntu6.4 multiarch-support - 2.19-0ubuntu6.4 libc6-dev - 2.19-0ubuntu6.4 libc6-amd64 - 2.19-0ubuntu6.4 libc6-dev-amd64 - 2.19-0ubuntu6.4 libc6 - 2.19-0ubuntu6.4 libc6-dev-x32 - 2.19-0ubuntu6.4 libc6-udeb - 2.19-0ubuntu6.4 libc6-dev-i386 - 2.19-0ubuntu6.4 libc-dev-bin - 2.19-0ubuntu6.4 libc6-prof - 2.19-0ubuntu6.4 No subscription required Medium CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 Ubuntu 14.04 LTS Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8767) Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-8768) Steffen Bauch discovered that tcpdump incorrectly handled printing AODV packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, reveal sensitive information, or possibly execute arbitrary code. (CVE-2014-8769) It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9140) In the default installation, attackers would be isolated by the tcpdump AppArmor profile. Update Instructions: Run `sudo pro fix USN-2433-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.5.1-2ubuntu1.1 No subscription required Medium CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 Ubuntu 14.04 LTS Jose Duart discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-2434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-14ubuntu3.1 libjasper-dev - 1.900.1-14ubuntu3.1 libjasper1 - 1.900.1-14ubuntu3.1 No subscription required Medium CVE-2014-9029 Ubuntu 14.04 LTS It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgv-perl - 2.36.0-0ubuntu3.1 libcgraph6 - 2.36.0-0ubuntu3.1 libgv-tcl - 2.36.0-0ubuntu3.1 libgv-guile - 2.36.0-0ubuntu3.1 libxdot4 - 2.36.0-0ubuntu3.1 libgvc6-plugins-gtk - 2.36.0-0ubuntu3.1 libcdt5 - 2.36.0-0ubuntu3.1 graphviz - 2.36.0-0ubuntu3.1 libgv-php5 - 2.36.0-0ubuntu3.1 libgv-python - 2.36.0-0ubuntu3.1 libgv-lua - 2.36.0-0ubuntu3.1 libpathplan4 - 2.36.0-0ubuntu3.1 graphviz-doc - 2.36.0-0ubuntu3.1 libgvpr2 - 2.36.0-0ubuntu3.1 libgraphviz-dev - 2.36.0-0ubuntu3.1 graphviz-dev - 2.36.0-0ubuntu3.1 libgvc6 - 2.36.0-0ubuntu3.1 libgv-ruby - 2.36.0-0ubuntu3.1 No subscription required Medium CVE-2014-9157 Ubuntu 14.04 LTS Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Update Instructions: Run `sudo pro fix USN-2436-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.4 xorg-server-source - 2:1.15.1-0ubuntu2.4 xdmx - 2:1.15.1-0ubuntu2.4 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.4 xserver-xorg-dev - 2:1.15.1-0ubuntu2.4 xvfb - 2:1.15.1-0ubuntu2.4 xnest - 2:1.15.1-0ubuntu2.4 xserver-common - 2:1.15.1-0ubuntu2.4 xserver-xephyr - 2:1.15.1-0ubuntu2.4 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.4 xdmx-tools - 2:1.15.1-0ubuntu2.4 No subscription required Medium CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 Ubuntu 14.04 LTS USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Original advisory details: Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Update Instructions: Run `sudo pro fix USN-2436-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.5 xorg-server-source - 2:1.15.1-0ubuntu2.5 xdmx - 2:1.15.1-0ubuntu2.5 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.5 xserver-xorg-dev - 2:1.15.1-0ubuntu2.5 xvfb - 2:1.15.1-0ubuntu2.5 xnest - 2:1.15.1-0ubuntu2.5 xserver-common - 2:1.15.1-0ubuntu2.5 xserver-xephyr - 2:1.15.1-0ubuntu2.5 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.5 xdmx-tools - 2:1.15.1-0ubuntu2.5 No subscription required None https://launchpad.net/bugs/1400942 Ubuntu 14.04 LTS Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2437-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.1 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.1 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.1 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.1 bind9utils - 1:9.9.5.dfsg-3ubuntu0.1 libdns100 - 1:9.9.5.dfsg-3ubuntu0.1 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.1 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.1 host - 1:9.9.5.dfsg-3ubuntu0.1 lwresd - 1:9.9.5.dfsg-3ubuntu0.1 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.1 libisc95 - 1:9.9.5.dfsg-3ubuntu0.1 bind9 - 1:9.9.5.dfsg-3ubuntu0.1 bind9-host - 1:9.9.5.dfsg-3ubuntu0.1 No subscription required Medium CVE-2014-8500 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Update Instructions: Run `sudo pro fix USN-2438-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.125-0ubuntu0.0.1 libcuda1-304 - 304.125-0ubuntu0.0.1 nvidia-current-updates-dev - 304.125-0ubuntu0.0.1 nvidia-libopencl1-304-updates - 304.125-0ubuntu0.0.1 nvidia-experimental-304-dev - 304.125-0ubuntu0.0.1 nvidia-304-updates - 304.125-0ubuntu0.0.1 nvidia-304 - 304.125-0ubuntu0.0.1 nvidia-current - 304.125-0ubuntu0.0.1 nvidia-304-updates-dev - 304.125-0ubuntu0.0.1 nvidia-current-updates - 304.125-0ubuntu0.0.1 nvidia-304-dev - 304.125-0ubuntu0.0.1 libcuda1-304-updates - 304.125-0ubuntu0.0.1 nvidia-libopencl1-304 - 304.125-0ubuntu0.0.1 nvidia-opencl-icd-304-updates - 304.125-0ubuntu0.0.1 nvidia-opencl-icd-304 - 304.125-0ubuntu0.0.1 nvidia-experimental-304 - 304.125-0ubuntu0.0.1 No subscription required nvidia-331 - 331.113-0ubuntu0.0.4 nvidia-opencl-icd-331 - 331.113-0ubuntu0.0.4 nvidia-libopencl1-331-updates - 331.113-0ubuntu0.0.4 nvidia-331-updates - 331.113-0ubuntu0.0.4 nvidia-319-updates-dev - 331.113-0ubuntu0.0.4 nvidia-opencl-icd-331-updates - 331.113-0ubuntu0.0.4 libcuda1-331-updates - 331.113-0ubuntu0.0.4 nvidia-319-updates - 331.113-0ubuntu0.0.4 nvidia-libopencl1-331 - 331.113-0ubuntu0.0.4 nvidia-319 - 331.113-0ubuntu0.0.4 libcuda1-331 - 331.113-0ubuntu0.0.4 nvidia-331-updates-dev - 331.113-0ubuntu0.0.4 nvidia-331-dev - 331.113-0ubuntu0.0.4 nvidia-331-updates-uvm - 331.113-0ubuntu0.0.4 nvidia-331-uvm - 331.113-0ubuntu0.0.4 nvidia-319-dev - 331.113-0ubuntu0.0.4 No subscription required Medium CVE-2014-8091 CVE-2014-8098 CVE-2014-8298 Ubuntu 14.04 LTS Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840) Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus VGA device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (CVE-2014-8106) Update Instructions: Run `sudo pro fix USN-2439-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.9 qemu-user-static - 2.0.0+dfsg-2ubuntu1.9 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.9 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.9 qemu-kvm - 2.0.0+dfsg-2ubuntu1.9 qemu-user - 2.0.0+dfsg-2ubuntu1.9 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.9 qemu-system - 2.0.0+dfsg-2ubuntu1.9 qemu-utils - 2.0.0+dfsg-2ubuntu1.9 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.9 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.9 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.9 qemu-common - 2.0.0+dfsg-2ubuntu1.9 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.9 qemu - 2.0.0+dfsg-2ubuntu1.9 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.9 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.9 No subscription required Medium CVE-2014-7840 CVE-2014-8106 Ubuntu 14.04 LTS Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.21-6.4ubuntu2.1 mutt - 1.5.21-6.4ubuntu2.1 No subscription required Medium CVE-2014-9116 Ubuntu 14.04 LTS Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825) The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090) Update Instructions: Run `sudo pro fix USN-2446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-43-generic - 3.13.0-43.72 linux-image-3.13.0-43-lowlatency - 3.13.0-43.72 linux-image-3.13.0-43-powerpc64-smp - 3.13.0-43.72 linux-image-3.13.0-43-powerpc-e500 - 3.13.0-43.72 linux-image-3.13.0-43-generic - 3.13.0-43.72 linux-image-3.13.0-43-powerpc-smp - 3.13.0-43.72 linux-image-3.13.0-43-powerpc-e500mc - 3.13.0-43.72 linux-image-3.13.0-43-generic-lpae - 3.13.0-43.72 linux-image-3.13.0-43-powerpc64-emb - 3.13.0-43.72 No subscription required High CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-7826 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090 CVE-2014-9322 Ubuntu 14.04 LTS Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970) Dmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086) The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090) Update Instructions: Run `sudo pro fix USN-2447-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-28-lowlatency - 3.16.0-28.37~14.04.1 linux-image-extra-3.16.0-28-generic - 3.16.0-28.37~14.04.1 linux-image-3.16.0-28-powerpc64-emb - 3.16.0-28.37~14.04.1 linux-image-3.16.0-28-generic - 3.16.0-28.37~14.04.1 linux-image-3.16.0-28-powerpc-e500mc - 3.16.0-28.37~14.04.1 linux-image-3.16.0-28-powerpc64-smp - 3.16.0-28.37~14.04.1 linux-image-3.16.0-28-generic-lpae - 3.16.0-28.37~14.04.1 linux-image-3.16.0-28-powerpc-smp - 3.16.0-28.37~14.04.1 No subscription required High CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-7826 CVE-2014-7970 CVE-2014-8086 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090 CVE-2014-9322 Ubuntu 14.04 LTS USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970) Dmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086) The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090) Update Instructions: Run `sudo pro fix USN-2447-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-28-lowlatency - 3.16.0-28.38~14.04.1 linux-image-extra-3.16.0-28-generic - 3.16.0-28.38~14.04.1 linux-image-3.16.0-28-powerpc64-emb - 3.16.0-28.38~14.04.1 linux-image-3.16.0-28-generic - 3.16.0-28.38~14.04.1 linux-image-3.16.0-28-powerpc-e500mc - 3.16.0-28.38~14.04.1 linux-image-3.16.0-28-powerpc64-smp - 3.16.0-28.38~14.04.1 linux-image-3.16.0-28-generic-lpae - 3.16.0-28.38~14.04.1 linux-image-3.16.0-28-powerpc-smp - 3.16.0-28.38~14.04.1 No subscription required None http://bugs.launchpad.net/bugs/1390604 Ubuntu 14.04 LTS Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293) Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. (CVE-2014-9294) Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. In non-default configurations, a remote attacker could use these issues to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295) Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296) Update Instructions: Run `sudo pro fix USN-2449-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 No subscription required Medium CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Ubuntu 14.04 LTS Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2 payloads that contained the Diffie-Hellman group 1025. A remote attacker could use this issue to cause the IKE daemon to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2450-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.2 strongswan-plugin-unbound - 5.1.2-0ubuntu2.2 strongswan-plugin-farp - 5.1.2-0ubuntu2.2 strongswan-ikev1 - 5.1.2-0ubuntu2.2 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.2 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.2 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.2 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.2 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.2 strongswan-plugin-sql - 5.1.2-0ubuntu2.2 strongswan-plugin-coupling - 5.1.2-0ubuntu2.2 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.2 strongswan-plugin-lookip - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.2 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.2 strongswan-ike - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.2 libstrongswan - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.2 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.2 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.2 strongswan - 5.1.2-0ubuntu2.2 strongswan-tnc-server - 5.1.2-0ubuntu2.2 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.2 strongswan-tnc-base - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.2 strongswan-starter - 5.1.2-0ubuntu2.2 strongswan-plugin-curl - 5.1.2-0ubuntu2.2 strongswan-plugin-radattr - 5.1.2-0ubuntu2.2 strongswan-plugin-soup - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.2 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.2 strongswan-ikev2 - 5.1.2-0ubuntu2.2 strongswan-plugin-mysql - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.2 strongswan-plugin-openssl - 5.1.2-0ubuntu2.2 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.2 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.2 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.2 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.2 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.2 strongswan-pt-tls-client - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.2 strongswan-nm - 5.1.2-0ubuntu2.2 strongswan-plugin-ldap - 5.1.2-0ubuntu2.2 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.2 strongswan-tnc-pdp - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.2 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.2 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.2 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.2 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.2 strongswan-plugin-ntru - 5.1.2-0ubuntu2.2 strongswan-plugin-gmp - 5.1.2-0ubuntu2.2 strongswan-plugin-agent - 5.1.2-0ubuntu2.2 strongswan-plugin-pgp - 5.1.2-0ubuntu2.2 strongswan-tnc-client - 5.1.2-0ubuntu2.2 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.2 strongswan-plugin-unity - 5.1.2-0ubuntu2.2 strongswan-plugin-led - 5.1.2-0ubuntu2.2 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.2 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.2 No subscription required Medium CVE-2014-9221 Ubuntu 14.04 LTS Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups. Update Instructions: Run `sudo pro fix USN-2451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cgmanager-utils - 0.24-0ubuntu7.1 cgmanager - 0.24-0ubuntu7.1 cgmanager-tests - 0.24-0ubuntu7.1 libcgmanager-dev - 0.24-0ubuntu7.1 libcgmanager0 - 0.24-0ubuntu7.1 No subscription required Medium CVE-2014-1425 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack. Update Instructions: Run `sudo pro fix USN-2452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.17.1-0ubuntu0.14.04.2 libnss3-dev - 2:3.17.1-0ubuntu0.14.04.2 libnss3 - 2:3.17.1-0ubuntu0.14.04.2 libnss3-1d - 2:3.17.1-0ubuntu0.14.04.2 libnss3-tools - 2:3.17.1-0ubuntu0.14.04.2 No subscription required Medium CVE-2014-1569 Ubuntu 14.04 LTS Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2453-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mime-support - 3.54ubuntu1.1 No subscription required Medium CVE-2014-7209 Ubuntu 14.04 LTS It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the "expandaddr" configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a "--" separator before the address to properly handle those that begin with "-". In addition, specifying sendmail options after the "--" separator is no longer supported, existing scripts may need to be modified to use the "-a" option instead. Update Instructions: Run `sudo pro fix USN-2455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsd-mailx - 8.1.2-0.20131005cvs-1ubuntu0.14.04.1 No subscription required Medium CVE-2014-7844 Ubuntu 14.04 LTS Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112) Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624) Update Instructions: Run `sudo pro fix USN-2456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.11+dfsg-1ubuntu1.1 No subscription required Medium CVE-2010-0624 CVE-2014-9112 Ubuntu 14.04 LTS Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8634, CVE-2014-8635) Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636) Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637) Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638) Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639) Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640) Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641) Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642) Update Instructions: Run `sudo pro fix USN-2458-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-nn - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-nb - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-fa - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-fi - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-fr - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-fy - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-or - 35.0+build3-0ubuntu0.14.04.2 firefox-testsuite - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-oc - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-cs - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ga - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-gd - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-gl - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-gu - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-pa - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-pl - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-cy - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-pt - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-hi - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ms - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-he - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-hy - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-hr - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-hu - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-it - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-as - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ar - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-az - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-id - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-mai - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-af - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-is - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-vi - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-an - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-bs - 35.0+build3-0ubuntu0.14.04.2 firefox - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ro - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ja - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ru - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-br - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-zh-hant - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-zh-hans - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-bn - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-be - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-bg - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-sl - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-sk - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-si - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-sw - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-sv - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-sr - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-sq - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ko - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-kn - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-km - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-kk - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ka - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-xh - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ca - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ku - 35.0+build3-0ubuntu0.14.04.2 firefox-mozsymbols - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-lv - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-lt - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-th - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-hsb - 35.0+build3-0ubuntu0.14.04.2 firefox-dev - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-te - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ta - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-lg - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-tr - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-nso - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-de - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-da - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-uk - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-mr - 35.0+build3-0ubuntu0.14.04.2 firefox-globalmenu - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ml - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-mn - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-mk - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-eu - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-et - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-es - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-csb - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-el - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-eo - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-en - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-zu - 35.0+build3-0ubuntu0.14.04.2 firefox-locale-ast - 35.0+build3-0ubuntu0.14.04.2 No subscription required Medium CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 Ubuntu 14.04 LTS USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8634, CVE-2014-8635) Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636) Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637) Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638) Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639) Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640) Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641) Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642) Update Instructions: Run `sudo pro fix USN-2458-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubufox - 3.0-0ubuntu0.14.04.1 xul-ext-ubufox - 3.0-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1398174 Ubuntu 14.04 LTS USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8634, CVE-2014-8635) Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636) Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637) Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638) Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639) Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640) Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641) Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642) Update Instructions: Run `sudo pro fix USN-2458-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 35.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 35.0.1+build1-0ubuntu0.14.04.1 firefox - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 35.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 35.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 35.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 35.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 35.0.1+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1419934 Ubuntu 14.04 LTS Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570) Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572) Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints. (CVE-2014-8275) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain key exchanges. A remote attacker could possibly use this issue to downgrade the security of the session to EXPORT_RSA. (CVE-2015-0204) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. A remote attacker could possibly use this issue to authenticate without the use of a private key in certain limited scenarios. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205) Chris Mueller discovered that OpenSSL incorrect handled memory when processing DTLS records. A remote attacker could use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206) Update Instructions: Run `sudo pro fix USN-2459-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.8 libssl-dev - 1.0.1f-1ubuntu2.8 openssl - 1.0.1f-1ubuntu2.8 libssl-doc - 1.0.1f-1ubuntu2.8 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.8 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.8 No subscription required Medium CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 Ubuntu 14.04 LTS Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-8634) Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638) Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639) Update Instructions: Run `sudo pro fix USN-2460-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.4.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.4.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.4.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 Ubuntu 14.04 LTS Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service. Update Instructions: Run `sudo pro fix USN-2461-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyaml-0-2 - 0.1.4-3ubuntu3.1 libyaml-dev - 0.1.4-3ubuntu3.1 No subscription required Medium CVE-2014-9130 Ubuntu 14.04 LTS Stanisław Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service. Update Instructions: Run `sudo pro fix USN-2461-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyaml-libyaml-perl - 0.41-5ubuntu0.14.04.1 No subscription required Medium CVE-2014-9130 Ubuntu 14.04 LTS Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service. Update Instructions: Run `sudo pro fix USN-2461-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-yaml - 3.10-4ubuntu0.1 python3-yaml - 3.10-4ubuntu0.1 No subscription required Medium CVE-2014-9130 Ubuntu 14.04 LTS A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842) Miloš Prchlík reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843) A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884) Update Instructions: Run `sudo pro fix USN-2466-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-44-powerpc-smp - 3.13.0-44.73 linux-image-3.13.0-44-generic - 3.13.0-44.73 linux-image-3.13.0-44-lowlatency - 3.13.0-44.73 linux-image-extra-3.13.0-44-generic - 3.13.0-44.73 linux-image-3.13.0-44-powerpc-e500mc - 3.13.0-44.73 linux-image-3.13.0-44-generic-lpae - 3.13.0-44.73 linux-image-3.13.0-44-powerpc64-smp - 3.13.0-44.73 linux-image-3.13.0-44-powerpc-e500 - 3.13.0-44.73 linux-image-3.13.0-44-powerpc64-emb - 3.13.0-44.73 No subscription required Medium CVE-2014-7841 CVE-2014-7842 CVE-2014-7843 CVE-2014-8884 Ubuntu 14.04 LTS A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842) Miloš Prchlík reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843) A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884) Update Instructions: Run `sudo pro fix USN-2467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-29-powerpc-smp - 3.16.0-29.39~14.04.1 linux-image-3.16.0-29-lowlatency - 3.16.0-29.39~14.04.1 linux-image-extra-3.16.0-29-generic - 3.16.0-29.39~14.04.1 linux-image-3.16.0-29-powerpc-e500mc - 3.16.0-29.39~14.04.1 linux-image-3.16.0-29-generic-lpae - 3.16.0-29.39~14.04.1 linux-image-3.16.0-29-powerpc64-emb - 3.16.0-29.39~14.04.1 linux-image-3.16.0-29-powerpc64-smp - 3.16.0-29.39~14.04.1 linux-image-3.16.0-29-generic - 3.16.0-29.39~14.04.1 No subscription required Medium CVE-2014-7841 CVE-2014-7842 CVE-2014-7843 CVE-2014-8884 Ubuntu 14.04 LTS Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2015-0220) Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. (CVE-2015-0221) Keryn Knight discovered that Django incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0222) Update Instructions: Run `sudo pro fix USN-2469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.6 python-django - 1.6.1-2ubuntu0.6 No subscription required Medium CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222 Ubuntu 14.04 LTS Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from. Update Instructions: Run `sudo pro fix USN-2470-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.1 gitweb - 1:1.9.1-1ubuntu0.1 git-gui - 1:1.9.1-1ubuntu0.1 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.1 git-arch - 1:1.9.1-1ubuntu0.1 git-bzr - 1:1.9.1-1ubuntu0.1 git-el - 1:1.9.1-1ubuntu0.1 gitk - 1:1.9.1-1ubuntu0.1 git-all - 1:1.9.1-1ubuntu0.1 git-mediawiki - 1:1.9.1-1ubuntu0.1 git-daemon-run - 1:1.9.1-1ubuntu0.1 git-man - 1:1.9.1-1ubuntu0.1 git-doc - 1:1.9.1-1ubuntu0.1 git-svn - 1:1.9.1-1ubuntu0.1 git-cvs - 1:1.9.1-1ubuntu0.1 git-core - 1:1.9.1-1ubuntu0.1 git-email - 1:1.9.1-1ubuntu0.1 No subscription required Medium CVE-2014-9390 Ubuntu 14.04 LTS Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.1 No subscription required Medium CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Ubuntu 14.04 LTS It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. (CVE-2009-4135) Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code. (CVE-2014-9471) Update Instructions: Run `sudo pro fix USN-2473-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mktemp - 8.21-1ubuntu5.1 coreutils - 8.21-1ubuntu5.1 No subscription required Medium CVE-2009-4135 CVE-2014-9471 Ubuntu 14.04 LTS Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests. Update Instructions: Run `sudo pro fix USN-2474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.3 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.3 libcurl4-openssl-dev - 7.35.0-1ubuntu2.3 libcurl3-gnutls - 7.35.0-1ubuntu2.3 libcurl3-udeb - 7.35.0-1ubuntu2.3 libcurl4-doc - 7.35.0-1ubuntu2.3 libcurl3-nss - 7.35.0-1ubuntu2.3 libcurl4-nss-dev - 7.35.0-1ubuntu2.3 libcurl3 - 7.35.0-1ubuntu2.3 curl - 7.35.0-1ubuntu2.3 No subscription required Medium CVE-2014-8150 Ubuntu 14.04 LTS Clemens Fries discovered that GTK+ allowed bypassing certain screen locks by using the menu key. An attacker with physical access could possibly use this flaw to gain access to a locked session. Update Instructions: Run `sudo pro fix USN-2475-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgtk-3-0-udeb - 3.10.8-0ubuntu1.4 libgail-3-0 - 3.10.8-0ubuntu1.4 gtk-3-examples - 3.10.8-0ubuntu1.4 libgtk-3-0 - 3.10.8-0ubuntu1.4 gir1.2-gtk-3.0 - 3.10.8-0ubuntu1.4 libgail-3-dev - 3.10.8-0ubuntu1.4 libgtk-3-common - 3.10.8-0ubuntu1.4 libgail-3-doc - 3.10.8-0ubuntu1.4 libgtk-3-doc - 3.10.8-0ubuntu1.4 libgtk-3-bin - 3.10.8-0ubuntu1.4 libgtk-3-dev - 3.10.8-0ubuntu1.4 No subscription required None https://launchpad.net/bugs/1366790 Ubuntu 14.04 LTS Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7923, CVE-2014-7926) A use-after-free was discovered in the IndexedDB implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7924) A use-after free was discovered in the WebAudio implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7925) Several memory corruption bugs were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931) Several use-after free bugs were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932, CVE-2014-7934) A use-after free was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7933) Multiple off-by-one errors were discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7937) A memory corruption bug was discovered in the fonts implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7938) It was discovered that ICU did not initialize memory for a data structure correctly. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7940) It was discovered that the fonts implementation did not initialize memory for a data structure correctly. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7942) An out-of-bounds read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7943) An out-of-bounds read was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7946) It was discovered that the AppCache proceeded with caching for SSL sessions even if there is a certificate error. A remote attacker could potentially exploit this by conducting a MITM attack to modify HTML application content. (CVE-2014-7948) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1205) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1346) Update Instructions: Run `sudo pro fix USN-2476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.4.2-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.4.2-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.4.2-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.4.2-0ubuntu0.14.04.1 oxideqmlscene - 1.4.2-0ubuntu0.14.04.1 oxideqt-codecs - 1.4.2-0ubuntu0.14.04.1 liboxideqtquick0 - 1.4.2-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7929 CVE-2014-7930 CVE-2014-7931 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7937 CVE-2014-7938 CVE-2014-7940 CVE-2014-7942 CVE-2014-7943 CVE-2014-7946 CVE-2014-7948 CVE-2015-1205 CVE-2015-1346 Ubuntu 14.04 LTS Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libevent-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.1 libevent-extra-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.1 libevent-pthreads-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.1 libevent-core-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.1 libevent-dev - 2.0.21-stable-1ubuntu1.14.04.1 libevent-openssl-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.1 No subscription required Medium CVE-2014-6272 Ubuntu 14.04 LTS It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.6.1-0ubuntu3.1 libssh-dev - 0.6.1-0ubuntu3.1 libssh-doc - 0.6.1-0ubuntu3.1 No subscription required Medium CVE-2014-8132 Ubuntu 14.04 LTS Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435) Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this issue to cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8118) Update Instructions: Run `sudo pro fix USN-2479-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: debugedit - 4.11.1-3ubuntu0.1 rpm-i18n - 4.11.1-3ubuntu0.1 python-rpm - 4.11.1-3ubuntu0.1 rpm-common - 4.11.1-3ubuntu0.1 librpm-dev - 4.11.1-3ubuntu0.1 rpm2cpio - 4.11.1-3ubuntu0.1 librpmsign1 - 4.11.1-3ubuntu0.1 rpm - 4.11.1-3ubuntu0.1 librpmbuild3 - 4.11.1-3ubuntu0.1 librpm3 - 4.11.1-3ubuntu0.1 librpmio3 - 4.11.1-3ubuntu0.1 No subscription required Medium CVE-2013-6435 CVE-2014-8118 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Update Instructions: Run `sudo pro fix USN-2480-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.41-0ubuntu0.14.04.1 mysql-client - 5.5.41-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.41-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.41-0ubuntu0.14.04.1 libmysqld-pic - 5.5.41-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.41-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.41-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.41-0ubuntu0.14.04.1 mysql-common - 5.5.41-0ubuntu0.14.04.1 mysql-server - 5.5.41-0ubuntu0.14.04.1 mysql-testsuite - 5.5.41-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.41-0ubuntu0.14.04.1 libmysqld-dev - 5.5.41-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.41-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0411 CVE-2015-0432 Ubuntu 14.04 LTS Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further. Update Instructions: Run `sudo pro fix USN-2481-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.4 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.4 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.4 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.4 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.4 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.4 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.4 No subscription required Medium CVE-2014-8143 Ubuntu 14.04 LTS Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory. Update Instructions: Run `sudo pro fix USN-2482-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasm1 - 0.158-0ubuntu5.2 libdw-dev - 0.158-0ubuntu5.2 libelf1 - 0.158-0ubuntu5.2 libelf-dev - 0.158-0ubuntu5.2 elfutils - 0.158-0ubuntu5.2 libdw1 - 0.158-0ubuntu5.2 libasm-dev - 0.158-0ubuntu5.2 No subscription required Medium CVE-2014-9447 Ubuntu 14.04 LTS Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8137) Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8138) It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8157) It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8158) Update Instructions: Run `sudo pro fix USN-2483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-14ubuntu3.2 libjasper-dev - 1.900.1-14ubuntu3.2 libjasper1 - 1.900.1-14ubuntu3.2 No subscription required Medium CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 Ubuntu 14.04 LTS Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2484-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.4.22-1ubuntu4.14.04.1 unbound - 1.4.22-1ubuntu4.14.04.1 python-unbound - 1.4.22-1ubuntu4.14.04.1 unbound-anchor - 1.4.22-1ubuntu4.14.04.1 unbound-host - 1.4.22-1ubuntu4.14.04.1 libunbound-dev - 1.4.22-1ubuntu4.14.04.1 No subscription required Medium CVE-2014-8602 Ubuntu 14.04 LTS Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2015-0413) Update Instructions: Run `sudo pro fix USN-2487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u75-2.5.4-1~trusty1 openjdk-7-source - 7u75-2.5.4-1~trusty1 icedtea-7-jre-jamvm - 7u75-2.5.4-1~trusty1 openjdk-7-jre-lib - 7u75-2.5.4-1~trusty1 openjdk-7-jdk - 7u75-2.5.4-1~trusty1 openjdk-7-jre-headless - 7u75-2.5.4-1~trusty1 openjdk-7-jre - 7u75-2.5.4-1~trusty1 openjdk-7-doc - 7u75-2.5.4-1~trusty1 openjdk-7-demo - 7u75-2.5.4-1~trusty1 No subscription required Medium CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 Ubuntu 14.04 LTS Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2488-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav-testfiles - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav-base - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav - 0.98.6+dfsg-0ubuntu0.14.04.1 libclamav6 - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav-daemon - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav-milter - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav-docs - 0.98.6+dfsg-0ubuntu0.14.04.1 clamav-freshclam - 0.98.6+dfsg-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-9328 Ubuntu 14.04 LTS Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.2 No subscription required Medium CVE-2014-9636 Ubuntu 14.04 LTS Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. (CVE-2014-3710) Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-8116) Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-8117) Update Instructions: Run `sudo pro fix USN-2494-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.14-2ubuntu3.3 python-magic - 1:5.14-2ubuntu3.3 libmagic1 - 1:5.14-2ubuntu3.3 python3-magic - 1:5.14-2ubuntu3.3 file - 1:5.14-2ubuntu3.3 No subscription required Medium CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 Ubuntu 14.04 LTS A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1209) It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-1210) It was discovered that Chromium did not properly restrict the URI scheme during ServiceWorker registration. If a user were tricked in to downloading and opening a specially crafted HTML file, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1211) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1212) Update Instructions: Run `sudo pro fix USN-2495-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.4.3-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.4.3-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.4.3-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.4.3-0ubuntu0.14.04.1 oxideqmlscene - 1.4.3-0ubuntu0.14.04.1 oxideqt-codecs - 1.4.3-0ubuntu0.14.04.1 liboxideqtquick0 - 1.4.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-1209 CVE-2015-1210 CVE-2015-1211 CVE-2015-1212 Ubuntu 14.04 LTS Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8501) Hanno Böck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8502) Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737) Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738) Hanno Böck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash). (CVE-2014-8503) Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code. (CVE-2014-8504) Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS. (CVE-2014-8484) Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. (CVE-2012-3509) Alexander Cherepanov and Hanno Böck discovered multiple additional out-of-bounds reads and writes in GNU binutils. An attacker could use these to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. A few of these issues may be limited in exposure to a denial of service (application abort) by the GNU C library's Fortify Source printf protection. The strings(1) utility in GNU binutils used libbfd by default when examining executable object files; unfortunately, libbfd was not originally developed with the expectation of hostile input. As a defensive measure, the behavior of strings has been changed to default to 'strings --all' behavior, which does not use libbfd; use the new argument to strings, '--data', to recreate the old behavior. Update Instructions: Run `sudo pro fix USN-2496-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.24-5ubuntu3.1 binutils-multiarch-dev - 2.24-5ubuntu3.1 binutils-static - 2.24-5ubuntu3.1 binutils-doc - 2.24-5ubuntu3.1 binutils-multiarch - 2.24-5ubuntu3.1 binutils-static-udeb - 2.24-5ubuntu3.1 binutils - 2.24-5ubuntu3.1 binutils-source - 2.24-5ubuntu3.1 No subscription required Medium CVE-2012-3509 CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Ubuntu 14.04 LTS Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297) Stephen Roettger discovered that NTP incorrectly handled ACLs based on certain IPv6 addresses. (CVE-2014-9298) Update Instructions: Run `sudo pro fix USN-2497-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 No subscription required Medium CVE-2014-9297 CVE-2014-9298 Ubuntu 14.04 LTS It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5351) It was discovered that the libgssapi_krb5 library incorrectly processed security context handles. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-5352) Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with no results. An authenticated remote attacker could use this issue to cause the KDC to crash, resulting in a denial of service. (CVE-2014-5353) It was discovered that Kerberos incorrectly handled creating database entries for a keyless principal when using LDAP. An authenticated remote attacker could use this issue to cause the KDC to crash, resulting in a denial of service. (CVE-2014-5354) It was discovered that Kerberos incorrectly handled memory when processing XDR data. A remote attacker could use this issue to cause kadmind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9421) It was discovered that Kerberos incorrectly handled two-component server principals. A remote attacker could use this issue to perform impersonation attacks. (CVE-2014-9422) It was discovered that the libgssrpc library leaked uninitialized bytes. A remote attacker could use this issue to possibly obtain sensitive information. (CVE-2014-9423) Update Instructions: Run `sudo pro fix USN-2498-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.12+dfsg-2ubuntu5.1 libkadm5srv-mit8 - 1.12+dfsg-2ubuntu5.1 libk5crypto3 - 1.12+dfsg-2ubuntu5.1 krb5-user - 1.12+dfsg-2ubuntu5.1 libgssrpc4 - 1.12+dfsg-2ubuntu5.1 libkrb5support0 - 1.12+dfsg-2ubuntu5.1 krb5-doc - 1.12+dfsg-2ubuntu5.1 libkrb5-dev - 1.12+dfsg-2ubuntu5.1 krb5-pkinit - 1.12+dfsg-2ubuntu5.1 libkrb5-3 - 1.12+dfsg-2ubuntu5.1 krb5-kdc-ldap - 1.12+dfsg-2ubuntu5.1 krb5-otp - 1.12+dfsg-2ubuntu5.1 libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu5.1 krb5-gss-samples - 1.12+dfsg-2ubuntu5.1 krb5-multidev - 1.12+dfsg-2ubuntu5.1 krb5-locales - 1.12+dfsg-2ubuntu5.1 libgssapi-krb5-2 - 1.12+dfsg-2ubuntu5.1 krb5-kdc - 1.12+dfsg-2ubuntu5.1 libkrad-dev - 1.12+dfsg-2ubuntu5.1 libkrad0 - 1.12+dfsg-2ubuntu5.1 libkdb5-7 - 1.12+dfsg-2ubuntu5.1 krb5-admin-server - 1.12+dfsg-2ubuntu5.1 No subscription required Medium CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Ubuntu 14.04 LTS Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. (CVE-2014-8161) Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0241) It was discovered that PostgreSQL incorrectly handled memory in the pgcrypto extension. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0243) Emil Lenngren discovered that PostgreSQL incorrectly handled extended protocol message reading. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly inject query messages. (CVE-2015-0244) Update Instructions: Run `sudo pro fix USN-2499-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.6-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.6-0ubuntu0.14.04 postgresql-9.3 - 9.3.6-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.6-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.6-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.6-0ubuntu0.14.04 libecpg6 - 9.3.6-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.6-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.6-0ubuntu0.14.04 libpgtypes3 - 9.3.6-0ubuntu0.14.04 libecpg-dev - 9.3.6-0ubuntu0.14.04 libpq-dev - 9.3.6-0ubuntu0.14.04 libpq5 - 9.3.6-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.6-0ubuntu0.14.04 libecpg-compat3 - 9.3.6-0ubuntu0.14.04 No subscription required Medium CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 Ubuntu 14.04 LTS Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6424) Update Instructions: Run `sudo pro fix USN-2500-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.7 xorg-server-source - 2:1.15.1-0ubuntu2.7 xdmx - 2:1.15.1-0ubuntu2.7 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.7 xserver-xorg-dev - 2:1.15.1-0ubuntu2.7 xvfb - 2:1.15.1-0ubuntu2.7 xnest - 2:1.15.1-0ubuntu2.7 xdmx-tools - 2:1.15.1-0ubuntu2.7 xserver-xephyr - 2:1.15.1-0ubuntu2.7 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.7 xserver-common - 2:1.15.1-0ubuntu2.7 No subscription required xserver-xephyr-lts-utopic - 2:1.16.0-1ubuntu1.2~trusty2 xserver-xorg-core-lts-utopic - 2:1.16.0-1ubuntu1.2~trusty2 xwayland-lts-utopic - 2:1.16.0-1ubuntu1.2~trusty2 xserver-xorg-dev-lts-utopic - 2:1.16.0-1ubuntu1.2~trusty2 xorg-server-source-lts-utopic - 2:1.16.0-1ubuntu1.2~trusty2 No subscription required Medium CVE-2013-6424 CVE-2015-0255 Ubuntu 14.04 LTS Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8142, CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427) It was discovered that PHP incorrectly handled certain pascal strings in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9652) Alex Eubanks discovered that PHP incorrectly handled EXIF data in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0232) It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1351) It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1352) Update Instructions: Run `sudo pro fix USN-2501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.6 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.6 php5-curl - 5.5.9+dfsg-1ubuntu4.6 php5-intl - 5.5.9+dfsg-1ubuntu4.6 php5-snmp - 5.5.9+dfsg-1ubuntu4.6 php5-mysql - 5.5.9+dfsg-1ubuntu4.6 php5-odbc - 5.5.9+dfsg-1ubuntu4.6 php5-xsl - 5.5.9+dfsg-1ubuntu4.6 php5-gd - 5.5.9+dfsg-1ubuntu4.6 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.6 php5-tidy - 5.5.9+dfsg-1ubuntu4.6 php5-dev - 5.5.9+dfsg-1ubuntu4.6 php5-pgsql - 5.5.9+dfsg-1ubuntu4.6 php5-enchant - 5.5.9+dfsg-1ubuntu4.6 php5-readline - 5.5.9+dfsg-1ubuntu4.6 php5-gmp - 5.5.9+dfsg-1ubuntu4.6 php5-fpm - 5.5.9+dfsg-1ubuntu4.6 php5-cgi - 5.5.9+dfsg-1ubuntu4.6 php5-sqlite - 5.5.9+dfsg-1ubuntu4.6 php5-ldap - 5.5.9+dfsg-1ubuntu4.6 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.6 php5 - 5.5.9+dfsg-1ubuntu4.6 php5-cli - 5.5.9+dfsg-1ubuntu4.6 php-pear - 5.5.9+dfsg-1ubuntu4.6 php5-sybase - 5.5.9+dfsg-1ubuntu4.6 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.6 php5-pspell - 5.5.9+dfsg-1ubuntu4.6 php5-common - 5.5.9+dfsg-1ubuntu4.6 libphp5-embed - 5.5.9+dfsg-1ubuntu4.6 No subscription required Medium CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2015-0231 CVE-2015-0232 CVE-2015-1351 CVE-2015-1352 Ubuntu 14.04 LTS William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2502-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.3 No subscription required Medium CVE-2015-1315 Ubuntu 14.04 LTS Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.2 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.2 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.2 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.2 bind9utils - 1:9.9.5.dfsg-3ubuntu0.2 libdns100 - 1:9.9.5.dfsg-3ubuntu0.2 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.2 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.2 host - 1:9.9.5.dfsg-3ubuntu0.2 lwresd - 1:9.9.5.dfsg-3ubuntu0.2 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.2 libisc95 - 1:9.9.5.dfsg-3ubuntu0.2 bind9 - 1:9.9.5.dfsg-3ubuntu0.2 bind9-host - 1:9.9.5.dfsg-3ubuntu0.2 No subscription required Medium CVE-2015-1349 Ubuntu 14.04 LTS The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-2504-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.17.4-0ubuntu0.14.04.1 libnss3-dev - 2:3.17.4-0ubuntu0.14.04.1 libnss3 - 2:3.17.4-0ubuntu0.14.04.1 libnss3-1d - 2:3.17.4-0ubuntu0.14.04.1 libnss3-tools - 2:3.17.4-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1423031 Ubuntu 14.04 LTS Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2015-0819) Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. (CVE-2015-0820) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-0821) Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Atte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS) in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-0823) Atte Kettunen discovered a crash when drawing images using Cairo in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0824) Atte Kettunen discovered a buffer underflow during playback of MP3 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0825) Atte Kettunen discovered a buffer overflow during CSS restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0826) Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827) A buffer overflow was discovered in libstagefright during video playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0829) Daniele Di Proietto discovered that WebGL could cause a crash in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0830) Paul Bandha discovered a use-after-free in IndexedDB. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0831) Muneaki Nishimura discovered that a period appended to a hostname could bypass key pinning and HSTS in some circumstances. A remote attacker could potentially exloit this to conduct a Machine-in-the-middle (MITM) attack. (CVE-2015-0832) Alexander Kolesnik discovered that Firefox would attempt plaintext connections to servers when handling turns: and stuns: URIs. A remote attacker could potentially exploit this by conducting a Machine-in-the-middle (MITM) attack in order to obtain credentials. (CVE-2015-0834) Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman, Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0835, CVE-2015-0836) Update Instructions: Run `sudo pro fix USN-2505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-nn - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-nb - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-fa - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-fi - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-fr - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-fy - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-or - 36.0+build2-0ubuntu0.14.04.4 firefox-testsuite - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-oc - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-cs - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ga - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-gd - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-gl - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-gu - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-pa - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-pl - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-cy - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-pt - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-hi - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ms - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-he - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-hy - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-hr - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-hu - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-it - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-as - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ar - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-az - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-id - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-mai - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-af - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-is - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-vi - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-an - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-bs - 36.0+build2-0ubuntu0.14.04.4 firefox - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ro - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ja - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ru - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-br - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-zh-hant - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-zh-hans - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-bn - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-be - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-bg - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-sl - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-sk - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-si - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-sw - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-sv - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-sr - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-sq - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ko - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-kn - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-km - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-kk - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ka - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-xh - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ca - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ku - 36.0+build2-0ubuntu0.14.04.4 firefox-mozsymbols - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-lv - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-lt - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-th - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-hsb - 36.0+build2-0ubuntu0.14.04.4 firefox-dev - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-te - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ta - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-lg - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-tr - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-nso - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-de - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-da - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-uk - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-mr - 36.0+build2-0ubuntu0.14.04.4 firefox-globalmenu - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-uz - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ml - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-mn - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-mk - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-eu - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-et - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-es - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-csb - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-el - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-eo - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-en - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-zu - 36.0+build2-0ubuntu0.14.04.4 firefox-locale-ast - 36.0+build2-0ubuntu0.14.04.4 No subscription required Medium CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 Ubuntu 14.04 LTS USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Matthew Noorenberghe discovered that allowlisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2015-0819) Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. (CVE-2015-0820) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-0821) Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Atte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS) in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-0823) Atte Kettunen discovered a crash when drawing images using Cairo in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0824) Atte Kettunen discovered a buffer underflow during playback of MP3 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0825) Atte Kettunen discovered a buffer overflow during CSS restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0826) Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827) A buffer overflow was discovered in libstagefright during video playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0829) Daniele Di Proietto discovered that WebGL could cause a crash in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0830) Paul Bandha discovered a use-after-free in IndexedDB. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0831) Muneaki Nishimura discovered that a period appended to a hostname could bypass key pinning and HSTS in some circumstances. A remote attacker could potentially exploit this to conduct a machine-in-the-middle (MITM) attack. (CVE-2015-0832) Alexander Kolesnik discovered that Firefox would attempt plaintext connections to servers when handling turns: and stuns: URIs. A remote attacker could potentially exploit this by conducting a Machine-in-the-middle (MITM) attack in order to obtain credentials. (CVE-2015-0834) Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman, Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0835, CVE-2015-0836) Update Instructions: Run `sudo pro fix USN-2505-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 36.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 36.0.1+build2-0ubuntu0.14.04.1 firefox - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 36.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 36.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 36.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 36.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 36.0.1+build2-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1429115 https://launchpad.net/bugs/1425972 Ubuntu 14.04 LTS Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827) Paul Bandha discovered a use-after-free in IndexedDB. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0831) Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, and Ryan VanderMeulen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0836) Update Instructions: Run `sudo pro fix USN-2506-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.5.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.5.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.5.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Ubuntu 14.04 LTS Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code. (CVE-2015-0247, CVE-2015-1572) Update Instructions: Run `sudo pro fix USN-2507-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.9-3ubuntu1.2 e2fslibs-dev - 1.42.9-3ubuntu1.2 e2fsprogs - 1.42.9-3ubuntu1.2 e2fsck-static - 1.42.9-3ubuntu1.2 e2fslibs - 1.42.9-3ubuntu1.2 e2fsprogs-udeb - 1.42.9-3ubuntu1.2 libcomerr2 - 1.42.9-3ubuntu1.2 No subscription required ss-dev - 2.0-1.42.9-3ubuntu1.2 No subscription required comerr-dev - 2.1-1.42.9-3ubuntu1.2 No subscription required Medium CVE-2015-0247 CVE-2015-1572 Ubuntu 14.04 LTS Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges. Update Instructions: Run `sudo pro fix USN-2508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.7 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.7 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.7 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.7 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.7 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.7 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.7 No subscription required Medium CVE-2015-0240 Ubuntu 14.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package. Update Instructions: Run `sudo pro fix USN-2509-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20141019ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1423904 Ubuntu 14.04 LTS Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-2510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.4 libfreetype6-udeb - 2.5.2-1ubuntu2.4 freetype2-demos - 2.5.2-1ubuntu2.4 libfreetype6 - 2.5.2-1ubuntu2.4 No subscription required Medium CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 Ubuntu 14.04 LTS A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) A flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683) Update Instructions: Run `sudo pro fix USN-2516-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-46-generic - 3.13.0-46.75 linux-image-3.13.0-46-generic-lpae - 3.13.0-46.75 linux-image-3.13.0-46-generic - 3.13.0-46.75 linux-image-3.13.0-46-powerpc-e500mc - 3.13.0-46.75 linux-image-3.13.0-46-powerpc-smp - 3.13.0-46.75 linux-image-3.13.0-46-powerpc64-emb - 3.13.0-46.75 linux-image-3.13.0-46-powerpc-e500 - 3.13.0-46.75 linux-image-3.13.0-46-powerpc64-smp - 3.13.0-46.75 linux-image-3.13.0-46-lowlatency - 3.13.0-46.75 No subscription required High CVE-2014-8133 CVE-2014-8160 CVE-2014-8559 CVE-2014-8989 CVE-2014-9419 CVE-2014-9420 CVE-2014-9428 CVE-2014-9529 CVE-2014-9584 CVE-2014-9585 CVE-2014-9683 CVE-2015-0239 Ubuntu 14.04 LTS USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) A flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683) Update Instructions: Run `sudo pro fix USN-2516-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-46-generic - 3.13.0-46.76 linux-image-3.13.0-46-generic-lpae - 3.13.0-46.76 linux-image-3.13.0-46-generic - 3.13.0-46.76 linux-image-3.13.0-46-powerpc-e500mc - 3.13.0-46.76 linux-image-3.13.0-46-powerpc-smp - 3.13.0-46.76 linux-image-3.13.0-46-powerpc64-emb - 3.13.0-46.76 linux-image-3.13.0-46-powerpc-e500 - 3.13.0-46.76 linux-image-3.13.0-46-powerpc64-smp - 3.13.0-46.76 linux-image-3.13.0-46-lowlatency - 3.13.0-46.76 No subscription required None https://launchpad.net/bugs/1426043 Ubuntu 14.04 LTS USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) A flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683) Update Instructions: Run `sudo pro fix USN-2516-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-46-generic - 3.13.0-46.77 linux-image-3.13.0-46-generic-lpae - 3.13.0-46.77 linux-image-3.13.0-46-generic - 3.13.0-46.77 linux-image-3.13.0-46-powerpc-e500mc - 3.13.0-46.77 linux-image-3.13.0-46-powerpc-smp - 3.13.0-46.77 linux-image-3.13.0-46-powerpc64-emb - 3.13.0-46.77 linux-image-3.13.0-46-powerpc-e500 - 3.13.0-46.77 linux-image-3.13.0-46-powerpc64-smp - 3.13.0-46.77 linux-image-3.13.0-46-lowlatency - 3.13.0-46.77 No subscription required None https://launchpad.net/bugs/1427292 Ubuntu 14.04 LTS A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) A flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to verify symlink size info. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9728) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not valid inode size information . A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9729) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not correctly verify the component length for symlinks. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9730) Carl H Lunde discovered an information leak in the UDF file system (CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to read potential sensitve kernel memory. (CVE-2014-9731) Update Instructions: Run `sudo pro fix USN-2517-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-31-powerpc64-smp - 3.16.0-31.41~14.04.1 linux-image-extra-3.16.0-31-generic - 3.16.0-31.41~14.04.1 linux-image-3.16.0-31-generic - 3.16.0-31.41~14.04.1 linux-image-3.16.0-31-powerpc-smp - 3.16.0-31.41~14.04.1 linux-image-3.16.0-31-powerpc64-emb - 3.16.0-31.41~14.04.1 linux-image-3.16.0-31-generic-lpae - 3.16.0-31.41~14.04.1 linux-image-3.16.0-31-lowlatency - 3.16.0-31.41~14.04.1 linux-image-3.16.0-31-powerpc-e500mc - 3.16.0-31.41~14.04.1 No subscription required High CVE-2014-8133 CVE-2014-8160 CVE-2014-8559 CVE-2014-8989 CVE-2014-9419 CVE-2014-9420 CVE-2014-9428 CVE-2014-9529 CVE-2014-9584 CVE-2014-9585 CVE-2014-9683 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0239 Ubuntu 14.04 LTS Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423) It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. (CVE-2014-9402) Joseph Myers discovered that the GNU C Library wscanf function incorrectly handled memory. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473) Update Instructions: Run `sudo pro fix USN-2519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.6 libnss-dns-udeb - 2.19-0ubuntu6.6 libc6-ppc64 - 2.19-0ubuntu6.6 libc-bin - 2.19-0ubuntu6.6 libc6-x32 - 2.19-0ubuntu6.6 libc6-armel - 2.19-0ubuntu6.6 eglibc-source - 2.19-0ubuntu6.6 libc6-pic - 2.19-0ubuntu6.6 libc6-dev-ppc64 - 2.19-0ubuntu6.6 libc6-dev-armel - 2.19-0ubuntu6.6 libnss-files-udeb - 2.19-0ubuntu6.6 glibc-doc - 2.19-0ubuntu6.6 nscd - 2.19-0ubuntu6.6 multiarch-support - 2.19-0ubuntu6.6 libc6-dev - 2.19-0ubuntu6.6 libc6-amd64 - 2.19-0ubuntu6.6 libc6-dev-amd64 - 2.19-0ubuntu6.6 libc6 - 2.19-0ubuntu6.6 libc6-dev-x32 - 2.19-0ubuntu6.6 libc6-udeb - 2.19-0ubuntu6.6 libc6-dev-i386 - 2.19-0ubuntu6.6 libc-dev-bin - 2.19-0ubuntu6.6 libc6-prof - 2.19-0ubuntu6.6 No subscription required Medium CVE-2013-7423 CVE-2014-9402 CVE-2015-1472 CVE-2015-1473 Ubuntu 14.04 LTS Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2520-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.5 libcups2-dev - 1.7.2-0ubuntu1.5 cups-bsd - 1.7.2-0ubuntu1.5 libcupsmime1 - 1.7.2-0ubuntu1.5 cups-common - 1.7.2-0ubuntu1.5 cups-core-drivers - 1.7.2-0ubuntu1.5 cups-server-common - 1.7.2-0ubuntu1.5 libcupsimage2 - 1.7.2-0ubuntu1.5 cups-client - 1.7.2-0ubuntu1.5 libcupscgi1-dev - 1.7.2-0ubuntu1.5 libcups2 - 1.7.2-0ubuntu1.5 libcupsmime1-dev - 1.7.2-0ubuntu1.5 cups-ppdc - 1.7.2-0ubuntu1.5 libcupsppdc1 - 1.7.2-0ubuntu1.5 cups - 1.7.2-0ubuntu1.5 libcupsppdc1-dev - 1.7.2-0ubuntu1.5 libcupsimage2-dev - 1.7.2-0ubuntu1.5 cups-daemon - 1.7.2-0ubuntu1.5 No subscription required Medium CVE-2014-9679 Ubuntu 14.04 LTS Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1216) Multiple type confusion bugs were discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1217, CVE-2015-1230) Multiple use-after-free bugs were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1218, CVE-2015-1223) An integer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1219) A use-after-free was discovered in the GIF image decoder in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1220) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1221) Multiple use-after-free bugs were discovered in the service worker implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1222) An out-of-bounds read was discovered in the VPX decoder implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1224) It was discovered that Blink did not initialize memory for image drawing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to read uninitialized memory. (CVE-2015-1227) It was discovered that Blink did not initialize memory for a data structure in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1228) It was discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2015-1229) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1231) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-2238) Update Instructions: Run `sudo pro fix USN-2521-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.5.5-0ubuntu0.14.04.3 liboxideqt-qmlplugin - 1.5.5-0ubuntu0.14.04.3 oxideqt-chromedriver - 1.5.5-0ubuntu0.14.04.3 oxideqt-codecs-extra - 1.5.5-0ubuntu0.14.04.3 oxideqmlscene - 1.5.5-0ubuntu0.14.04.3 oxideqt-codecs - 1.5.5-0ubuntu0.14.04.3 liboxideqtquick0 - 1.5.5-0ubuntu0.14.04.3 No subscription required Medium CVE-2015-1213 CVE-2015-1214 CVE-2015-1215 CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220 CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230 CVE-2015-1231 CVE-2015-2238 Ubuntu 14.04 LTS It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419) It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591) It was discovered that ICU incorrectly handled memory operations when processing regular expressions. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7923, CVE-2014-7926, CVE-2014-9654) It was discovered that ICU collator implementation incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7940) Update Instructions: Run `sudo pro fix USN-2522-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.2 libicu52 - 52.1-3ubuntu0.2 libicu-dev - 52.1-3ubuntu0.2 icu-doc - 52.1-3ubuntu0.2 No subscription required Medium CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-7940 CVE-2014-9654 Ubuntu 14.04 LTS Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. (CVE-2013-5704) Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581) Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly handled long response headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2014-3583) It was discovered that the mod_lua module incorrectly handled different arguments within different contexts. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.10. (CVE-2014-8109) Guido Vranken discovered that the mod_lua module incorrectly handled a specially crafted websocket PING in certain circumstances. A remote attacker could possibly use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2015-0228) Update Instructions: Run `sudo pro fix USN-2523-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.4 libapache2-mod-macro - 1:2.4.7-1ubuntu4.4 No subscription required apache2-data - 2.4.7-1ubuntu4.4 apache2.2-bin - 2.4.7-1ubuntu4.4 apache2-utils - 2.4.7-1ubuntu4.4 apache2-dev - 2.4.7-1ubuntu4.4 apache2-mpm-worker - 2.4.7-1ubuntu4.4 apache2-suexec-custom - 2.4.7-1ubuntu4.4 apache2-suexec - 2.4.7-1ubuntu4.4 apache2 - 2.4.7-1ubuntu4.4 apache2-suexec-pristine - 2.4.7-1ubuntu4.4 apache2-doc - 2.4.7-1ubuntu4.4 apache2-mpm-prefork - 2.4.7-1ubuntu4.4 apache2-mpm-itk - 2.4.7-1ubuntu4.4 apache2-mpm-event - 2.4.7-1ubuntu4.4 apache2-bin - 2.4.7-1ubuntu4.4 No subscription required Medium CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 Ubuntu 14.04 LTS Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files. Update Instructions: Run `sudo pro fix USN-2524-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ecryptfs-utils - 104-0ubuntu1.14.04.3 python-ecryptfs - 104-0ubuntu1.14.04.3 libecryptfs0 - 104-0ubuntu1.14.04.3 libecryptfs-dev - 104-0ubuntu1.14.04.3 No subscription required Medium CVE-2014-9687 Ubuntu 14.04 LTS It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-46-generic - 3.13.0-46.79 linux-image-3.13.0-46-generic-lpae - 3.13.0-46.79 linux-image-3.13.0-46-generic - 3.13.0-46.79 linux-image-3.13.0-46-powerpc-e500mc - 3.13.0-46.79 linux-image-3.13.0-46-powerpc-smp - 3.13.0-46.79 linux-image-3.13.0-46-powerpc64-emb - 3.13.0-46.79 linux-image-3.13.0-46-powerpc-e500 - 3.13.0-46.79 linux-image-3.13.0-46-powerpc64-smp - 3.13.0-46.79 linux-image-3.13.0-46-lowlatency - 3.13.0-46.79 No subscription required High CVE-2014-8159 Ubuntu 14.04 LTS It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2529-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-31-powerpc64-smp - 3.16.0-31.43~14.04.1 linux-image-extra-3.16.0-31-generic - 3.16.0-31.43~14.04.1 linux-image-3.16.0-31-generic - 3.16.0-31.43~14.04.1 linux-image-3.16.0-31-powerpc-smp - 3.16.0-31.43~14.04.1 linux-image-3.16.0-31-powerpc64-emb - 3.16.0-31.43~14.04.1 linux-image-3.16.0-31-generic-lpae - 3.16.0-31.43~14.04.1 linux-image-3.16.0-31-lowlatency - 3.16.0-31.43~14.04.1 linux-image-3.16.0-31-powerpc-e500mc - 3.16.0-31.43~14.04.1 No subscription required High CVE-2014-8159 Ubuntu 14.04 LTS Matthew Daley discovered that Requests incorrectly handled cookies without host values when being redirected. A remote attacker could possibly use this issue to perform session fixation or cookie stealing attacks. Update Instructions: Run `sudo pro fix USN-2531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-requests - 2.2.1-1ubuntu0.2 python-requests - 2.2.1-1ubuntu0.2 No subscription required Medium CVE-2015-2296 Ubuntu 14.04 LTS It was discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-2532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.0.52-0ubuntu1.4 libfontembed1 - 1.0.52-0ubuntu1.4 libcupsfilters-dev - 1.0.52-0ubuntu1.4 cups-filters - 1.0.52-0ubuntu1.4 cups-browsed - 1.0.52-0ubuntu1.4 cups-filters-core-drivers - 1.0.52-0ubuntu1.4 libcupsfilters1 - 1.0.52-0ubuntu1.4 No subscription required Medium CVE-2015-2265 Ubuntu 14.04 LTS Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions. Update Instructions: Run `sudo pro fix USN-2533-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.1 sudo - 1.8.9p5-1ubuntu1.1 No subscription required Medium CVE-2014-9680 Ubuntu 14.04 LTS Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9705) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0273) It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2301) Update Instructions: Run `sudo pro fix USN-2535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.7 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.7 php5-curl - 5.5.9+dfsg-1ubuntu4.7 php5-intl - 5.5.9+dfsg-1ubuntu4.7 php5-snmp - 5.5.9+dfsg-1ubuntu4.7 php5-mysql - 5.5.9+dfsg-1ubuntu4.7 php5-odbc - 5.5.9+dfsg-1ubuntu4.7 php5-xsl - 5.5.9+dfsg-1ubuntu4.7 php5-gd - 5.5.9+dfsg-1ubuntu4.7 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.7 php5-tidy - 5.5.9+dfsg-1ubuntu4.7 php5-dev - 5.5.9+dfsg-1ubuntu4.7 php5-pgsql - 5.5.9+dfsg-1ubuntu4.7 php5-enchant - 5.5.9+dfsg-1ubuntu4.7 php5-readline - 5.5.9+dfsg-1ubuntu4.7 php5-gmp - 5.5.9+dfsg-1ubuntu4.7 php5-fpm - 5.5.9+dfsg-1ubuntu4.7 php5-cgi - 5.5.9+dfsg-1ubuntu4.7 php5-sqlite - 5.5.9+dfsg-1ubuntu4.7 php5-ldap - 5.5.9+dfsg-1ubuntu4.7 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.7 php5 - 5.5.9+dfsg-1ubuntu4.7 php5-cli - 5.5.9+dfsg-1ubuntu4.7 php-pear - 5.5.9+dfsg-1ubuntu4.7 php5-sybase - 5.5.9+dfsg-1ubuntu4.7 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.7 php5-pspell - 5.5.9+dfsg-1ubuntu4.7 php5-common - 5.5.9+dfsg-1ubuntu4.7 libphp5-embed - 5.5.9+dfsg-1ubuntu4.7 No subscription required Medium CVE-2014-8117 CVE-2014-9705 CVE-2015-0273 CVE-2015-2301 Ubuntu 14.04 LTS Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Update Instructions: Run `sudo pro fix USN-2536-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfont1 - 1:1.4.7-1ubuntu0.2 libxfont1-udeb - 1:1.4.7-1ubuntu0.2 libxfont-dev - 1:1.4.7-1ubuntu0.2 No subscription required Medium CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 Ubuntu 14.04 LTS It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0209) Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-0286) Emilia Käsper discovered that OpenSSL incorrectly handled ASN.1 structure reuse. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0287) Brian Carpenter discovered that OpenSSL incorrectly handled invalid certificate keys. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-0288) Michal Zalewski discovered that OpenSSL incorrectly handled missing outer ContentInfo when parsing PKCS#7 structures. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0289) Robert Dugal and David Ramos discovered that OpenSSL incorrectly handled decoding Base64 encoded data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0292) Sean Burford and Emilia Käsper discovered that OpenSSL incorrectly handled specially crafted SSLv2 CLIENT-MASTER-KEY messages. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-0293) Update Instructions: Run `sudo pro fix USN-2537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.11 libssl-dev - 1.0.1f-1ubuntu2.11 openssl - 1.0.1f-1ubuntu2.11 libssl-doc - 1.0.1f-1ubuntu2.11 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.11 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.11 No subscription required Medium CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Ubuntu 14.04 LTS A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817) Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818) Update Instructions: Run `sudo pro fix USN-2538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-nn - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-nb - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fa - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fi - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fr - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fy - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-or - 36.0.4+build1-0ubuntu0.14.04.1 firefox-testsuite - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-oc - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-cs - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ga - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gd - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gl - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gu - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-pa - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-pl - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-cy - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-pt - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hi - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ms - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-he - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hy - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hr - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hu - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-it - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-as - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ar - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-az - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-id - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mai - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-af - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-is - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-vi - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-an - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-bs - 36.0.4+build1-0ubuntu0.14.04.1 firefox - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ro - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ja - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ru - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-br - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-bn - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-be - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-bg - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sl - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sk - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-si - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sw - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sv - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sr - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sq - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ko - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-kn - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-km - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-kk - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ka - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-xh - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ca - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ku - 36.0.4+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-lv - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-lt - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-th - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 36.0.4+build1-0ubuntu0.14.04.1 firefox-dev - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-te - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ta - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-lg - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-tr - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-nso - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-de - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-da - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-uk - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mr - 36.0.4+build1-0ubuntu0.14.04.1 firefox-globalmenu - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-uz - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ml - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mn - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mk - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-eu - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-et - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-es - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-csb - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-el - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-eo - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-en - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-zu - 36.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ast - 36.0.4+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-0817 CVE-2015-0818 Ubuntu 14.04 LTS Andrey Babak discovered that Django incorrectly handled strip_tags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2316) Daniel Chatfield discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2015-2317) Update Instructions: Run `sudo pro fix USN-2539-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.8 python-django - 1.6.1-2ubuntu0.8 No subscription required Medium CVE-2015-2316 CVE-2015-2317 Ubuntu 14.04 LTS It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. (CVE-2014-8155) Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0282) It was discovered that GnuTLS incorrectly verified certificate algorithms. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm. (CVE-2015-0294) Update Instructions: Run `sudo pro fix USN-2540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.2 gnutls26-doc - 2.12.23-12ubuntu2.2 libgnutls26 - 2.12.23-12ubuntu2.2 libgnutls-dev - 2.12.23-12ubuntu2.2 libgnutls-openssl27 - 2.12.23-12ubuntu2.2 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.2 No subscription required Medium CVE-2014-8155 CVE-2015-0282 CVE-2015-0294 Ubuntu 14.04 LTS Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. (CVE-2015-0274) A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-7822) A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to verify symlink size info. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9728) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not valid inode size information . A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9729) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not correctly verify the component length for symlinks. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9730) Carl H Lunde discovered an information leak in the UDF file system (CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to read potential sensitve kernel memory. (CVE-2014-9731) Update Instructions: Run `sudo pro fix USN-2544-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-48-generic - 3.13.0-48.80 linux-image-3.13.0-48-powerpc-smp - 3.13.0-48.80 linux-image-3.13.0-48-powerpc-e500mc - 3.13.0-48.80 linux-image-3.13.0-48-generic-lpae - 3.13.0-48.80 linux-image-3.13.0-48-powerpc-e500 - 3.13.0-48.80 linux-image-3.13.0-48-generic - 3.13.0-48.80 linux-image-3.13.0-48-powerpc64-smp - 3.13.0-48.80 linux-image-3.13.0-48-lowlatency - 3.13.0-48.80 linux-image-3.13.0-48-powerpc64-emb - 3.13.0-48.80 No subscription required High CVE-2013-7421 CVE-2014-7822 CVE-2014-9644 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0274 Ubuntu 14.04 LTS A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644) Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). (CVE-2015-1465) Update Instructions: Run `sudo pro fix USN-2545-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-33-powerpc-e500mc - 3.16.0-33.44~14.04.1 linux-image-3.16.0-33-powerpc-smp - 3.16.0-33.44~14.04.1 linux-image-3.16.0-33-powerpc64-emb - 3.16.0-33.44~14.04.1 linux-image-3.16.0-33-powerpc64-smp - 3.16.0-33.44~14.04.1 linux-image-3.16.0-33-lowlatency - 3.16.0-33.44~14.04.1 linux-image-3.16.0-33-generic - 3.16.0-33.44~14.04.1 linux-image-extra-3.16.0-33-generic - 3.16.0-33.44~14.04.1 linux-image-3.16.0-33-generic-lpae - 3.16.0-33.44~14.04.1 No subscription required Medium CVE-2013-7421 CVE-2014-9644 CVE-2015-1421 CVE-2015-1465 Ubuntu 14.04 LTS It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a machine-in-the-middle could possibly use this issue to force the use of insecure ciphersuites. (CVE-2015-2319) It was discovered that the Mono TLS implementation still supported a fallback to SSLv2. This update removes the functionality as use of SSLv2 is known to be insecure. (CVE-2015-2320) It was discovered that Mono incorrectly handled memory in certain circumstances. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service, or to obtain sensitive information. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-0992) It was discovered that Mono incorrectly handled hash collisions. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS. (CVE-2012-3543) Update Instructions: Run `sudo pro fix USN-2547-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmono-system-reactive-observable-aliases0.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-tasklets2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-ldap4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-interfaces2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-json4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-windows-forms-datavisualization4.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-windows-forms4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-cairo4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-dmcs - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-csharp4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-rabbitmq2.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-2.0-gac - 3.2.8+dfsg-4ubuntu1.1 libmono-corlib4.5-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-json-microsoft4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-sharpzip4.84-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-xbuild-tasks4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-http4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-management4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmonosgen-2.0-1 - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-ldap2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-posix4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-compilerservices-symbolwriter4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-simd2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-http-selfhost4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-servicemodel4.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-wcf3.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-data-tds2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-webpages-deployment2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-windowsbase4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-webbrowser4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-messaging2.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-runtime-common - 3.2.8+dfsg-4ubuntu1.1 libmono-system-servicemodel-web4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-2.0-1 - 3.2.8+dfsg-4ubuntu1.1 libmono-oracle4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-build2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-management4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-ldap2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-build4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmonosgen-2.0-dev - 3.2.8+dfsg-4ubuntu1.1 libmono-system-design4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-sqlite2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-io-compression4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-opensystem-c4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-c5-1.1-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-xml4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-npgsql2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-sharpzip2.6-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-componentmodel-dataannotations4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-rabbitmq4.0-cil - 3.2.8+dfsg-4ubuntu1.1 monodoc-manual - 3.2.8+dfsg-4ubuntu1.1 libmono-system-net2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-relaxng2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-net-http-webrequest4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft8.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-runtime-serialization4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data-services2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-cil-dev - 3.2.8+dfsg-4ubuntu1.1 libmono-cscompmgd8.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-xml-serialization4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-dynamic4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-xml-linq4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-platformservices2.2-cil - 3.2.8+dfsg-4ubuntu1.1 mono-runtime - 3.2.8+dfsg-4ubuntu1.1 mono-4.0-gac - 3.2.8+dfsg-4ubuntu1.1 mono-mcs - 3.2.8+dfsg-4ubuntu1.1 libmono-windowsbase3.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-security4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-linq2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-windows-forms2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-oracle2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-extensions-design4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-gmcs - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n-mideast4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n4.0-all - 3.2.8+dfsg-4ubuntu1.1 libmonoboehm-2.0-dev - 3.2.8+dfsg-4ubuntu1.1 libmono-sqlite4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-messaging4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-debugger-soft2.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-accessibility4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-simd4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-mvc3.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-http-webhost4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-configuration4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-json2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-numerics4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data-services-client4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-enterpriseservices4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-runtime-serialization-formatters-soap4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-xbuild - 3.2.8+dfsg-4ubuntu1.1 libmono-profiler - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data-services4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-build-utilities-v4.0-4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-webpages-razor2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-drawing-design4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-abstractions4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-db2-1.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-services4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-core2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-servicemodel-routing4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-xaml4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-winforms2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-build-engine4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-visualc10.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-razor2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-transactions4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n-west4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-runtime2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-entityframework6.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-applicationservices4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-cecil-private-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-debugger-soft4.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-io-compression-filesystem4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-ldap4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-codecontracts4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-net4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-net-http-formatting4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-identitymodel4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data-datasetextensions4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-csharp-shell - 3.2.8+dfsg-4ubuntu1.1 mono-runtime-sgen - 3.2.8+dfsg-4ubuntu1.1 libmono-sharpzip2.84-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-peapi2.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-entityframework-sqlserver6.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-providers2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-http4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-relaxng4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-configuration-install4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n-cjk4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-security2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-webbrowser2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-runtime-remoting2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n-west2.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-devel - 3.2.8+dfsg-4ubuntu1.1 libmono-system-servicemodel-activation4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-messaging2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-tasklets4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-runtime4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-messaging-rabbitmq2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-windows4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-security4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-serviceprocess4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-componentmodel-composition4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-cairo2.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-runtime-boehm - 3.2.8+dfsg-4ubuntu1.1 libmono-system-drawing4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-windows-threading2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-ldap-protocols4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-accessibility2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-xbuild-tasks2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-build-tasks-v4.0-4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-mvc1.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-runtime-caching4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-experimental2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data-linq2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-webpages2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-mvc2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-build-framework4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-routing4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n-rare4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-runtime-durableinstancing4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-servicemodel-discovery4.0-cil - 3.2.8+dfsg-4ubuntu1.1 monodoc-base - 3.2.8+dfsg-4ubuntu1.1 libmonoboehm-2.0-1 - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-extensions4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-npgsql4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-messaging4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-corlib4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-webmatrix-data4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-microsoft-web-infrastructure1.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-i18n-other4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-reactive-debugger2.2-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-peapi4.0a-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-corlib2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-posix2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-net-http4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-complete - 3.2.8+dfsg-4ubuntu1.1 libmono-system-web-dynamicdata4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-custommarshalers4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-csharp4.0c-cil - 3.2.8+dfsg-4ubuntu1.1 mono-gac - 3.2.8+dfsg-4ubuntu1.1 libmono-2.0-dev - 3.2.8+dfsg-4ubuntu1.1 libmono-system-threading-tasks-dataflow4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-parallel4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-jay - 3.2.8+dfsg-4ubuntu1.1 libmono-system-data-linq4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-messaging-rabbitmq4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-2.0-service - 3.2.8+dfsg-4ubuntu1.1 libmono-data-tds4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-utils - 3.2.8+dfsg-4ubuntu1.1 libmono-management2.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-system-identitymodel-selectors4.0-cil - 3.2.8+dfsg-4ubuntu1.1 libmono-web4.0-cil - 3.2.8+dfsg-4ubuntu1.1 mono-4.0-service - 3.2.8+dfsg-4ubuntu1.1 libmono-system-core4.0-cil - 3.2.8+dfsg-4ubuntu1.1 No subscription required Medium CVE-2011-0992 CVE-2012-3543 CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Ubuntu 14.04 LTS Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption. Update Instructions: Run `sudo pro fix USN-2548-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbatik-java - 1.7.ubuntu-8ubuntu2.14.04.1 No subscription required Medium CVE-2015-0250 Ubuntu 14.04 LTS It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. (CVE-2015-2304) Fabian Yamaguchi discovered that libarchive incorrectly handled certain type conversions. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-0211) Update Instructions: Run `sudo pro fix USN-2549-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.1 libarchive13 - 3.1.2-7ubuntu2.1 bsdtar - 3.1.2-7ubuntu2.1 libarchive-dev - 3.1.2-7ubuntu2.1 No subscription required Medium CVE-2013-0211 CVE-2015-2304 Ubuntu 14.04 LTS Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0802) Several type confusion issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0803, CVE-2015-0804) Abhishek Arya discovered memory corruption issues during 2D graphics rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806) Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807) Mitchell Harper discovered an issue with memory management of simple-type arrays in WebRTC. An attacker could potentially exploit this to cause undefined behaviour. (CVE-2015-0808) Felix Gröbert discovered an out-of-bounds read in the QCMS colour management library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0811) Armin Razmdjou discovered that lightweight themes could be installed in Firefox without a user approval message, from Mozilla subdomains over HTTP without SSL. A remote attacker could potentially exploit this by conducting a Machine-In-The-Middle (MITM) attack to install themes without user approval. (CVE-2015-0812) Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0813) Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0814, CVE-2015-0815) Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816) Update Instructions: Run `sudo pro fix USN-2550-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 37.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 37.0+build2-0ubuntu0.14.04.1 firefox - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 37.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 37.0+build2-0ubuntu0.14.04.1 firefox-dev - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 37.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 37.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 37.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 Ubuntu 14.04 LTS David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks. Update Instructions: Run `sudo pro fix USN-2551-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjakarta-taglibs-standard-java - 1.1.2-2ubuntu1.14.04.1 libjstl1.1-java - 1.1.2-2ubuntu1.14.04.1 No subscription required Medium CVE-2015-0254 Ubuntu 14.04 LTS Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807) Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0813) Christian Holler, Steve Fink, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0815) Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816) Update Instructions: Run `sudo pro fix USN-2552-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.6.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.6.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.6.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 Ubuntu 14.04 LTS William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330) Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-9655) Update Instructions: Run `sudo pro fix USN-2553-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.2 libtiffxx5 - 4.0.3-7ubuntu0.2 libtiff5-dev - 4.0.3-7ubuntu0.2 libtiff4-dev - 4.0.3-7ubuntu0.2 libtiff5-alt-dev - 4.0.3-7ubuntu0.2 libtiff5 - 4.0.3-7ubuntu0.2 libtiff-tools - 4.0.3-7ubuntu0.2 libtiff-doc - 4.0.3-7ubuntu0.2 No subscription required Medium CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 Ubuntu 14.04 LTS USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330) Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-9655) Update Instructions: Run `sudo pro fix USN-2553-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.3 libtiffxx5 - 4.0.3-7ubuntu0.3 libtiff5-dev - 4.0.3-7ubuntu0.3 libtiff4-dev - 4.0.3-7ubuntu0.3 libtiff5-alt-dev - 4.0.3-7ubuntu0.3 libtiff5 - 4.0.3-7ubuntu0.3 libtiff-tools - 4.0.3-7ubuntu0.3 libtiff-doc - 4.0.3-7ubuntu0.3 No subscription required None https://launchpad.net/bugs/1439186 Ubuntu 14.04 LTS Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2015-0837) Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1606, CVE-2015-1607) In addition, this update improves GnuPG security by validating that the keys returned by keyservers match those requested. Update Instructions: Run `sudo pro fix USN-2554-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-udeb - 1.4.16-1ubuntu2.3 gpgv - 1.4.16-1ubuntu2.3 gpgv-udeb - 1.4.16-1ubuntu2.3 gnupg - 1.4.16-1ubuntu2.3 gnupg-curl - 1.4.16-1ubuntu2.3 No subscription required scdaemon - 2.0.22-3ubuntu1.3 gpgsm - 2.0.22-3ubuntu1.3 gnupg-agent - 2.0.22-3ubuntu1.3 gnupg2 - 2.0.22-3ubuntu1.3 gpgv2 - 2.0.22-3ubuntu1.3 No subscription required Medium CVE-2014-3591 CVE-2014-5270 CVE-2015-0837 CVE-2015-1606 CVE-2015-1607 Ubuntu 14.04 LTS Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2015-0837) Update Instructions: Run `sudo pro fix USN-2555-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.2 libgcrypt11-udeb - 1.5.3-2ubuntu4.2 libgcrypt11-dev - 1.5.3-2ubuntu4.2 libgcrypt11 - 1.5.3-2ubuntu4.2 No subscription required Low CVE-2014-3591 CVE-2015-0837 Ubuntu 14.04 LTS It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1233) A buffer overflow was discovered in the GPU service. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-1234) It was discovered that Oxide did not correctly manage the lifetime of BrowserContext, resulting in a potential use-after-free in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1317) Update Instructions: Run `sudo pro fix USN-2556-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.5.6-0ubuntu0.14.04.2 liboxideqt-qmlplugin - 1.5.6-0ubuntu0.14.04.2 oxideqt-chromedriver - 1.5.6-0ubuntu0.14.04.2 oxideqt-codecs-extra - 1.5.6-0ubuntu0.14.04.2 oxideqmlscene - 1.5.6-0ubuntu0.14.04.2 oxideqt-codecs - 1.5.6-0ubuntu0.14.04.2 liboxideqtquick0 - 1.5.6-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-1233 CVE-2015-1234 CVE-2015-1317 https://launchpad.net/bugs/1431484 Ubuntu 14.04 LTS Muneaki Nishimura discovered a flaw in Mozilla's HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a machine-in-the-middle attack. (CVE-2015-0799) Update Instructions: Run `sudo pro fix USN-2557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 37.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 37.0.1+build1-0ubuntu0.14.04.1 firefox - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 37.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 37.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 37.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uz - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 37.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 37.0.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-0799 Ubuntu 14.04 LTS It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user. Update Instructions: Run `sudo pro fix USN-2558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.16-2ubuntu0.1 No subscription required Medium CVE-2015-2775 Ubuntu 14.04 LTS Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 3.4-3ubuntu0.2 libtasn1-3-bin - 3.4-3ubuntu0.2 libtasn1-bin - 3.4-3ubuntu0.2 libtasn1-3-dev - 3.4-3ubuntu0.2 libtasn1-6 - 3.4-3ubuntu0.2 No subscription required Medium CVE-2015-2806 Ubuntu 14.04 LTS Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker on the same subnet can exploit this flaw to cause a denial of service (system crash). (CVE-2015-1465) An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2041) An information leak was discovered in how the Linux kernel handles setting the Reliable Datagram Sockets (RDS) settings. A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2042) Update Instructions: Run `sudo pro fix USN-2563-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-49-powerpc-e500mc - 3.13.0-49.81 linux-image-3.13.0-49-powerpc-e500 - 3.13.0-49.81 linux-image-3.13.0-49-powerpc-smp - 3.13.0-49.81 linux-image-3.13.0-49-powerpc64-smp - 3.13.0-49.81 linux-image-extra-3.13.0-49-generic - 3.13.0-49.81 linux-image-3.13.0-49-powerpc64-emb - 3.13.0-49.81 linux-image-3.13.0-49-lowlatency - 3.13.0-49.81 linux-image-3.13.0-49-generic - 3.13.0-49.81 linux-image-3.13.0-49-generic-lpae - 3.13.0-49.81 No subscription required Medium CVE-2015-1421 CVE-2015-1465 CVE-2015-1593 CVE-2015-2041 CVE-2015-2042 Ubuntu 14.04 LTS An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2041) An information leak was discovered in how the Linux kernel handles setting the Reliable Datagram Sockets (RDS) settings. A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2042) A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). (CVE-2015-4036) Update Instructions: Run `sudo pro fix USN-2564-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-34-generic-lpae - 3.16.0-34.45~14.04.1 linux-image-extra-3.16.0-34-generic - 3.16.0-34.45~14.04.1 linux-image-3.16.0-34-lowlatency - 3.16.0-34.45~14.04.1 linux-image-3.16.0-34-generic - 3.16.0-34.45~14.04.1 linux-image-3.16.0-34-powerpc64-emb - 3.16.0-34.45~14.04.1 linux-image-3.16.0-34-powerpc-smp - 3.16.0-34.45~14.04.1 linux-image-3.16.0-34-powerpc64-smp - 3.16.0-34.45~14.04.1 linux-image-3.16.0-34-powerpc-e500mc - 3.16.0-34.45~14.04.1 No subscription required Medium CVE-2015-1593 CVE-2015-2041 CVE-2015-2042 CVE-2015-4036 Ubuntu 14.04 LTS Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks. Update Instructions: Run `sudo pro fix USN-2566-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.17.5ubuntu5.4 dselect - 1.17.5ubuntu5.4 libdpkg-dev - 1.17.5ubuntu5.4 dpkg - 1.17.5ubuntu5.4 libdpkg-perl - 1.17.5ubuntu5.4 No subscription required Medium CVE-2015-0840 Ubuntu 14.04 LTS Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798) Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-1799) Juergen Perlinger discovered that NTP incorrectly generated MD5 keys on big-endian platforms. This issue could either cause ntp-keygen to hang, or could result in non-random keys. (CVE number pending) Update Instructions: Run `sudo pro fix USN-2567-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 No subscription required Medium CVE-2015-1798 CVE-2015-1799 Ubuntu 14.04 LTS Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other packages have also been rebuilt as security updates including libxrender, libxext, libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and xserver-xorg-video-vmware. Update Instructions: Run `sudo pro fix USN-2568-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxrender-dev - 1:0.9.8-1build0.14.04.1 libxrender1-udeb - 1:0.9.8-1build0.14.04.1 libxrender1 - 1:0.9.8-1build0.14.04.1 No subscription required Medium CVE-2013-7439 Ubuntu 14.04 LTS Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges. Update Instructions: Run `sudo pro fix USN-2569-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.9 python3-problem-report - 2.14.1-0ubuntu3.9 apport-kde - 2.14.1-0ubuntu3.9 apport-retrace - 2.14.1-0ubuntu3.9 apport-valgrind - 2.14.1-0ubuntu3.9 python3-apport - 2.14.1-0ubuntu3.9 dh-apport - 2.14.1-0ubuntu3.9 apport-gtk - 2.14.1-0ubuntu3.9 apport - 2.14.1-0ubuntu3.9 python-problem-report - 2.14.1-0ubuntu3.9 apport-noui - 2.14.1-0ubuntu3.9 No subscription required High CVE-2015-1318 Ubuntu 14.04 LTS USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more complete solution is available. Original advisory details: Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges. Update Instructions: Run `sudo pro fix USN-2569-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.10 python3-problem-report - 2.14.1-0ubuntu3.10 apport-kde - 2.14.1-0ubuntu3.10 apport-retrace - 2.14.1-0ubuntu3.10 apport-valgrind - 2.14.1-0ubuntu3.10 python3-apport - 2.14.1-0ubuntu3.10 dh-apport - 2.14.1-0ubuntu3.10 apport-gtk - 2.14.1-0ubuntu3.10 apport - 2.14.1-0ubuntu3.10 python-problem-report - 2.14.1-0ubuntu3.10 apport-noui - 2.14.1-0ubuntu3.10 No subscription required None https://launchpad.net/bugs/1444518 Ubuntu 14.04 LTS An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1235) An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1236) A use-after-free was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1237) An out-of-bounds write was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1238) An out-of-bounds read was discovered in the WebGL implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1240) An issue was discovered with the interaction of page navigation and touch event handling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct "tap jacking" attacks. (CVE-2015-1241) A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1242) It was discovered that websocket connections were not upgraded whenever a HSTS policy is active. A remote attacker could potentially exploit this to conduct a machine-in-the-middle (MITM) attack. (CVE-2015-1244) An out-of-bounds read was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1246) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1249) A use-after-free was discovered in the file picker implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1321) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-3333) Update Instructions: Run `sudo pro fix USN-2570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.6.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.6.5-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.6.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.6.5-0ubuntu0.14.04.1 oxideqmlscene - 1.6.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.6.5-0ubuntu0.14.04.1 liboxideqtquick0 - 1.6.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1246 CVE-2015-1249 CVE-2015-1321 CVE-2015-3333 Ubuntu 14.04 LTS Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2706) Update Instructions: Run `sudo pro fix USN-2571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 37.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 37.0.2+build1-0ubuntu0.14.04.1 firefox - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 37.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 37.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 37.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 37.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 37.0.2+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2706 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330) It was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3329) It was discovered that PHP incorrectly handled regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2305) Paulos Yibelo discovered that PHP incorrectly handled moving files when a pathname contained a null character. A remote attacker could use this issue to possibly bypass filename restrictions. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348) It was discovered that PHP incorrectly handled unserializing PHAR files. A remote attacker could use this issue to cause PHP to possibly expose sensitive information. (CVE-2015-2783) Taoguang Chen discovered that PHP incorrectly handled unserializing certain objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2787) Update Instructions: Run `sudo pro fix USN-2572-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.9 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.9 php5-curl - 5.5.9+dfsg-1ubuntu4.9 php5-intl - 5.5.9+dfsg-1ubuntu4.9 php5-snmp - 5.5.9+dfsg-1ubuntu4.9 php5-mysql - 5.5.9+dfsg-1ubuntu4.9 php5-odbc - 5.5.9+dfsg-1ubuntu4.9 php5-xsl - 5.5.9+dfsg-1ubuntu4.9 php5-gd - 5.5.9+dfsg-1ubuntu4.9 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.9 php5-tidy - 5.5.9+dfsg-1ubuntu4.9 php5-dev - 5.5.9+dfsg-1ubuntu4.9 php5-pgsql - 5.5.9+dfsg-1ubuntu4.9 php5-enchant - 5.5.9+dfsg-1ubuntu4.9 php5-readline - 5.5.9+dfsg-1ubuntu4.9 php5-gmp - 5.5.9+dfsg-1ubuntu4.9 php5-fpm - 5.5.9+dfsg-1ubuntu4.9 php5-cgi - 5.5.9+dfsg-1ubuntu4.9 php5-sqlite - 5.5.9+dfsg-1ubuntu4.9 php5-ldap - 5.5.9+dfsg-1ubuntu4.9 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.9 php5 - 5.5.9+dfsg-1ubuntu4.9 php5-cli - 5.5.9+dfsg-1ubuntu4.9 php-pear - 5.5.9+dfsg-1ubuntu4.9 php5-sybase - 5.5.9+dfsg-1ubuntu4.9 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.9 php5-pspell - 5.5.9+dfsg-1ubuntu4.9 php5-common - 5.5.9+dfsg-1ubuntu4.9 libphp5-embed - 5.5.9+dfsg-1ubuntu4.9 No subscription required Medium CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3330 CVE-2015-3329 Ubuntu 14.04 LTS Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488) Update Instructions: Run `sudo pro fix USN-2574-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-source - 7u79-2.5.5-0ubuntu0.14.04.2 icedtea-7-jre-jamvm - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-jre-lib - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-jdk - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-jre-headless - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-jre - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-doc - 7u79-2.5.5-0ubuntu0.14.04.2 openjdk-7-demo - 7u79-2.5.5-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Update Instructions: Run `sudo pro fix USN-2575-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.43-0ubuntu0.14.04.1 mysql-client - 5.5.43-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.43-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.43-0ubuntu0.14.04.1 libmysqld-pic - 5.5.43-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.43-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.43-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.43-0ubuntu0.14.04.1 mysql-common - 5.5.43-0ubuntu0.14.04.1 mysql-server - 5.5.43-0ubuntu0.14.04.1 mysql-testsuite - 5.5.43-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.43-0ubuntu0.14.04.1 libmysqld-dev - 5.5.43-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.43-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 Ubuntu 14.04 LTS Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges. Update Instructions: Run `sudo pro fix USN-2576-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: usb-creator-gtk - 0.2.56.3ubuntu0.1 usb-creator-kde - 0.2.56.3ubuntu0.1 usb-creator-common - 0.2.56.3ubuntu0.1 No subscription required None https://launchpad.net/bugs/1447396 Ubuntu 14.04 LTS It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2577-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.2 No subscription required wpagui - 2.1-0ubuntu1.2 wpasupplicant-udeb - 2.1-0ubuntu1.2 wpasupplicant - 2.1-0ubuntu1.2 No subscription required Medium CVE-2015-1863 Ubuntu 14.04 LTS Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2014-9093) It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were tricked into opening a specially crafted HWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-1774) Update Instructions: Run `sudo pro fix USN-2578-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu2 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu2 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu2 libreoffice-impress - 1:4.2.8-0ubuntu2 libreoffice-officebean - 1:4.2.8-0ubuntu2 libreoffice-base - 1:4.2.8-0ubuntu2 libreoffice-librelogo - 1:4.2.8-0ubuntu2 libreoffice-java-common - 1:4.2.8-0ubuntu2 browser-plugin-libreoffice - 1:4.2.8-0ubuntu2 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu2 libreoffice-style-tango - 1:4.2.8-0ubuntu2 libreoffice-style-crystal - 1:4.2.8-0ubuntu2 libreoffice-kde - 1:4.2.8-0ubuntu2 libreoffice-l10n-ku - 1:4.2.8-0ubuntu2 libreoffice-style-galaxy - 1:4.2.8-0ubuntu2 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu2 libreoffice-core - 1:4.2.8-0ubuntu2 libreoffice-presenter-console - 1:4.2.8-0ubuntu2 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu2 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu2 libreoffice-script-provider-python - 1:4.2.8-0ubuntu2 libreoffice-common - 1:4.2.8-0ubuntu2 libreoffice-gnome - 1:4.2.8-0ubuntu2 libreoffice-dev - 1:4.2.8-0ubuntu2 libreoffice-gtk3 - 1:4.2.8-0ubuntu2 libreoffice-report-builder - 1:4.2.8-0ubuntu2 libreoffice-pdfimport - 1:4.2.8-0ubuntu2 libreoffice-base-core - 1:4.2.8-0ubuntu2 libreoffice-ogltrans - 1:4.2.8-0ubuntu2 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu2 libreoffice-gtk - 1:4.2.8-0ubuntu2 libreoffice-calc - 1:4.2.8-0ubuntu2 libreoffice-base-drivers - 1:4.2.8-0ubuntu2 libreoffice-style-oxygen - 1:4.2.8-0ubuntu2 libreoffice-emailmerge - 1:4.2.8-0ubuntu2 libreoffice-style-human - 1:4.2.8-0ubuntu2 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu2 python3-uno - 1:4.2.8-0ubuntu2 libreoffice-math - 1:4.2.8-0ubuntu2 libreoffice-writer - 1:4.2.8-0ubuntu2 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu2 libreoffice-script-provider-js - 1:4.2.8-0ubuntu2 libreoffice - 1:4.2.8-0ubuntu2 libreoffice-draw - 1:4.2.8-0ubuntu2 libreoffice-style-sifr - 1:4.2.8-0ubuntu2 libreoffice-dev-doc - 1:4.2.8-0ubuntu2 libreoffice-l10n-in - 1:4.2.8-0ubuntu2 libreoffice-l10n-za - 1:4.2.8-0ubuntu2 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu2 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu2 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu2 No subscription required uno-libs3 - 4.2.8-0ubuntu2 ure - 4.2.8-0ubuntu2 No subscription required Medium CVE-2014-9093 CVE-2015-1774 Ubuntu 14.04 LTS It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile. Update Instructions: Run `sudo pro fix USN-2580-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.5.1-2ubuntu1.2 No subscription required Medium CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 Ubuntu 14.04 LTS Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files. Update Instructions: Run `sudo pro fix USN-2581-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnm-glib-vpn-dev - 0.9.8.8-0ubuntu7.1 libnm-util2 - 0.9.8.8-0ubuntu7.1 network-manager-dev - 0.9.8.8-0ubuntu7.1 libnm-glib-dev - 0.9.8.8-0ubuntu7.1 gir1.2-networkmanager-1.0 - 0.9.8.8-0ubuntu7.1 network-manager - 0.9.8.8-0ubuntu7.1 libnm-glib4 - 0.9.8.8-0ubuntu7.1 libnm-glib-vpn1 - 0.9.8.8-0ubuntu7.1 libnm-util-dev - 0.9.8.8-0ubuntu7.1 No subscription required Medium CVE-2015-1322 Ubuntu 14.04 LTS A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1243) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1250) Update Instructions: Run `sudo pro fix USN-2582-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.6.6-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.6.6-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.6.6-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.6.6-0ubuntu0.14.04.1 oxideqmlscene - 1.6.6-0ubuntu0.14.04.1 oxideqt-codecs - 1.6.6-0ubuntu0.14.04.1 liboxideqtquick0 - 1.6.6-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-1243 CVE-2015-1250 Ubuntu 14.04 LTS A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). (CVE-2015-2922) Update Instructions: Run `sudo pro fix USN-2588-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-51-powerpc64-emb - 3.13.0-51.84 linux-image-3.13.0-51-powerpc64-smp - 3.13.0-51.84 linux-image-extra-3.13.0-51-generic - 3.13.0-51.84 linux-image-3.13.0-51-generic - 3.13.0-51.84 linux-image-3.13.0-51-powerpc-smp - 3.13.0-51.84 linux-image-3.13.0-51-powerpc-e500 - 3.13.0-51.84 linux-image-3.13.0-51-generic-lpae - 3.13.0-51.84 linux-image-3.13.0-51-powerpc-e500mc - 3.13.0-51.84 linux-image-3.13.0-51-lowlatency - 3.13.0-51.84 No subscription required Medium CVE-2015-2666 CVE-2015-2922 Ubuntu 14.04 LTS Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. (CVE-2015-2830) It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). (CVE-2015-2922) Update Instructions: Run `sudo pro fix USN-2589-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-36-generic - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-generic-lpae - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-powerpc64-smp - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-powerpc64-emb - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-generic - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-lowlatency - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-powerpc-smp - 3.16.0-36.48~14.04.1 linux-image-3.16.0-36-powerpc-e500mc - 3.16.0-36.48~14.04.1 No subscription required Medium CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 CVE-2015-2922 Ubuntu 14.04 LTS Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144) Hanno Böck discovered that curl incorrectly handled cookie path elements. If a user or automated system were tricked into parsing a specially crafted cookie, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3145) Isaac Boukris discovered that when using Negotiate authenticated connections, curl could incorrectly authenticate the entire connection and not just specific HTTP requests. (CVE-2015-3148) Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153) Update Instructions: Run `sudo pro fix USN-2591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.5 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.5 libcurl4-openssl-dev - 7.35.0-1ubuntu2.5 libcurl3-gnutls - 7.35.0-1ubuntu2.5 libcurl3-udeb - 7.35.0-1ubuntu2.5 libcurl4-doc - 7.35.0-1ubuntu2.5 libcurl3-nss - 7.35.0-1ubuntu2.5 libcurl4-nss-dev - 7.35.0-1ubuntu2.5 libcurl3 - 7.35.0-1ubuntu2.5 curl - 7.35.0-1ubuntu2.5 No subscription required Medium CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Ubuntu 14.04 LTS Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-2592-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml-libxml-perl - 2.0108+dfsg-1ubuntu0.1 No subscription required Medium CVE-2015-3451 Ubuntu 14.04 LTS Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information. Update Instructions: Run `sudo pro fix USN-2593-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.68-1ubuntu0.1 dnsmasq-utils - 2.68-1ubuntu0.1 dnsmasq-base - 2.68-1ubuntu0.1 No subscription required Medium CVE-2015-3294 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Update Instructions: Run `sudo pro fix USN-2594-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav-testfiles - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav-base - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav - 0.98.7+dfsg-0ubuntu0.14.04.1 libclamav6 - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav-daemon - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav-milter - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav-docs - 0.98.7+dfsg-0ubuntu0.14.04.1 clamav-freshclam - 0.98.7+dfsg-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 Ubuntu 14.04 LTS It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2595-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.5-5.1ubuntu2.2 ppp - 2.4.5-5.1ubuntu2.2 ppp-dev - 2.4.5-5.1ubuntu2.2 No subscription required Medium CVE-2015-3310 Ubuntu 14.04 LTS A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2598-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-52-generic - 3.13.0-52.85 linux-image-extra-3.13.0-52-generic - 3.13.0-52.85 linux-image-3.13.0-52-generic-lpae - 3.13.0-52.85 linux-image-3.13.0-52-powerpc-e500 - 3.13.0-52.85 linux-image-3.13.0-52-lowlatency - 3.13.0-52.85 linux-image-3.13.0-52-powerpc-smp - 3.13.0-52.85 linux-image-3.13.0-52-powerpc-e500mc - 3.13.0-52.85 linux-image-3.13.0-52-powerpc64-emb - 3.13.0-52.85 linux-image-3.13.0-52-powerpc64-smp - 3.13.0-52.85 No subscription required High CVE-2015-3339 Ubuntu 14.04 LTS USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2598-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-52-generic - 3.13.0-52.86 linux-image-extra-3.13.0-52-generic - 3.13.0-52.86 linux-image-3.13.0-52-generic-lpae - 3.13.0-52.86 linux-image-3.13.0-52-powerpc-e500 - 3.13.0-52.86 linux-image-3.13.0-52-lowlatency - 3.13.0-52.86 linux-image-3.13.0-52-powerpc-smp - 3.13.0-52.86 linux-image-3.13.0-52-powerpc-e500mc - 3.13.0-52.86 linux-image-3.13.0-52-powerpc64-emb - 3.13.0-52.86 linux-image-3.13.0-52-powerpc64-smp - 3.13.0-52.86 No subscription required None https://launchpad.net/bugs/1450442 Ubuntu 14.04 LTS A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-37-powerpc64-emb - 3.16.0-37.49~14.04.1 linux-image-3.16.0-37-lowlatency - 3.16.0-37.49~14.04.1 linux-image-3.16.0-37-powerpc64-smp - 3.16.0-37.49~14.04.1 linux-image-extra-3.16.0-37-generic - 3.16.0-37.49~14.04.1 linux-image-3.16.0-37-generic-lpae - 3.16.0-37.49~14.04.1 linux-image-3.16.0-37-powerpc-smp - 3.16.0-37.49~14.04.1 linux-image-3.16.0-37-generic - 3.16.0-37.49~14.04.1 linux-image-3.16.0-37-powerpc-e500mc - 3.16.0-37.49~14.04.1 No subscription required High CVE-2015-3339 Ubuntu 14.04 LTS USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2599-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-37-powerpc64-emb - 3.16.0-37.51~14.04.1 linux-image-3.16.0-37-lowlatency - 3.16.0-37.51~14.04.1 linux-image-3.16.0-37-powerpc64-smp - 3.16.0-37.51~14.04.1 linux-image-extra-3.16.0-37-generic - 3.16.0-37.51~14.04.1 linux-image-3.16.0-37-generic-lpae - 3.16.0-37.51~14.04.1 linux-image-3.16.0-37-powerpc-smp - 3.16.0-37.51~14.04.1 linux-image-3.16.0-37-generic - 3.16.0-37.51~14.04.1 linux-image-3.16.0-37-powerpc-e500mc - 3.16.0-37.51~14.04.1 No subscription required None https://launchpad.net/bugs/1450442 Ubuntu 14.04 LTS Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2708, CVE-2015-2709) Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2710) Alex Verstak discovered that <meta name="referrer"> is ignored in some circumstances. (CVE-2015-2711) Dougall Johnson discovered an out of bounds read and write in asm.js. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2712) Scott Bell discovered a use-afer-free during the processing of text when vertical text is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2713) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during shutdown. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2715) Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2716) A buffer overflow and out-of-bounds read were discovered when parsing metadata in MP4 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2717) Mark Hammond discovered that when a trusted page is hosted within an iframe in an untrusted page, the untrusted page can intercept webchannel responses meant for the trusted page in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to bypass origin restrictions. (CVE-2015-2718) Update Instructions: Run `sudo pro fix USN-2602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-nn - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-nb - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-fa - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-fi - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-fr - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-fy - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-or - 38.0+build3-0ubuntu0.14.04.1 firefox-testsuite - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-oc - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-cs - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ga - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-gd - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-gl - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-gu - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-pa - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-pl - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-cy - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-pt - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-hi - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ms - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-he - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-hy - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-hr - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-hu - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-it - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-as - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ar - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-az - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-id - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-mai - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-af - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-is - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-vi - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-an - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-bs - 38.0+build3-0ubuntu0.14.04.1 firefox - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ro - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ja - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ru - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-br - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-bn - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-be - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-bg - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-sl - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-sk - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-si - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-sw - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-sv - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-sr - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-sq - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ko - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-kn - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-km - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-kk - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ka - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-xh - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ca - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ku - 38.0+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-lv - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-lt - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-th - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 38.0+build3-0ubuntu0.14.04.1 firefox-dev - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-te - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ta - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-lg - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-tr - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-nso - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-de - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-da - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-uk - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-mr - 38.0+build3-0ubuntu0.14.04.1 firefox-globalmenu - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-uz - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ml - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-mn - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-mk - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-eu - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-et - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-es - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-csb - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-el - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-eo - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-en - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-zu - 38.0+build3-0ubuntu0.14.04.1 firefox-locale-ast - 38.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 Ubuntu 14.04 LTS Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2708) Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2710) Scott Bell discovered a use-afer-free during the processing of text when vertical text is enabled. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2713) Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML content. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2716) Update Instructions: Run `sudo pro fix USN-2603-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.7.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.7.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.7.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 Ubuntu 14.04 LTS Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 3.4-3ubuntu0.3 libtasn1-3-bin - 3.4-3ubuntu0.3 libtasn1-bin - 3.4-3ubuntu0.3 libtasn1-3-dev - 3.4-3ubuntu0.3 libtasn1-6 - 3.4-3ubuntu0.3 No subscription required Medium CVE-2015-3622 Ubuntu 14.04 LTS Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-2605-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.3 libicu52 - 52.1-3ubuntu0.3 libicu-dev - 52.1-3ubuntu0.3 icu-doc - 52.1-3ubuntu0.3 No subscription required Medium CVE-2014-8146 CVE-2014-8147 Ubuntu 14.04 LTS John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. (CVE-2015-3406) John Lightsey discovered that Module::Signature incorrectly handled files that were not listed in the SIGNATURE file. A remote attacker could use this flaw to execute arbitrary code when tests were run. (CVE-2015-3407) John Lightsey discovered that Module::Signature incorrectly handled embedded shell commands in the SIGNATURE file. A remote attacker could use this issue to execute arbitrary code during signature verification. (CVE-2015-3408) John Lightsey discovered that Module::Signature incorrectly handled module loading. A remote attacker could use this issue to execute arbitrary code during signature verification. (CVE-2015-3409) Update Instructions: Run `sudo pro fix USN-2607-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmodule-signature-perl - 0.73-1ubuntu0.14.04.1 No subscription required Medium CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 Ubuntu 14.04 LTS Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3456) Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-1779) Jan Beulich discovered that QEMU, when used with Xen, didn't properly restrict access to PCI command registers. A malicious guest could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2756) Update Instructions: Run `sudo pro fix USN-2608-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.11 qemu-user-static - 2.0.0+dfsg-2ubuntu1.11 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.11 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.11 qemu-kvm - 2.0.0+dfsg-2ubuntu1.11 qemu-user - 2.0.0+dfsg-2ubuntu1.11 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.11 qemu-system - 2.0.0+dfsg-2ubuntu1.11 qemu-utils - 2.0.0+dfsg-2ubuntu1.11 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.11 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.11 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.11 qemu-common - 2.0.0+dfsg-2ubuntu1.11 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.11 qemu - 2.0.0+dfsg-2ubuntu1.11 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.11 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.11 No subscription required High CVE-2015-1779 CVE-2015-2756 CVE-2015-3456 Ubuntu 14.04 LTS Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324) Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in arbitrary locations. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1325) Update Instructions: Run `sudo pro fix USN-2609-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.11 python3-problem-report - 2.14.1-0ubuntu3.11 apport-kde - 2.14.1-0ubuntu3.11 apport-retrace - 2.14.1-0ubuntu3.11 apport-valgrind - 2.14.1-0ubuntu3.11 python3-apport - 2.14.1-0ubuntu3.11 dh-apport - 2.14.1-0ubuntu3.11 apport-gtk - 2.14.1-0ubuntu3.11 apport - 2.14.1-0ubuntu3.11 python-problem-report - 2.14.1-0ubuntu3.11 apport-noui - 2.14.1-0ubuntu3.11 No subscription required High CVE-2015-1324 CVE-2015-1325 Ubuntu 14.04 LTS Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254) A use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1255) A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1256) A security issue was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1257) An issue was discovered with the build of libvpx. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1258) Multiple use-after-free issues were discovered in the WebRTC implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1260) An uninitialized value bug was discovered in the font shaping code in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1262) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1265) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-3910) Update Instructions: Run `sudo pro fix USN-2610-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.7.8-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.7.8-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.7.8-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.7.8-0ubuntu0.14.04.1 oxideqmlscene - 1.7.8-0ubuntu0.14.04.1 oxideqt-codecs - 1.7.8-0ubuntu0.14.04.1 liboxideqtquick0 - 1.7.8-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1260 CVE-2015-1262 CVE-2015-1265 CVE-2015-3910 Ubuntu 14.04 LTS Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). (CVE-2014-9715) Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. (CVE-2015-2830) A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331) Update Instructions: Run `sudo pro fix USN-2614-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-53-lowlatency - 3.13.0-53.88 linux-image-3.13.0-53-powerpc64-emb - 3.13.0-53.88 linux-image-3.13.0-53-powerpc-smp - 3.13.0-53.88 linux-image-3.13.0-53-generic-lpae - 3.13.0-53.88 linux-image-3.13.0-53-powerpc-e500 - 3.13.0-53.88 linux-image-3.13.0-53-generic - 3.13.0-53.88 linux-image-extra-3.13.0-53-generic - 3.13.0-53.88 linux-image-3.13.0-53-powerpc-e500mc - 3.13.0-53.88 linux-image-3.13.0-53-powerpc64-smp - 3.13.0-53.88 No subscription required Medium CVE-2014-9715 CVE-2015-2150 CVE-2015-2830 CVE-2015-3331 Ubuntu 14.04 LTS Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331) A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-3332) Update Instructions: Run `sudo pro fix USN-2615-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-38-powerpc64-emb - 3.16.0-38.52~14.04.1 linux-image-3.16.0-38-powerpc64-smp - 3.16.0-38.52~14.04.1 linux-image-extra-3.16.0-38-generic - 3.16.0-38.52~14.04.1 linux-image-3.16.0-38-generic - 3.16.0-38.52~14.04.1 linux-image-3.16.0-38-powerpc-smp - 3.16.0-38.52~14.04.1 linux-image-3.16.0-38-generic-lpae - 3.16.0-38.52~14.04.1 linux-image-3.16.0-38-powerpc-e500mc - 3.16.0-38.52~14.04.1 linux-image-3.16.0-38-lowlatency - 3.16.0-38.52~14.04.1 No subscription required Medium CVE-2014-9710 CVE-2015-3331 CVE-2015-3332 Ubuntu 14.04 LTS Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-2617-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfuse2 - 2.9.2-4ubuntu4.14.04.1 libfuse-dev - 2.9.2-4ubuntu4.14.04.1 fuse - 2.9.2-4ubuntu4.14.04.1 libfuse2-udeb - 2.9.2-4ubuntu4.14.04.1 fuse-udeb - 2.9.2-4ubuntu4.14.04.1 No subscription required High CVE-2015-3202 Ubuntu 14.04 LTS It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2618-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-dbusmock - 0.10.1-1ubuntu1 python3-dbusmock - 0.10.1-1ubuntu1 No subscription required Medium CVE-2015-1326 Ubuntu 14.04 LTS A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2620-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-53-lowlatency - 3.13.0-53.89 linux-image-3.13.0-53-powerpc64-emb - 3.13.0-53.89 linux-image-3.13.0-53-powerpc-smp - 3.13.0-53.89 linux-image-3.13.0-53-generic-lpae - 3.13.0-53.89 linux-image-3.13.0-53-powerpc-e500 - 3.13.0-53.89 linux-image-3.13.0-53-generic - 3.13.0-53.89 linux-image-extra-3.13.0-53-generic - 3.13.0-53.89 linux-image-3.13.0-53-powerpc-e500mc - 3.13.0-53.89 linux-image-3.13.0-53-powerpc64-smp - 3.13.0-53.89 No subscription required Medium CVE-2015-3332 Ubuntu 14.04 LTS Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. (CVE-2015-3165) Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values, possibly leading to security issues. (CVE-2015-3166) Noah Misch discovered that the pgcrypto function could return different error messages when decrypting using an incorrect key, possibly leading to a security issue. (CVE-2015-3167) Update Instructions: Run `sudo pro fix USN-2621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.7-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.7-0ubuntu0.14.04 postgresql-9.3 - 9.3.7-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.7-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.7-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.7-0ubuntu0.14.04 libecpg6 - 9.3.7-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.7-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.7-0ubuntu0.14.04 libpgtypes3 - 9.3.7-0ubuntu0.14.04 libecpg-dev - 9.3.7-0ubuntu0.14.04 libpq-dev - 9.3.7-0ubuntu0.14.04 libpq5 - 9.3.7-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.7-0ubuntu0.14.04 libecpg-compat3 - 9.3.7-0ubuntu0.14.04 No subscription required Medium CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Ubuntu 14.04 LTS It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164) Michael Vishchers discovered that OpenLDAP improperly counted references when the rwm overlay was used. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449) It was discovered that OpenLDAP incorrectly handled certain empty attribute lists in search requests. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545) Update Instructions: Run `sudo pro fix USN-2622-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.1 libldap2-dev - 2.4.31-1+nmu2ubuntu8.1 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.1 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.1 slapd - 2.4.31-1+nmu2ubuntu8.1 No subscription required Low CVE-2012-1164 CVE-2013-4449 CVE-2015-1545 Ubuntu 14.04 LTS As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks. Update Instructions: Run `sudo pro fix USN-2624-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.12 libssl-dev - 1.0.1f-1ubuntu2.12 openssl - 1.0.1f-1ubuntu2.12 libssl-doc - 1.0.1f-1ubuntu2.12 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.12 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.12 No subscription required None https://launchpad.net/bugs/1460735 Ubuntu 14.04 LTS Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190) Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. (CVE-2015-0295) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1858) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed ICO images. If a user or automated system were tricked into opening a specially crafted ICO image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1859) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1860) Update Instructions: Run `sudo pro fix USN-2626-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqtgui4 - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-core - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-designer - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-default - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-webkit - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-svg - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqtcore4 - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-sql-psql - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-demos - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-gui - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-sql-tds - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-dbus - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-sql-odbc - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-script - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-xmlpatterns - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-doc - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-xml - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-network - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-opengl - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-assistant - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-dev - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-qmake - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-private-dev - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-dev-tools - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-qmlviewer - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-qt3support - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqtdbus4 - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-declarative-folderlistmodel - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-qtconfig - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-linguist-tools - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-declarative-particles - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-test - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-opengl-dev - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-declarative-gestures - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qdbus - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-sql-sqlite - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-doc-html - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-sql - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-declarative - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-help - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qtcore4-l10n - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-sql-mysql - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-scripttools - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-declarative-shaders - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 libqt4-dev-bin - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 qt4-designer - 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 No subscription required libqt5opengl5 - 5.2.1+dfsg-1ubuntu14.3 libqt5widgets5 - 5.2.1+dfsg-1ubuntu14.3 libqt5concurrent5 - 5.2.1+dfsg-1ubuntu14.3 libqt5sql5-mysql - 5.2.1+dfsg-1ubuntu14.3 libqt5sql5-sqlite - 5.2.1+dfsg-1ubuntu14.3 libqt5sql5-psql - 5.2.1+dfsg-1ubuntu14.3 libqt5core5a - 5.2.1+dfsg-1ubuntu14.3 libqt5network5 - 5.2.1+dfsg-1ubuntu14.3 libqt5sql5 - 5.2.1+dfsg-1ubuntu14.3 libqt5dbus5 - 5.2.1+dfsg-1ubuntu14.3 libqt5gui5 - 5.2.1+dfsg-1ubuntu14.3 libqt5opengl5-dev - 5.2.1+dfsg-1ubuntu14.3 qtbase5-doc-html - 5.2.1+dfsg-1ubuntu14.3 qtbase5-dev-tools - 5.2.1+dfsg-1ubuntu14.3 qt5-qmake - 5.2.1+dfsg-1ubuntu14.3 qtbase5-dev - 5.2.1+dfsg-1ubuntu14.3 qtbase5-private-dev - 5.2.1+dfsg-1ubuntu14.3 libqt5printsupport5 - 5.2.1+dfsg-1ubuntu14.3 qtbase5-examples - 5.2.1+dfsg-1ubuntu14.3 libqt5xml5 - 5.2.1+dfsg-1ubuntu14.3 libqt5sql5-tds - 5.2.1+dfsg-1ubuntu14.3 libqt5test5 - 5.2.1+dfsg-1ubuntu14.3 libqt5sql5-odbc - 5.2.1+dfsg-1ubuntu14.3 qt5-default - 5.2.1+dfsg-1ubuntu14.3 No subscription required Medium CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 Ubuntu 14.04 LTS Jakub Wilk discovered that t1utils incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially crafted font, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-2627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: t1utils - 1.37-2ubuntu1.1 No subscription required Medium CVE-2015-3905 Ubuntu 14.04 LTS Alexander E. Patrakov discovered that strongSwan incorrectly handled certain IKEv2 setups. A malicious server could possibly use this issue to obtain user credentials. Update Instructions: Run `sudo pro fix USN-2628-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.3 strongswan-plugin-unbound - 5.1.2-0ubuntu2.3 strongswan-plugin-farp - 5.1.2-0ubuntu2.3 strongswan-ikev1 - 5.1.2-0ubuntu2.3 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.3 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.3 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.3 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.3 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.3 strongswan-plugin-sql - 5.1.2-0ubuntu2.3 strongswan-plugin-coupling - 5.1.2-0ubuntu2.3 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.3 strongswan-plugin-lookip - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.3 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.3 strongswan-ike - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.3 libstrongswan - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.3 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.3 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.3 strongswan - 5.1.2-0ubuntu2.3 strongswan-tnc-server - 5.1.2-0ubuntu2.3 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.3 strongswan-tnc-base - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.3 strongswan-starter - 5.1.2-0ubuntu2.3 strongswan-plugin-curl - 5.1.2-0ubuntu2.3 strongswan-plugin-radattr - 5.1.2-0ubuntu2.3 strongswan-plugin-soup - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.3 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.3 strongswan-ikev2 - 5.1.2-0ubuntu2.3 strongswan-plugin-mysql - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.3 strongswan-plugin-openssl - 5.1.2-0ubuntu2.3 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.3 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.3 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.3 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.3 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.3 strongswan-pt-tls-client - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.3 strongswan-nm - 5.1.2-0ubuntu2.3 strongswan-plugin-ldap - 5.1.2-0ubuntu2.3 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.3 strongswan-tnc-pdp - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.3 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.3 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.3 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.3 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.3 strongswan-plugin-ntru - 5.1.2-0ubuntu2.3 strongswan-plugin-gmp - 5.1.2-0ubuntu2.3 strongswan-plugin-agent - 5.1.2-0ubuntu2.3 strongswan-plugin-pgp - 5.1.2-0ubuntu2.3 strongswan-tnc-client - 5.1.2-0ubuntu2.3 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.3 strongswan-plugin-unity - 5.1.2-0ubuntu2.3 strongswan-plugin-led - 5.1.2-0ubuntu2.3 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.3 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.3 No subscription required High CVE-2015-4171 Ubuntu 14.04 LTS It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158) It was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. (CVE-2015-1159) Update Instructions: Run `sudo pro fix USN-2629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.6 libcups2-dev - 1.7.2-0ubuntu1.6 cups-bsd - 1.7.2-0ubuntu1.6 libcupsmime1 - 1.7.2-0ubuntu1.6 cups-common - 1.7.2-0ubuntu1.6 cups-core-drivers - 1.7.2-0ubuntu1.6 cups-server-common - 1.7.2-0ubuntu1.6 libcupsimage2 - 1.7.2-0ubuntu1.6 cups-client - 1.7.2-0ubuntu1.6 libcupscgi1-dev - 1.7.2-0ubuntu1.6 libcups2 - 1.7.2-0ubuntu1.6 libcupsmime1-dev - 1.7.2-0ubuntu1.6 cups-ppdc - 1.7.2-0ubuntu1.6 libcupsppdc1 - 1.7.2-0ubuntu1.6 cups - 1.7.2-0ubuntu1.6 libcupsppdc1-dev - 1.7.2-0ubuntu1.6 libcupsimage2-dev - 1.7.2-0ubuntu1.6 cups-daemon - 1.7.2-0ubuntu1.6 No subscription required High CVE-2015-1158 CVE-2015-1159 Ubuntu 14.04 LTS Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3209) Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. (CVE-2015-4037) Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the host MSI message data field. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4103) Jan Beulich discovered that the QEMU Xen code incorrectly restricted access to the PCI MSI mask bits. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104) Jan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X error messages. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105) Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the PCI config space. A malicious guest could use this issue to cause a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106) Update Instructions: Run `sudo pro fix USN-2630-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.13 qemu-user-static - 2.0.0+dfsg-2ubuntu1.13 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.13 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.13 qemu-kvm - 2.0.0+dfsg-2ubuntu1.13 qemu-user - 2.0.0+dfsg-2ubuntu1.13 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.13 qemu-system - 2.0.0+dfsg-2ubuntu1.13 qemu-utils - 2.0.0+dfsg-2ubuntu1.13 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.13 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.13 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.13 qemu-common - 2.0.0+dfsg-2ubuntu1.13 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.13 qemu - 2.0.0+dfsg-2ubuntu1.13 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.13 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.13 No subscription required High CVE-2015-3209 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 Ubuntu 14.04 LTS Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636) A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). (CVE-2015-4036) Update Instructions: Run `sudo pro fix USN-2634-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-54-generic-lpae - 3.13.0-54.91 linux-image-3.13.0-54-powerpc-e500mc - 3.13.0-54.91 linux-image-3.13.0-54-lowlatency - 3.13.0-54.91 linux-image-3.13.0-54-powerpc-smp - 3.13.0-54.91 linux-image-3.13.0-54-powerpc64-emb - 3.13.0-54.91 linux-image-3.13.0-54-generic - 3.13.0-54.91 linux-image-extra-3.13.0-54-generic - 3.13.0-54.91 linux-image-3.13.0-54-powerpc64-smp - 3.13.0-54.91 linux-image-3.13.0-54-powerpc-e500 - 3.13.0-54.91 No subscription required Medium CVE-2015-3636 CVE-2015-4036 Ubuntu 14.04 LTS Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-0275) Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636) Update Instructions: Run `sudo pro fix USN-2635-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-39-lowlatency - 3.16.0-39.53~14.04.1 linux-image-3.16.0-39-powerpc64-smp - 3.16.0-39.53~14.04.1 linux-image-extra-3.16.0-39-generic - 3.16.0-39.53~14.04.1 linux-image-3.16.0-39-generic - 3.16.0-39.53~14.04.1 linux-image-3.16.0-39-powerpc64-emb - 3.16.0-39.53~14.04.1 linux-image-3.16.0-39-powerpc-e500mc - 3.16.0-39.53~14.04.1 linux-image-3.16.0-39-generic-lpae - 3.16.0-39.53~14.04.1 linux-image-3.16.0-39-powerpc-smp - 3.16.0-39.53~14.04.1 No subscription required Medium CVE-2015-0275 CVE-2015-3636 Ubuntu 14.04 LTS Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-0275) Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636) A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). (CVE-2015-4036) Update Instructions: Run `sudo pro fix USN-2636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-20-powerpc-smp - 3.19.0-20.20~14.04.1 linux-image-3.19.0-20-powerpc-e500mc - 3.19.0-20.20~14.04.1 linux-image-3.19.0-20-generic-lpae - 3.19.0-20.20~14.04.1 linux-image-3.19.0-20-generic - 3.19.0-20.20~14.04.1 linux-image-extra-3.19.0-20-generic - 3.19.0-20.20~14.04.1 linux-image-3.19.0-20-powerpc64-smp - 3.19.0-20.20~14.04.1 linux-image-3.19.0-20-lowlatency - 3.19.0-20.20~14.04.1 linux-image-3.19.0-20-powerpc64-emb - 3.19.0-20.20~14.04.1 No subscription required Medium CVE-2015-0275 CVE-2015-3636 CVE-2015-4036 Ubuntu 14.04 LTS Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176) Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788) Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789) Michal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790) Emilia Käsper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791) Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1792) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. Update Instructions: Run `sudo pro fix USN-2639-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.15 libssl-dev - 1.0.1f-1ubuntu2.15 openssl - 1.0.1f-1ubuntu2.15 libssl-doc - 1.0.1f-1ubuntu2.15 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.15 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.15 No subscription required Medium CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 Ubuntu 14.04 LTS Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Update Instructions: Run `sudo pro fix USN-2643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-55-generic-lpae - 3.13.0-55.92 linux-image-extra-3.13.0-55-generic - 3.13.0-55.92 linux-image-3.13.0-55-generic - 3.13.0-55.92 linux-image-3.13.0-55-powerpc-e500mc - 3.13.0-55.92 linux-image-3.13.0-55-powerpc-smp - 3.13.0-55.92 linux-image-3.13.0-55-powerpc64-emb - 3.13.0-55.92 linux-image-3.13.0-55-powerpc-e500 - 3.13.0-55.92 linux-image-3.13.0-55-powerpc64-smp - 3.13.0-55.92 linux-image-3.13.0-55-lowlatency - 3.13.0-55.92 No subscription required High CVE-2015-1328 Ubuntu 14.04 LTS The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Update Instructions: Run `sudo pro fix USN-2643-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-55-generic-lpae - 3.13.0-55.94 linux-image-extra-3.13.0-55-generic - 3.13.0-55.94 linux-image-3.13.0-55-generic - 3.13.0-55.94 linux-image-3.13.0-55-powerpc-e500mc - 3.13.0-55.94 linux-image-3.13.0-55-powerpc-smp - 3.13.0-55.94 linux-image-3.13.0-55-powerpc64-emb - 3.13.0-55.94 linux-image-3.13.0-55-powerpc-e500 - 3.13.0-55.94 linux-image-3.13.0-55-powerpc64-smp - 3.13.0-55.94 linux-image-3.13.0-55-lowlatency - 3.13.0-55.94 No subscription required None http://bugs.launchpad.net/bugs/1465998 Ubuntu 14.04 LTS Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Update Instructions: Run `sudo pro fix USN-2644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-41-powerpc-smp - 3.16.0-41.55~14.04.1 linux-image-extra-3.16.0-41-generic - 3.16.0-41.55~14.04.1 linux-image-3.16.0-41-powerpc64-smp - 3.16.0-41.55~14.04.1 linux-image-3.16.0-41-generic - 3.16.0-41.55~14.04.1 linux-image-3.16.0-41-powerpc-e500mc - 3.16.0-41.55~14.04.1 linux-image-3.16.0-41-generic-lpae - 3.16.0-41.55~14.04.1 linux-image-3.16.0-41-lowlatency - 3.16.0-41.55~14.04.1 linux-image-3.16.0-41-powerpc64-emb - 3.16.0-41.55~14.04.1 No subscription required High CVE-2015-1328 Ubuntu 14.04 LTS The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Update Instructions: Run `sudo pro fix USN-2644-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-41-powerpc-smp - 3.16.0-41.57~14.04.1 linux-image-extra-3.16.0-41-generic - 3.16.0-41.57~14.04.1 linux-image-3.16.0-41-powerpc64-smp - 3.16.0-41.57~14.04.1 linux-image-3.16.0-41-generic - 3.16.0-41.57~14.04.1 linux-image-3.16.0-41-powerpc-e500mc - 3.16.0-41.57~14.04.1 linux-image-3.16.0-41-generic-lpae - 3.16.0-41.57~14.04.1 linux-image-3.16.0-41-lowlatency - 3.16.0-41.57~14.04.1 linux-image-3.16.0-41-powerpc64-emb - 3.16.0-41.57~14.04.1 No subscription required None http://bugs.launchpad.net/bugs/1465998 Ubuntu 14.04 LTS Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Update Instructions: Run `sudo pro fix USN-2645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-21-powerpc-e500mc - 3.19.0-21.21~14.04.1 linux-image-extra-3.19.0-21-generic - 3.19.0-21.21~14.04.1 linux-image-3.19.0-21-powerpc-smp - 3.19.0-21.21~14.04.1 linux-image-3.19.0-21-powerpc64-smp - 3.19.0-21.21~14.04.1 linux-image-3.19.0-21-powerpc64-emb - 3.19.0-21.21~14.04.1 linux-image-3.19.0-21-lowlatency - 3.19.0-21.21~14.04.1 linux-image-3.19.0-21-generic - 3.19.0-21.21~14.04.1 linux-image-3.19.0-21-generic-lpae - 3.19.0-21.21~14.04.1 No subscription required High CVE-2015-1328 Ubuntu 14.04 LTS Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the root user. Update Instructions: Run `sudo pro fix USN-2648-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-aptdaemon.gtk3widgets - 1.1.1-1ubuntu5.2 aptdaemon-data - 1.1.1-1ubuntu5.2 python-aptdaemon-gtk - 1.1.1-1ubuntu5.2 python3-aptdaemon.test - 1.1.1-1ubuntu5.2 aptdaemon - 1.1.1-1ubuntu5.2 python3-aptdaemon - 1.1.1-1ubuntu5.2 python-aptdaemon - 1.1.1-1ubuntu5.2 python3-aptdaemon.pkcompat - 1.1.1-1ubuntu5.2 python-aptdaemon.gtk3widgets - 1.1.1-1ubuntu5.2 python-aptdaemon.gtkwidgets - 1.1.1-1ubuntu5.2 No subscription required Medium CVE-2015-1323 Ubuntu 14.04 LTS It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation. Update Instructions: Run `sudo pro fix USN-2649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: devscripts - 2.14.1ubuntu0.1 No subscription required Medium CVE-2014-1833 Ubuntu 14.04 LTS Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146) Update Instructions: Run `sudo pro fix USN-2650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.3 No subscription required wpagui - 2.1-0ubuntu1.3 wpasupplicant-udeb - 2.1-0ubuntu1.3 wpasupplicant - 2.1-0ubuntu1.3 No subscription required Medium CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 Ubuntu 14.04 LTS Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651) László Böszörményi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. (CVE-2014-9637) Jakub Wilk discovered that GNU patch did not correctly handle symbolic links in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1196) Jakub Wilk discovered that GNU patch did not correctly handle file renames in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1395) Jakub Wilk discovered the fix for CVE-2015-1196 was incomplete for GNU patch. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1396) Update Instructions: Run `sudo pro fix USN-2651-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: patch - 2.7.1-4ubuntu2.3 No subscription required Medium CVE-2010-4651 CVE-2014-9637 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 Ubuntu 14.04 LTS It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1266) It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1267, CVE-2015-1268) It was discovered that Chromium did not properly canonicalize DNS hostnames before comparing to HSTS or HPKP preload entries. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-1269) Update Instructions: Run `sudo pro fix USN-2652-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.7.9-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.7.9-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.7.9-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.7.9-0ubuntu0.14.04.1 oxideqmlscene - 1.7.9-0ubuntu0.14.04.1 oxideqt-codecs - 1.7.9-0ubuntu0.14.04.1 liboxideqtquick0 - 1.7.9-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 Ubuntu 14.04 LTS It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753) It was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616) It was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650) It was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185) Update Instructions: Run `sudo pro fix USN-2653-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.2 python2.7-doc - 2.7.6-8ubuntu0.2 libpython2.7-stdlib - 2.7.6-8ubuntu0.2 libpython2.7-minimal - 2.7.6-8ubuntu0.2 libpython2.7-testsuite - 2.7.6-8ubuntu0.2 python2.7 - 2.7.6-8ubuntu0.2 idle-python2.7 - 2.7.6-8ubuntu0.2 python2.7-examples - 2.7.6-8ubuntu0.2 libpython2.7 - 2.7.6-8ubuntu0.2 libpython2.7-dev - 2.7.6-8ubuntu0.2 python2.7-minimal - 2.7.6-8ubuntu0.2 No subscription required python3.4-examples - 3.4.0-2ubuntu1.1 libpython3.4-testsuite - 3.4.0-2ubuntu1.1 libpython3.4-dev - 3.4.0-2ubuntu1.1 python3.4-minimal - 3.4.0-2ubuntu1.1 python3.4-doc - 3.4.0-2ubuntu1.1 libpython3.4-stdlib - 3.4.0-2ubuntu1.1 python3.4-dev - 3.4.0-2ubuntu1.1 idle-python3.4 - 3.4.0-2ubuntu1.1 python3.4 - 3.4.0-2ubuntu1.1 libpython3.4-minimal - 3.4.0-2ubuntu1.1 libpython3.4 - 3.4.0-2ubuntu1.1 No subscription required Medium CVE-2013-1752 CVE-2013-1753 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185 Ubuntu 14.04 LTS It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0119) It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0227) It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause a limited denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0230) It was discovered that the Tomcat Expression Language (EL) implementation incorrectly handled accessible interfaces implemented by inaccessible classes. An attacker could possibly use this issue to bypass a SecurityManager protection mechanism. (CVE-2014-7810) Update Instructions: Run `sudo pro fix USN-2654-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.3 libservlet3.0-java - 7.0.52-1ubuntu0.3 tomcat7-docs - 7.0.52-1ubuntu0.3 libservlet3.0-java-doc - 7.0.52-1ubuntu0.3 tomcat7 - 7.0.52-1ubuntu0.3 libtomcat7-java - 7.0.52-1ubuntu0.3 tomcat7-user - 7.0.52-1ubuntu0.3 tomcat7-admin - 7.0.52-1ubuntu0.3 tomcat7-examples - 7.0.52-1ubuntu0.3 No subscription required Medium CVE-2014-0119 CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 Ubuntu 14.04 LTS Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000) Update Instructions: Run `sudo pro fix USN-2656-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-nn - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-nb - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-fa - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-fi - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-fr - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-fy - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-or - 39.0+build5-0ubuntu0.14.04.1 firefox-testsuite - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-oc - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-cs - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ga - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-gd - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-gl - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-gu - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-pa - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-pl - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-cy - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-pt - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-hi - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ms - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-he - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-hy - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-hr - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-hu - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-it - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-as - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ar - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-az - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-id - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-mai - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-af - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-is - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-vi - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-an - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-bs - 39.0+build5-0ubuntu0.14.04.1 firefox - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ro - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ja - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ru - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-br - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-zh-hant - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-zh-hans - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-bn - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-be - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-bg - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-sl - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-sk - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-si - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-sw - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-sv - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-sr - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-sq - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ko - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-kn - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-km - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-kk - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ka - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-xh - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ca - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ku - 39.0+build5-0ubuntu0.14.04.1 firefox-mozsymbols - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-lv - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-lt - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-th - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-hsb - 39.0+build5-0ubuntu0.14.04.1 firefox-dev - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-te - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ta - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-lg - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-tr - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-nso - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-de - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-da - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-uk - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-mr - 39.0+build5-0ubuntu0.14.04.1 firefox-globalmenu - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-uz - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ml - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-mn - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-mk - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-eu - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-et - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-es - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-csb - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-el - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-eo - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-en - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-zu - 39.0+build5-0ubuntu0.14.04.1 firefox-locale-ast - 39.0+build5-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 Ubuntu 14.04 LTS It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. Update Instructions: Run `sudo pro fix USN-2657-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unattended-upgrades - 0.82.1ubuntu2.3 No subscription required Medium CVE-2015-1330 Ubuntu 14.04 LTS Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021) Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643) Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147) Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148) Taoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605) It was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644) Update Instructions: Run `sudo pro fix USN-2658-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.11 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.11 php5-curl - 5.5.9+dfsg-1ubuntu4.11 php5-intl - 5.5.9+dfsg-1ubuntu4.11 php5-snmp - 5.5.9+dfsg-1ubuntu4.11 php5-mysql - 5.5.9+dfsg-1ubuntu4.11 php5-odbc - 5.5.9+dfsg-1ubuntu4.11 php5-xsl - 5.5.9+dfsg-1ubuntu4.11 php5-gd - 5.5.9+dfsg-1ubuntu4.11 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.11 php5-tidy - 5.5.9+dfsg-1ubuntu4.11 php5-dev - 5.5.9+dfsg-1ubuntu4.11 php5-pgsql - 5.5.9+dfsg-1ubuntu4.11 php5-enchant - 5.5.9+dfsg-1ubuntu4.11 php5-readline - 5.5.9+dfsg-1ubuntu4.11 php5-gmp - 5.5.9+dfsg-1ubuntu4.11 php5-fpm - 5.5.9+dfsg-1ubuntu4.11 php5-cgi - 5.5.9+dfsg-1ubuntu4.11 php5-sqlite - 5.5.9+dfsg-1ubuntu4.11 php5-ldap - 5.5.9+dfsg-1ubuntu4.11 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.11 php5 - 5.5.9+dfsg-1ubuntu4.11 php5-cli - 5.5.9+dfsg-1ubuntu4.11 php-pear - 5.5.9+dfsg-1ubuntu4.11 php5-sybase - 5.5.9+dfsg-1ubuntu4.11 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.11 php5-pspell - 5.5.9+dfsg-1ubuntu4.11 php5-common - 5.5.9+dfsg-1ubuntu4.11 libphp5-embed - 5.5.9+dfsg-1ubuntu4.11 No subscription required Medium CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 CVE-2015-4643 CVE-2015-4644 Ubuntu 14.04 LTS Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user. (CVE-2015-3258, CVE-2015-3279) Update Instructions: Run `sudo pro fix USN-2659-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.0.52-0ubuntu1.5 libfontembed1 - 1.0.52-0ubuntu1.5 libcupsfilters-dev - 1.0.52-0ubuntu1.5 cups-filters - 1.0.52-0ubuntu1.5 cups-browsed - 1.0.52-0ubuntu1.5 cups-filters-core-drivers - 1.0.52-0ubuntu1.5 libcupsfilters1 - 1.0.52-0ubuntu1.5 No subscription required Medium CVE-2015-3258 CVE-2015-3279 Ubuntu 14.04 LTS Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) Carl H Lunde discovered missing consistency checks in the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167) Update Instructions: Run `sudo pro fix USN-2663-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-57-powerpc-smp - 3.13.0-57.95 linux-image-extra-3.13.0-57-generic - 3.13.0-57.95 linux-image-3.13.0-57-powerpc64-emb - 3.13.0-57.95 linux-image-3.13.0-57-lowlatency - 3.13.0-57.95 linux-image-3.13.0-57-powerpc-e500mc - 3.13.0-57.95 linux-image-3.13.0-57-generic-lpae - 3.13.0-57.95 linux-image-3.13.0-57-powerpc64-smp - 3.13.0-57.95 linux-image-3.13.0-57-powerpc-e500 - 3.13.0-57.95 linux-image-3.13.0-57-generic - 3.13.0-57.95 No subscription required Medium CVE-2014-9710 CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4167 Ubuntu 14.04 LTS A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) Carl H Lunde discovered missing consistency checks in the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A double free flaw was discovered in the Linux kernel's path lookup. A local user could cause a denial of service (Oops). (CVE-2015-5706) Update Instructions: Run `sudo pro fix USN-2664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-43-generic - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc64-emb - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-generic - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-lowlatency - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc64-smp - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc-smp - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc-e500mc - 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-generic-lpae - 3.16.0-43.58~14.04.1 No subscription required Medium CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4167 CVE-2015-4700 CVE-2015-5706 Ubuntu 14.04 LTS A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) A double free flaw was discovered in the Linux kernel's path lookup. A local user could cause a denial of service (Oops). (CVE-2015-5706) Update Instructions: Run `sudo pro fix USN-2665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-22-generic - 3.19.0-22.22~14.04.1 linux-image-3.19.0-22-powerpc-e500mc - 3.19.0-22.22~14.04.1 linux-image-3.19.0-22-lowlatency - 3.19.0-22.22~14.04.1 linux-image-3.19.0-22-powerpc-smp - 3.19.0-22.22~14.04.1 linux-image-3.19.0-22-generic-lpae - 3.19.0-22.22~14.04.1 linux-image-3.19.0-22-powerpc64-smp - 3.19.0-22.22~14.04.1 linux-image-extra-3.19.0-22-generic - 3.19.0-22.22~14.04.1 linux-image-3.19.0-22-powerpc64-emb - 3.19.0-22.22~14.04.1 No subscription required Medium CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-5706 Ubuntu 14.04 LTS Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2669-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.3 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.3 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.3 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.3 bind9utils - 1:9.9.5.dfsg-3ubuntu0.3 libdns100 - 1:9.9.5.dfsg-3ubuntu0.3 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.3 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.3 host - 1:9.9.5.dfsg-3ubuntu0.3 lwresd - 1:9.9.5.dfsg-3ubuntu0.3 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.3 libisc95 - 1:9.9.5.dfsg-3ubuntu0.3 bind9 - 1:9.9.5.dfsg-3ubuntu0.3 bind9-host - 1:9.9.5.dfsg-3ubuntu0.3 No subscription required Medium CVE-2015-4620 Ubuntu 14.04 LTS Fernando Muñoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-2670-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwmf-dev - 0.2.8.4-10.3ubuntu1.14.04.1 libwmf0.2-7-gtk - 0.2.8.4-10.3ubuntu1.14.04.1 libwmf0.2-7 - 0.2.8.4-10.3ubuntu1.14.04.1 libwmf-doc - 0.2.8.4-10.3ubuntu1.14.04.1 libwmf-bin - 0.2.8.4-10.3ubuntu1.14.04.1 No subscription required Medium CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4695 CVE-2015-4696 Ubuntu 14.04 LTS Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5143) Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header injection attacks. (CVE-2015-5144) Update Instructions: Run `sudo pro fix USN-2671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.9 python-django - 1.6.1-2ubuntu0.9 No subscription required Medium CVE-2015-5143 CVE-2015-5144 Ubuntu 14.04 LTS Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) As a security improvement, this update modifies NSS behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. This update also refreshes the NSS package to version 3.19.2 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-2672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.19.2-0ubuntu0.14.04.1 libnss3-dev - 2:3.19.2-0ubuntu0.14.04.1 libnss3 - 2:3.19.2-0ubuntu0.14.04.1 libnss3-1d - 2:3.19.2-0ubuntu0.14.04.1 libnss3-tools - 2:3.19.2-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2721 CVE-2015-2730 Ubuntu 14.04 LTS Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2724) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000) Update Instructions: Run `sudo pro fix USN-2673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:31.8.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:31.8.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:31.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:31.8.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2721 CVE-2015-2724 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-4000 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Update Instructions: Run `sudo pro fix USN-2674-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.44-0ubuntu0.14.04.1 mysql-client - 5.5.44-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.44-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.44-0ubuntu0.14.04.1 libmysqld-pic - 5.5.44-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.44-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.44-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.44-0ubuntu0.14.04.1 mysql-common - 5.5.44-0ubuntu0.14.04.1 mysql-server - 5.5.44-0ubuntu0.14.04.1 mysql-testsuite - 5.5.44-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.44-0ubuntu0.14.04.1 libmysqld-dev - 5.5.44-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.44-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 Ubuntu 14.04 LTS Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. (CVE-2015-1331) Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux. (CVE-2015-1334) Update Instructions: Run `sudo pro fix USN-2675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.7-0ubuntu0.2 liblxc1 - 1.0.7-0ubuntu0.2 lxc-templates - 1.0.7-0ubuntu0.2 python3-lxc - 1.0.7-0ubuntu0.2 lxc - 1.0.7-0ubuntu0.2 lxc-tests - 1.0.7-0ubuntu0.2 No subscription required Medium CVE-2015-1331 CVE-2015-1334 Ubuntu 14.04 LTS It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6410) Tuomas Räsänen discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-7441) Tuomas Räsänen discovered that NBD incorrectly handled signals. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. (CVE-2015-0847) Update Instructions: Run `sudo pro fix USN-2676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nbd-client-udeb - 1:3.7-1ubuntu0.1 nbd-server - 1:3.7-1ubuntu0.1 nbd-client - 1:3.7-1ubuntu0.1 No subscription required Medium CVE-2013-6410 CVE-2013-7441 CVE-2015-0847 Ubuntu 14.04 LTS An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-1270) A use-after-free was discovered in the GPU process implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1272) A use-after-free was discovered in the IndexedDB implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1276) A use-after-free was discovered in the accessibility implemetation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1277) A memory corruption issue was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1280) It was discovered that Blink did not properly determine the V8 context of a microtask in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Content Security Policy (CSP) restrictions. (CVE-2015-1281) Multiple integer overflows were discovered in Expat. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1283) It was discovered that Blink did not enforce a page's maximum number of frames in some circumstances, resulting in a use-after-free. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1284) It was discovered that the XSS auditor in Blink did not properly choose a truncation point. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1285) An issue was discovered in the CSS implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1287) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1289) A use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1329) A crash was discovered in the regular expression implementation in V8 in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-5605) Update Instructions: Run `sudo pro fix USN-2677-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.8.4-0ubuntu0.14.04.2 liboxideqt-qmlplugin - 1.8.4-0ubuntu0.14.04.2 oxideqt-chromedriver - 1.8.4-0ubuntu0.14.04.2 oxideqt-codecs-extra - 1.8.4-0ubuntu0.14.04.2 oxideqmlscene - 1.8.4-0ubuntu0.14.04.2 oxideqt-codecs - 1.8.4-0ubuntu0.14.04.2 liboxideqtquick0 - 1.8.4-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-1270 CVE-2015-1272 CVE-2015-1276 CVE-2015-1277 CVE-2015-1280 CVE-2015-1281 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1287 CVE-2015-1289 CVE-2015-1329 CVE-2015-5605 https://launchpad.net/bugs/1466208 Ubuntu 14.04 LTS A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366) A double free flaw was discovered in the Linux kernel's path lookup. A local user could cause a denial of service (Oops). (CVE-2015-5706) Update Instructions: Run `sudo pro fix USN-2681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-58-powerpc64-smp - 3.13.0-58.97 linux-image-extra-3.13.0-58-generic - 3.13.0-58.97 linux-image-3.13.0-58-powerpc-e500 - 3.13.0-58.97 linux-image-3.13.0-58-generic - 3.13.0-58.97 linux-image-3.13.0-58-powerpc-smp - 3.13.0-58.97 linux-image-3.13.0-58-powerpc64-emb - 3.13.0-58.97 linux-image-3.13.0-58-generic-lpae - 3.13.0-58.97 linux-image-3.13.0-58-lowlatency - 3.13.0-58.97 linux-image-3.13.0-58-powerpc-e500mc - 3.13.0-58.97 No subscription required Medium CVE-2015-1805 CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5706 Ubuntu 14.04 LTS A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366) Update Instructions: Run `sudo pro fix USN-2682-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-44-generic-lpae - 3.16.0-44.59~14.04.1 linux-image-extra-3.16.0-44-generic - 3.16.0-44.59~14.04.1 linux-image-3.16.0-44-lowlatency - 3.16.0-44.59~14.04.1 linux-image-3.16.0-44-powerpc-e500mc - 3.16.0-44.59~14.04.1 linux-image-3.16.0-44-powerpc64-emb - 3.16.0-44.59~14.04.1 linux-image-3.16.0-44-powerpc64-smp - 3.16.0-44.59~14.04.1 linux-image-3.16.0-44-generic - 3.16.0-44.59~14.04.1 linux-image-3.16.0-44-powerpc-smp - 3.16.0-44.59~14.04.1 No subscription required Medium CVE-2015-4692 CVE-2015-5364 CVE-2015-5366 Ubuntu 14.04 LTS A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366) Update Instructions: Run `sudo pro fix USN-2683-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-23-powerpc64-smp - 3.19.0-23.24~14.04.1 linux-image-3.19.0-23-generic - 3.19.0-23.24~14.04.1 linux-image-extra-3.19.0-23-generic - 3.19.0-23.24~14.04.1 linux-image-3.19.0-23-powerpc64-emb - 3.19.0-23.24~14.04.1 linux-image-3.19.0-23-powerpc-smp - 3.19.0-23.24~14.04.1 linux-image-3.19.0-23-generic-lpae - 3.19.0-23.24~14.04.1 linux-image-3.19.0-23-lowlatency - 3.19.0-23.24~14.04.1 linux-image-3.19.0-23-powerpc-e500mc - 3.19.0-23.24~14.04.1 No subscription required Medium CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 Ubuntu 14.04 LTS It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3185) Update Instructions: Run `sudo pro fix USN-2686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.5 libapache2-mod-macro - 1:2.4.7-1ubuntu4.5 No subscription required apache2-data - 2.4.7-1ubuntu4.5 apache2.2-bin - 2.4.7-1ubuntu4.5 apache2-utils - 2.4.7-1ubuntu4.5 apache2-dev - 2.4.7-1ubuntu4.5 apache2-mpm-worker - 2.4.7-1ubuntu4.5 apache2-suexec-custom - 2.4.7-1ubuntu4.5 apache2-suexec - 2.4.7-1ubuntu4.5 apache2 - 2.4.7-1ubuntu4.5 apache2-suexec-pristine - 2.4.7-1ubuntu4.5 apache2-doc - 2.4.7-1ubuntu4.5 apache2-mpm-prefork - 2.4.7-1ubuntu4.5 apache2-mpm-itk - 2.4.7-1ubuntu4.5 apache2-mpm-event - 2.4.7-1ubuntu4.5 apache2-bin - 2.4.7-1ubuntu4.5 No subscription required Medium CVE-2015-3183 CVE-2015-3185 Ubuntu 14.04 LTS Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). (CVE-2015-1333) Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. (CVE-2015-3291) Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable interrupt) that interrupts userspace and encounters an IRET fault is incorrectly handled by the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (kernel OOPs), corruption, or potentially escalate privileges on the system. (CVE-2015-5157) Update Instructions: Run `sudo pro fix USN-2688-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-59-generic - 3.13.0-59.98 linux-image-3.13.0-59-powerpc-e500mc - 3.13.0-59.98 linux-image-3.13.0-59-lowlatency - 3.13.0-59.98 linux-image-3.13.0-59-powerpc-smp - 3.13.0-59.98 linux-image-3.13.0-59-powerpc-e500 - 3.13.0-59.98 linux-image-3.13.0-59-generic-lpae - 3.13.0-59.98 linux-image-3.13.0-59-powerpc64-smp - 3.13.0-59.98 linux-image-3.13.0-59-powerpc64-emb - 3.13.0-59.98 linux-image-extra-3.13.0-59-generic - 3.13.0-59.98 No subscription required High CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157 Ubuntu 14.04 LTS Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). (CVE-2015-1333) Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. (CVE-2015-3291) Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable interrupt) that interrupts userspace and encounters an IRET fault is incorrectly handled by the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (kernel OOPs), corruption, or potentially escalate privileges on the system. (CVE-2015-5157) Update Instructions: Run `sudo pro fix USN-2689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-45-powerpc64-smp - 3.16.0-45.60~14.04.1 linux-image-3.16.0-45-lowlatency - 3.16.0-45.60~14.04.1 linux-image-3.16.0-45-generic - 3.16.0-45.60~14.04.1 linux-image-3.16.0-45-powerpc-e500mc - 3.16.0-45.60~14.04.1 linux-image-3.16.0-45-powerpc64-emb - 3.16.0-45.60~14.04.1 linux-image-3.16.0-45-powerpc-smp - 3.16.0-45.60~14.04.1 linux-image-3.16.0-45-generic-lpae - 3.16.0-45.60~14.04.1 linux-image-extra-3.16.0-45-generic - 3.16.0-45.60~14.04.1 No subscription required High CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157 Ubuntu 14.04 LTS Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). (CVE-2015-1333) Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. (CVE-2015-3291) Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable interrupt) that interrupts userspace and encounters an IRET fault is incorrectly handled by the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (kernel OOPs), corruption, or potentially escalate privileges on the system. (CVE-2015-5157) Update Instructions: Run `sudo pro fix USN-2690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-25-generic - 3.19.0-25.26~14.04.1 linux-image-3.19.0-25-powerpc64-emb - 3.19.0-25.26~14.04.1 linux-image-3.19.0-25-lowlatency - 3.19.0-25.26~14.04.1 linux-image-extra-3.19.0-25-generic - 3.19.0-25.26~14.04.1 linux-image-3.19.0-25-powerpc64-smp - 3.19.0-25.26~14.04.1 linux-image-3.19.0-25-generic-lpae - 3.19.0-25.26~14.04.1 linux-image-3.19.0-25-powerpc-smp - 3.19.0-25.26~14.04.1 linux-image-3.19.0-25-powerpc-e500mc - 3.19.0-25.26~14.04.1 No subscription required High CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157 Ubuntu 14.04 LTS Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3214) Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5154) Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5158) Update Instructions: Run `sudo pro fix USN-2692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.15 qemu-user-static - 2.0.0+dfsg-2ubuntu1.15 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.15 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.15 qemu-kvm - 2.0.0+dfsg-2ubuntu1.15 qemu-user - 2.0.0+dfsg-2ubuntu1.15 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.15 qemu-system - 2.0.0+dfsg-2ubuntu1.15 qemu-utils - 2.0.0+dfsg-2ubuntu1.15 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.15 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.15 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.15 qemu-common - 2.0.0+dfsg-2ubuntu1.15 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.15 qemu - 2.0.0+dfsg-2ubuntu1.15 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.15 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.15 No subscription required Medium CVE-2015-3214 CVE-2015-5154 CVE-2015-5158 Ubuntu 14.04 LTS Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. (CVE-2015-5477) Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689) Update Instructions: Run `sudo pro fix USN-2693-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.4 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.4 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.4 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.4 bind9utils - 1:9.9.5.dfsg-3ubuntu0.4 libdns100 - 1:9.9.5.dfsg-3ubuntu0.4 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.4 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.4 host - 1:9.9.5.dfsg-3ubuntu0.4 lwresd - 1:9.9.5.dfsg-3ubuntu0.4 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.4 libisc95 - 1:9.9.5.dfsg-3ubuntu0.4 bind9 - 1:9.9.5.dfsg-3ubuntu0.4 bind9-host - 1:9.9.5.dfsg-3ubuntu0.4 No subscription required Medium CVE-2012-5689 CVE-2015-5477 Ubuntu 14.04 LTS Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964) Kai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326) Wen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210) It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073) Update Instructions: Run `sudo pro fix USN-2694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pcregrep - 1:8.31-2ubuntu2.1 libpcre3-dev - 1:8.31-2ubuntu2.1 libpcre3 - 1:8.31-2ubuntu2.1 libpcre3-udeb - 1:8.31-2ubuntu2.1 libpcrecpp0 - 1:8.31-2ubuntu2.1 No subscription required Medium CVE-2014-8964 CVE-2015-2325 CVE-2015-2326 CVE-2015-3210 CVE-2015-5073 Ubuntu 14.04 LTS Fernando Muñoz discovered that HTML Tidy incorrectly handled memory. If a user or automated system were tricked into processing specially crafted data, applications linked against HTML Tidy could be made to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2695-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tidy - 20091223cvs-1.2ubuntu1.1 libtidy-0.99-0 - 20091223cvs-1.2ubuntu1.1 libtidy-dev - 20091223cvs-1.2ubuntu1.1 tidy-doc - 20091223cvs-1.2ubuntu1.1 No subscription required Medium CVE-2015-5522 CVE-2015-5523 Ubuntu 14.04 LTS Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748) Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000, CVE-2015-2625, CVE-2015-2613) As a security improvement, this update modifies OpenJDK behavior to disable RC4 TLS/SSL cipher suites by default. As a security improvement, this update modifies OpenJDK behavior to reject DH key sizes below 768 bits by default, preventing a possible downgrade attack. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2621, CVE-2015-2632) A vulnerability was discovered with how the JNDI component of the OpenJDK JRE handles DNS resolutions. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749) Update Instructions: Run `sudo pro fix USN-2696-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-source - 7u79-2.5.6-0ubuntu1.14.04.1 icedtea-7-jre-jamvm - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-lib - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jdk - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-headless - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-doc - 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-demo - 7u79-2.5.6-0ubuntu1.14.04.1 No subscription required Medium CVE-2015-2808 CVE-2015-2625 CVE-2015-4760 CVE-2015-2601 CVE-2015-4748 CVE-2015-4749 CVE-2015-2613 CVE-2015-2621 CVE-2015-4000 CVE-2015-2628 CVE-2015-4731 CVE-2015-2590 CVE-2015-4732 CVE-2015-4733 CVE-2015-2632 CVE-2015-4000 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam Ubuntu 14.04 LTS William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2697-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.4 ghostscript-x - 9.10~dfsg-0ubuntu10.4 libgs-dev - 9.10~dfsg-0ubuntu10.4 ghostscript-doc - 9.10~dfsg-0ubuntu10.4 libgs9 - 9.10~dfsg-0ubuntu10.4 libgs9-common - 9.10~dfsg-0ubuntu10.4 No subscription required Medium CVE-2015-3228 Ubuntu 14.04 LTS It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7443) Michal Zalewski discovered that SQLite incorrectly handled dequoting of collation-sequence names. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3414) Michal Zalewski discovered that SQLite incorrectly implemented comparison operators. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3415) Michal Zalewski discovered that SQLite incorrectly handle printf precision and width values during floating-point conversions. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3416) Update Instructions: Run `sudo pro fix USN-2698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.8.2-1ubuntu2.1 sqlite3-doc - 3.8.2-1ubuntu2.1 libsqlite3-0 - 3.8.2-1ubuntu2.1 libsqlite3-tcl - 3.8.2-1ubuntu2.1 sqlite3 - 3.8.2-1ubuntu2.1 libsqlite3-dev - 3.8.2-1ubuntu2.1 No subscription required Medium CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 Ubuntu 14.04 LTS Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key with a duplicate short key id and perform a machine-in-the-middle attack on printer plugin installations. Update Instructions: Run `sudo pro fix USN-2699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hplip-gui - 3.14.3-0ubuntu3.4 hplip-doc - 3.14.3-0ubuntu3.4 printer-driver-postscript-hp - 3.14.3-0ubuntu3.4 printer-driver-hpijs - 3.14.3-0ubuntu3.4 hplip - 3.14.3-0ubuntu3.4 libhpmud-dev - 3.14.3-0ubuntu3.4 libhpmud0 - 3.14.3-0ubuntu3.4 hpijs-ppds - 3.14.3-0ubuntu3.4 hplip-data - 3.14.3-0ubuntu3.4 libsane-hpaio - 3.14.3-0ubuntu3.4 printer-driver-hpcups - 3.14.3-0ubuntu3.4 No subscription required Medium CVE-2015-0839 Ubuntu 14.04 LTS Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. (CVE-2015-3291) Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable interrupt) that interrupts userspace and encounters an IRET fault is incorrectly handled by the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (kernel OOPs), corruption, or potentially escalate privileges on the system. (CVE-2015-5157) Update Instructions: Run `sudo pro fix USN-2700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-61-generic - 3.13.0-61.100 linux-image-3.13.0-61-generic-lpae - 3.13.0-61.100 linux-image-3.13.0-61-lowlatency - 3.13.0-61.100 linux-image-3.13.0-61-powerpc-e500 - 3.13.0-61.100 linux-image-3.13.0-61-powerpc-e500mc - 3.13.0-61.100 linux-image-3.13.0-61-powerpc-smp - 3.13.0-61.100 linux-image-3.13.0-61-powerpc64-emb - 3.13.0-61.100 linux-image-3.13.0-61-powerpc64-smp - 3.13.0-61.100 linux-image-extra-3.13.0-61-generic - 3.13.0-61.100 No subscription required High CVE-2015-3290 CVE-2015-3291 CVE-2015-5157 Ubuntu 14.04 LTS Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) André Bargull discovered that non-configurable properties on javascript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylänki discovered a crash that occurs because javascript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491) Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492) Update Instructions: Run `sudo pro fix USN-2702-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-nn - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-nb - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-fa - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-fi - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-fr - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-fy - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-or - 40.0+build4-0ubuntu0.14.04.1 firefox-testsuite - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-oc - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-cs - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ga - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-gd - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-gl - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-gu - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-pa - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-pl - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-cy - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-pt - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-hi - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ms - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-he - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-hy - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-hr - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-hu - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-it - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-as - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ar - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-az - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-id - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-mai - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-af - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-is - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-vi - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-an - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-bs - 40.0+build4-0ubuntu0.14.04.1 firefox - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ro - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ja - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ru - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-br - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-zh-hant - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-zh-hans - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-bn - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-be - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-bg - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-sl - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-sk - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-si - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-sw - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-sv - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-sr - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-sq - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ko - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-kn - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-km - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-kk - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ka - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-xh - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ca - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ku - 40.0+build4-0ubuntu0.14.04.1 firefox-mozsymbols - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-lv - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-lt - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-th - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-hsb - 40.0+build4-0ubuntu0.14.04.1 firefox-dev - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-te - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ta - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-lg - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-tr - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-nso - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-de - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-da - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-uk - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-mr - 40.0+build4-0ubuntu0.14.04.1 firefox-globalmenu - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-uz - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ml - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-mn - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-mk - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-eu - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-et - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-es - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-csb - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-el - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-eo - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-en - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-zu - 40.0+build4-0ubuntu0.14.04.1 firefox-locale-ast - 40.0+build4-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 Ubuntu 14.04 LTS USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Original advisory details: Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) André Bargull discovered that non-configurable properties on javascript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylänki discovered a crash that occurs because javascript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491) Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492) Update Instructions: Run `sudo pro fix USN-2702-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubufox - 3.1-0ubuntu0.14.04.1 xul-ext-ubufox - 3.1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1483858 Ubuntu 14.04 LTS USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) André Bargull discovered that non-configurable properties on javascript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylänki discovered a crash that occurs because javascript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491) Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492) Update Instructions: Run `sudo pro fix USN-2702-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-nn - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-nb - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-fa - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-fi - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-fr - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-fy - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-or - 40.0+build4-0ubuntu0.14.04.4 firefox-testsuite - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-oc - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-cs - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ga - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-gd - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-gl - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-gu - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-pa - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-pl - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-cy - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-pt - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-hi - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ms - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-he - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-hy - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-hr - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-hu - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-it - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-as - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ar - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-az - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-id - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-mai - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-af - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-is - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-vi - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-an - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-bs - 40.0+build4-0ubuntu0.14.04.4 firefox - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ro - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ja - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ru - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-br - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-zh-hant - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-zh-hans - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-bn - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-be - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-bg - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-sl - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-sk - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-si - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-sw - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-sv - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-sr - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-sq - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ko - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-kn - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-km - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-kk - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ka - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-xh - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ca - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ku - 40.0+build4-0ubuntu0.14.04.4 firefox-mozsymbols - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-lv - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-lt - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-th - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-hsb - 40.0+build4-0ubuntu0.14.04.4 firefox-dev - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-te - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ta - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-lg - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-tr - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-nso - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-de - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-da - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-uk - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-mr - 40.0+build4-0ubuntu0.14.04.4 firefox-globalmenu - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-uz - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ml - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-mn - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-mk - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-eu - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-et - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-es - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-csb - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-el - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-eo - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-en - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-zu - 40.0+build4-0ubuntu0.14.04.4 firefox-locale-ast - 40.0+build4-0ubuntu0.14.04.4 No subscription required None https://launchpad.net/bugs/1485741 Ubuntu 14.04 LTS Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. (CVE-2014-7960) Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use this issue to delete objects. (CVE-2015-1856) Update Instructions: Run `sudo pro fix USN-2704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: swift-account - 1.13.1-0ubuntu1.2 python-swift - 1.13.1-0ubuntu1.2 swift-doc - 1.13.1-0ubuntu1.2 swift-proxy - 1.13.1-0ubuntu1.2 swift-container - 1.13.1-0ubuntu1.2 swift - 1.13.1-0ubuntu1.2 swift-object-expirer - 1.13.1-0ubuntu1.2 swift-object - 1.13.1-0ubuntu1.2 No subscription required Medium CVE-2014-7960 CVE-2015-1856 Ubuntu 14.04 LTS Qin Zhao discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct machine-in-the-middle attacks via a crafted certificate. (CVE-2014-7144) Brant Knudson discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct machine-in-the-middle attacks via a crafted certificate. (CVE-2015-1852) Update Instructions: Run `sudo pro fix USN-2705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-keystoneclient - 1:0.7.1-ubuntu1.2 No subscription required Medium CVE-2014-7144 CVE-2015-1852 Ubuntu 14.04 LTS Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files. (CVE-2015-4495) Update Instructions: Run `sudo pro fix USN-2707-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-nn - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-nb - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-fa - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-fi - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-fr - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-fy - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-or - 39.0.3+build2-0ubuntu0.14.04.1 firefox-testsuite - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-oc - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-cs - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ga - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-gd - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-gl - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-gu - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-pa - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-pl - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-cy - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-pt - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-hi - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ms - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-he - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-hy - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-hr - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-hu - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-it - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-as - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ar - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-az - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-id - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-mai - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-af - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-is - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-vi - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-an - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-bs - 39.0.3+build2-0ubuntu0.14.04.1 firefox - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ro - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ja - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ru - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-br - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-bn - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-be - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-bg - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-sl - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-sk - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-si - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-sw - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-sv - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-sr - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-sq - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ko - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-kn - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-km - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-kk - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ka - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-xh - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ca - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ku - 39.0.3+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-lv - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-lt - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-th - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 39.0.3+build2-0ubuntu0.14.04.1 firefox-dev - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-te - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ta - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-lg - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-tr - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-nso - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-de - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-da - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-uk - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-mr - 39.0.3+build2-0ubuntu0.14.04.1 firefox-globalmenu - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-uz - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ml - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-mn - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-mk - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-eu - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-et - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-es - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-csb - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-el - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-eo - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-en - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-zu - 39.0.3+build2-0ubuntu0.14.04.1 firefox-locale-ast - 39.0.3+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4495 Ubuntu 14.04 LTS The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the new certificate for the server. Update Instructions: Run `sudo pro fix USN-2709-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pollinate - 4.7-0ubuntu1.3 No subscription required None https://launchpad.net/bugs/1483762 Ubuntu 14.04 LTS USN-2709-1 updated pollinate's certificate for entropy.ubuntu.com but did not include a new certificate authority certificate. This update fixes the problem. We apologize for the inconvenience. Original advisory details: The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the new certificate for the server. Update Instructions: Run `sudo pro fix USN-2709-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pollinate - 4.7-0ubuntu1.4 No subscription required None https://launchpad.net/bugs/1506238 Ubuntu 14.04 LTS Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. (CVE number pending) Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. (CVE number pending) Jann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions. (CVE-2015-5352) It was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack. (CVE-2015-5600) Update Instructions: Run `sudo pro fix USN-2710-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.2 openssh-client - 1:6.6p1-2ubuntu2.2 openssh-server - 1:6.6p1-2ubuntu2.2 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.2 ssh - 1:6.6p1-2ubuntu2.2 ssh-krb5 - 1:6.6p1-2ubuntu2.2 openssh-client-udeb - 1:6.6p1-2ubuntu2.2 openssh-sftp-server - 1:6.6p1-2ubuntu2.2 No subscription required Low CVE-2015-5352 CVE-2015-5600 Ubuntu 14.04 LTS USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory details: Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. (CVE number pending) Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. (CVE number pending) Jann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions. (CVE-2015-5352) It was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack. (CVE-2015-5600) Update Instructions: Run `sudo pro fix USN-2710-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.3 openssh-client - 1:6.6p1-2ubuntu2.3 openssh-server - 1:6.6p1-2ubuntu2.3 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.3 ssh - 1:6.6p1-2ubuntu2.3 ssh-krb5 - 1:6.6p1-2ubuntu2.3 openssh-client-udeb - 1:6.6p1-2ubuntu2.3 openssh-sftp-server - 1:6.6p1-2ubuntu2.3 No subscription required None https://launchpad.net/bugs/1485719 Ubuntu 14.04 LTS It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565) Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5621) Update Instructions: Run `sudo pro fix USN-2711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsnmp-perl - 5.7.2~dfsg-8.1ubuntu3.1 libsnmp-dev - 5.7.2~dfsg-8.1ubuntu3.1 libsnmp-base - 5.7.2~dfsg-8.1ubuntu3.1 snmp - 5.7.2~dfsg-8.1ubuntu3.1 libsnmp30 - 5.7.2~dfsg-8.1ubuntu3.1 tkmib - 5.7.2~dfsg-8.1ubuntu3.1 snmpd - 5.7.2~dfsg-8.1ubuntu3.1 python-netsnmp - 5.7.2~dfsg-8.1ubuntu3.1 No subscription required Medium CVE-2014-3565 CVE-2015-5621 Ubuntu 14.04 LTS Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2015-4491) Update Instructions: Run `sudo pro fix USN-2712-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.2.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.2.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.2.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.2.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 Ubuntu 14.04 LTS Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2716-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-62-powerpc64-smp - 3.13.0-62.102 linux-image-3.13.0-62-lowlatency - 3.13.0-62.102 linux-image-3.13.0-62-powerpc64-emb - 3.13.0-62.102 linux-image-3.13.0-62-powerpc-smp - 3.13.0-62.102 linux-image-3.13.0-62-powerpc-e500mc - 3.13.0-62.102 linux-image-3.13.0-62-generic-lpae - 3.13.0-62.102 linux-image-3.13.0-62-powerpc-e500 - 3.13.0-62.102 linux-image-3.13.0-62-generic - 3.13.0-62.102 linux-image-extra-3.13.0-62-generic - 3.13.0-62.102 No subscription required Medium CVE-2015-3212 Ubuntu 14.04 LTS Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-46-powerpc64-smp - 3.16.0-46.62~14.04.1 linux-image-3.16.0-46-lowlatency - 3.16.0-46.62~14.04.1 linux-image-3.16.0-46-generic - 3.16.0-46.62~14.04.1 linux-image-3.16.0-46-generic-lpae - 3.16.0-46.62~14.04.1 linux-image-3.16.0-46-powerpc-e500mc - 3.16.0-46.62~14.04.1 linux-image-3.16.0-46-powerpc64-emb - 3.16.0-46.62~14.04.1 linux-image-3.16.0-46-powerpc-smp - 3.16.0-46.62~14.04.1 linux-image-extra-3.16.0-46-generic - 3.16.0-46.62~14.04.1 No subscription required Medium CVE-2015-3212 Ubuntu 14.04 LTS Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2718-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-26-generic-lpae - 3.19.0-26.28~14.04.1 linux-image-3.19.0-26-lowlatency - 3.19.0-26.28~14.04.1 linux-image-3.19.0-26-generic - 3.19.0-26.28~14.04.1 linux-image-3.19.0-26-powerpc64-emb - 3.19.0-26.28~14.04.1 linux-image-extra-3.19.0-26-generic - 3.19.0-26.28~14.04.1 linux-image-3.19.0-26-powerpc-smp - 3.19.0-26.28~14.04.1 linux-image-3.19.0-26-powerpc64-smp - 3.19.0-26.28~14.04.1 linux-image-3.19.0-26-powerpc-e500mc - 3.19.0-26.28~14.04.1 No subscription required Medium CVE-2015-3212 Ubuntu 14.04 LTS Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2720-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.10 python-django - 1.6.1-2ubuntu0.10 No subscription required Medium CVE-2015-5963 CVE-2015-5964 Ubuntu 14.04 LTS It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187) Update Instructions: Run `sudo pro fix USN-2721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.8.8-1ubuntu3.2 ruby-svn - 1.8.8-1ubuntu3.2 subversion-tools - 1.8.8-1ubuntu3.2 libapache2-svn - 1.8.8-1ubuntu3.2 libapache2-mod-svn - 1.8.8-1ubuntu3.2 python-subversion - 1.8.8-1ubuntu3.2 libsvn-java - 1.8.8-1ubuntu3.2 subversion - 1.8.8-1ubuntu3.2 libsvn-doc - 1.8.8-1ubuntu3.2 libsvn1 - 1.8.8-1ubuntu3.2 libsvn-perl - 1.8.8-1ubuntu3.2 libsvn-ruby1.8 - 1.8.8-1ubuntu3.2 No subscription required Medium CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 Ubuntu 14.04 LTS Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.30.7-0ubuntu1.1 libgdk-pixbuf2.0-common - 2.30.7-0ubuntu1.1 libgdk-pixbuf2.0-dev - 2.30.7-0ubuntu1.1 libgdk-pixbuf2.0-0-udeb - 2.30.7-0ubuntu1.1 libgdk-pixbuf2.0-doc - 2.30.7-0ubuntu1.1 gir1.2-gdkpixbuf-2.0 - 2.30.7-0ubuntu1.1 No subscription required Medium CVE-2015-4491 Ubuntu 14.04 LTS A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4497) Bas Venis discovered that the addon install permission prompt could be bypassed using data: URLs in some circumstances. It was also discovered that the installation notification could be made to appear over another site. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to install a malicious addon. (CVE-2015-4498) Update Instructions: Run `sudo pro fix USN-2723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nn - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nb - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fa - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fi - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fr - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fy - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-or - 40.0.3+build1-0ubuntu0.14.04.1 firefox-testsuite - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-oc - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cs - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ga - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gd - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gl - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gu - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pa - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pl - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cy - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pt - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hi - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ms - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-he - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hy - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hr - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hu - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-it - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-as - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ar - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-az - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-id - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mai - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-af - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-is - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-vi - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-an - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bs - 40.0.3+build1-0ubuntu0.14.04.1 firefox - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ro - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ja - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ru - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-br - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bn - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-be - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bg - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sl - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sk - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-si - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sw - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sv - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sr - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sq - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ko - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kn - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-km - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kk - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ka - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-xh - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ca - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ku - 40.0.3+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lv - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lt - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-th - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 40.0.3+build1-0ubuntu0.14.04.1 firefox-dev - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-te - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ta - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lg - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-tr - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nso - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-de - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-da - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uk - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mr - 40.0.3+build1-0ubuntu0.14.04.1 firefox-globalmenu - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uz - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ml - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mn - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mk - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eu - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-et - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-es - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-csb - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-el - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eo - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-en - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zu - 40.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ast - 40.0.3+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4497 CVE-2015-4498 Ubuntu 14.04 LTS It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9718) Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory. (CVE-2015-5165) Donghai Zhu discovered that QEMU incorrectly handled unplugging emulated block devices. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5166) Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in the VNC display driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5225) It was discovered that QEMU incorrectly handled the virtio-serial device. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-5745) Update Instructions: Run `sudo pro fix USN-2724-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.17 qemu-user-static - 2.0.0+dfsg-2ubuntu1.17 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.17 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.17 qemu-kvm - 2.0.0+dfsg-2ubuntu1.17 qemu-user - 2.0.0+dfsg-2ubuntu1.17 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.17 qemu-system - 2.0.0+dfsg-2ubuntu1.17 qemu-utils - 2.0.0+dfsg-2ubuntu1.17 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.17 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.17 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.17 qemu-common - 2.0.0+dfsg-2ubuntu1.17 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.17 qemu - 2.0.0+dfsg-2ubuntu1.17 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.17 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.17 No subscription required Medium CVE-2014-9718 CVE-2015-5165 CVE-2015-5166 CVE-2015-5225 CVE-2015-5745 Ubuntu 14.04 LTS It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2726-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-4ubuntu1.1 expat - 2.1.0-4ubuntu1.1 libexpat1-dev - 2.1.0-4ubuntu1.1 lib64expat1-dev - 2.1.0-4ubuntu1.1 libexpat1-udeb - 2.1.0-4ubuntu1.1 lib64expat1 - 2.1.0-4ubuntu1.1 No subscription required Medium CVE-2015-1283 Ubuntu 14.04 LTS Hanno Böck discovered that Bind incorrectly handled certain malformed keys when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2728-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.5 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.5 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.5 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.5 bind9utils - 1:9.9.5.dfsg-3ubuntu0.5 libdns100 - 1:9.9.5.dfsg-3ubuntu0.5 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.5 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.5 host - 1:9.9.5.dfsg-3ubuntu0.5 lwresd - 1:9.9.5.dfsg-3ubuntu0.5 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.5 libisc95 - 1:9.9.5.dfsg-3ubuntu0.5 bind9 - 1:9.9.5.dfsg-3ubuntu0.5 bind9-host - 1:9.9.5.dfsg-3ubuntu0.5 No subscription required Medium CVE-2015-5722 Ubuntu 14.04 LTS Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges. Update Instructions: Run `sudo pro fix USN-2729-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvdpau-dev - 0.7-1ubuntu0.1 libvdpau1 - 0.7-1ubuntu0.1 libvdpau-doc - 0.7-1ubuntu0.1 No subscription required Medium CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 Ubuntu 14.04 LTS Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177) Update Instructions: Run `sudo pro fix USN-2730-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslp-dev - 1.2.1-9ubuntu0.2 openslp-doc - 1.2.1-9ubuntu0.2 slptool - 1.2.1-9ubuntu0.2 slpd - 1.2.1-9ubuntu0.2 libslp1 - 1.2.1-9ubuntu0.2 No subscription required Medium CVE-2012-4428 CVE-2015-5177 Ubuntu 14.04 LTS It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Update Instructions: Run `sudo pro fix USN-2734-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-63-powerpc64-emb - 3.13.0-63.103 linux-image-3.13.0-63-lowlatency - 3.13.0-63.103 linux-image-3.13.0-63-generic - 3.13.0-63.103 linux-image-extra-3.13.0-63-generic - 3.13.0-63.103 linux-image-3.13.0-63-generic-lpae - 3.13.0-63.103 linux-image-3.13.0-63-powerpc-e500mc - 3.13.0-63.103 linux-image-3.13.0-63-powerpc-e500 - 3.13.0-63.103 linux-image-3.13.0-63-powerpc64-smp - 3.13.0-63.103 linux-image-3.13.0-63-powerpc-smp - 3.13.0-63.103 No subscription required Medium CVE-2015-5707 Ubuntu 14.04 LTS It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. (CVE-2015-1291) An issue was discovered in NavigatorServiceWorker::serviceWorker in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1292) An issue was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1293) A use-after-free was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1294) A use-after-free was discovered in the shared-timer implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1299) It was discovered that the availability of iframe Resource Timing API times was not properly restricted in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1300) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1301) A heap corruption issue was discovered in oxide::JavaScriptDialogManager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1332) Update Instructions: Run `sudo pro fix USN-2735-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.9.1-0ubuntu0.14.04.2 liboxideqt-qmlplugin - 1.9.1-0ubuntu0.14.04.2 oxideqt-chromedriver - 1.9.1-0ubuntu0.14.04.2 oxideqt-codecs-extra - 1.9.1-0ubuntu0.14.04.2 oxideqmlscene - 1.9.1-0ubuntu0.14.04.2 oxideqt-codecs - 1.9.1-0ubuntu0.14.04.2 liboxideqtquick0 - 1.9.1-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 CVE-2015-1332 https://launchpad.net/bugs/1470905 Ubuntu 14.04 LTS Frediano Ziglio discovered that Spice incorrectly handled monitor configs. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Update Instructions: Run `sudo pro fix USN-2736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.1 libspice-server1 - 0.12.4-0nocelt2ubuntu1.1 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.1 No subscription required Medium CVE-2015-3247 Ubuntu 14.04 LTS It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Update Instructions: Run `sudo pro fix USN-2737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-28-lowlatency - 3.19.0-28.30~14.04.1 linux-image-3.19.0-28-powerpc64-emb - 3.19.0-28.30~14.04.1 linux-image-3.19.0-28-powerpc-smp - 3.19.0-28.30~14.04.1 linux-image-3.19.0-28-generic-lpae - 3.19.0-28.30~14.04.1 linux-image-3.19.0-28-generic - 3.19.0-28.30~14.04.1 linux-image-extra-3.19.0-28-generic - 3.19.0-28.30~14.04.1 linux-image-3.19.0-28-powerpc-e500mc - 3.19.0-28.30~14.04.1 linux-image-3.19.0-28-powerpc64-smp - 3.19.0-28.30~14.04.1 No subscription required Medium CVE-2015-5707 Ubuntu 14.04 LTS It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory. Update Instructions: Run `sudo pro fix USN-2739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.5 libfreetype6-udeb - 2.5.2-1ubuntu2.5 freetype2-demos - 2.5.2-1ubuntu2.5 libfreetype6 - 2.5.2-1ubuntu2.5 No subscription required Low CVE-2014-9745 https://launchpad.net/bugs/1449225 Ubuntu 14.04 LTS Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. (CVE-2015-1270) It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-2632, CVE-2015-4760) Update Instructions: Run `sudo pro fix USN-2740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.4 libicu52 - 52.1-3ubuntu0.4 libicu-dev - 52.1-3ubuntu0.4 icu-doc - 52.1-3ubuntu0.4 No subscription required Medium CVE-2015-1270 CVE-2015-2632 CVE-2015-4760 Ubuntu 14.04 LTS It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session. Update Instructions: Run `sudo pro fix USN-2741-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unity-settings-daemon - 14.04.0+14.04.20150825-0ubuntu2 unity-settings-daemon-dev - 14.04.0+14.04.20150825-0ubuntu2 No subscription required Medium CVE-2015-1319 Ubuntu 14.04 LTS Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908) Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. (CVE-2014-9713) Update Instructions: Run `sudo pro fix USN-2742-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.2 libldap2-dev - 2.4.31-1+nmu2ubuntu8.2 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.2 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.2 slapd - 2.4.31-1+nmu2ubuntu8.2 No subscription required Medium CVE-2014-9713 CVE-2015-6908 Ubuntu 14.04 LTS Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) André Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Gröbert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520) Update Instructions: Run `sudo pro fix USN-2743-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-nn - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-nb - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-fa - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-fi - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-fr - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-fy - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-or - 41.0+build3-0ubuntu0.14.04.1 firefox-testsuite - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-oc - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-cs - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ga - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-gd - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-gl - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-gu - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-pa - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-pl - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-cy - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-pt - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-hi - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ms - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-he - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-hy - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-hr - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-hu - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-it - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-as - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ar - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-az - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-id - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-mai - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-af - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-is - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-vi - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-an - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-bs - 41.0+build3-0ubuntu0.14.04.1 firefox - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ro - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ja - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ru - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-br - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-bn - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-be - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-bg - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-sl - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-sk - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-si - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-sw - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-sv - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-sr - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-sq - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ko - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-kn - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-km - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-kk - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ka - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-xh - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ca - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ku - 41.0+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-lv - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-lt - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-th - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 41.0+build3-0ubuntu0.14.04.1 firefox-dev - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-te - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ta - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-lg - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-tr - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-nso - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-de - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-da - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-uk - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-mr - 41.0+build3-0ubuntu0.14.04.1 firefox-globalmenu - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-uz - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ml - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-mn - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-mk - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-eu - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-et - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-es - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-csb - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-el - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-eo - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-en - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-zu - 41.0+build3-0ubuntu0.14.04.1 firefox-locale-ast - 41.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4504 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4512 CVE-2015-4516 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Ubuntu 14.04 LTS USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) André Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Gröbert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520) Update Instructions: Run `sudo pro fix USN-2743-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubufox - 3.2-0ubuntu0.14.04.1 xul-ext-ubufox - 3.2-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1498681 Ubuntu 14.04 LTS USN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be signed and unity-firefox-extension, webapps-greasemonkey and webaccounts-browser-extension will not go through the signing process. Because these addons currently break search engine installations (LP: #1069793), this update permanently disables the addons by removing them from the system. We apologize for any inconvenience. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) André Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Gröbert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520) Update Instructions: Run `sudo pro fix USN-2743-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: webaccounts-chromium-extension - 0.5-0ubuntu2.14.04.1 webaccounts-extension-common - 0.5-0ubuntu2.14.04.1 xul-ext-webaccounts - 0.5-0ubuntu2.14.04.1 No subscription required xul-ext-websites-integration - 2.3.6+13.10.20130920.1-0ubuntu1.2 No subscription required libufe-xidgetter0 - 3.0.0+14.04.20140416-0ubuntu1.14.04.1 xul-ext-unity - 3.0.0+14.04.20140416-0ubuntu1.14.04.1 No subscription required None https://launchpad.net/bugs/1498681 https://launchpad.net/bugs/1069793 Ubuntu 14.04 LTS USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) André Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Gröbert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520) Update Instructions: Run `sudo pro fix USN-2743-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 41.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 41.0.1+build2-0ubuntu0.14.04.1 firefox - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 41.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 41.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 41.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 41.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 41.0.1+build2-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1501277 Ubuntu 14.04 LTS Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service. Update Instructions: Run `sudo pro fix USN-2744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.15 python3-problem-report - 2.14.1-0ubuntu3.15 apport-kde - 2.14.1-0ubuntu3.15 apport-retrace - 2.14.1-0ubuntu3.15 apport-valgrind - 2.14.1-0ubuntu3.15 python3-apport - 2.14.1-0ubuntu3.15 dh-apport - 2.14.1-0ubuntu3.15 apport-gtk - 2.14.1-0ubuntu3.15 apport - 2.14.1-0ubuntu3.15 python-problem-report - 2.14.1-0ubuntu3.15 apport-noui - 2.14.1-0ubuntu3.15 No subscription required Medium CVE-2015-1338 Ubuntu 14.04 LTS Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-5239) Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. (CVE-2015-5278) Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5279) Qinghao Tang discovered that QEMU incorrectly handled transmit descriptor data when sending network packets. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. (CVE-2015-6815) Qinghao Tang discovered that QEMU incorrectly handled ATAPI command permissions. A malicious guest could use this issue to cause the QEMU process to crash, resulting in a denial of service. (CVE-2015-6855) Update Instructions: Run `sudo pro fix USN-2745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.19 qemu-user-static - 2.0.0+dfsg-2ubuntu1.19 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.19 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.19 qemu-kvm - 2.0.0+dfsg-2ubuntu1.19 qemu-user - 2.0.0+dfsg-2ubuntu1.19 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.19 qemu-system - 2.0.0+dfsg-2ubuntu1.19 qemu-utils - 2.0.0+dfsg-2ubuntu1.19 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.19 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.19 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.19 qemu-common - 2.0.0+dfsg-2ubuntu1.19 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.19 qemu - 2.0.0+dfsg-2ubuntu1.19 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.19 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.19 No subscription required Medium CVE-2015-5239 CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855 Ubuntu 14.04 LTS It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a machine-in-the-middle attack and inject malicious content into the stream. Update Instructions: Run `sudo pro fix USN-2746-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-simplestreams - 0.1.0~bzr341-0ubuntu2.2 simplestreams - 0.1.0~bzr341-0ubuntu2.2 python-simplestreams-openstack - 0.1.0~bzr341-0ubuntu2.2 python3-simplestreams - 0.1.0~bzr341-0ubuntu2.2 No subscription required Medium CVE-2015-1337 Ubuntu 14.04 LTS USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a machine-in-the-middle attack and inject malicious content into the stream. Update Instructions: Run `sudo pro fix USN-2746-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-simplestreams - 0.1.0~bzr341-0ubuntu2.3 simplestreams - 0.1.0~bzr341-0ubuntu2.3 python-simplestreams-openstack - 0.1.0~bzr341-0ubuntu2.3 python3-simplestreams - 0.1.0~bzr341-0ubuntu2.3 No subscription required None https://launchpad.net/bugs/1499749 Ubuntu 14.04 LTS Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges. Update Instructions: Run `sudo pro fix USN-2747-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.128-0ubuntu0.0.1 libcuda1-304 - 304.128-0ubuntu0.0.1 nvidia-current-updates-dev - 304.128-0ubuntu0.0.1 nvidia-libopencl1-304-updates - 304.128-0ubuntu0.0.1 nvidia-304-updates - 304.128-0ubuntu0.0.1 nvidia-304 - 304.128-0ubuntu0.0.1 nvidia-current - 304.128-0ubuntu0.0.1 nvidia-304-updates-dev - 304.128-0ubuntu0.0.1 nvidia-experimental-304-dev - 304.128-0ubuntu0.0.1 nvidia-current-updates - 304.128-0ubuntu0.0.1 nvidia-304-dev - 304.128-0ubuntu0.0.1 libcuda1-304-updates - 304.128-0ubuntu0.0.1 nvidia-libopencl1-304 - 304.128-0ubuntu0.0.1 nvidia-opencl-icd-304-updates - 304.128-0ubuntu0.0.1 nvidia-opencl-icd-304 - 304.128-0ubuntu0.0.1 nvidia-experimental-304 - 304.128-0ubuntu0.0.1 No subscription required nvidia-331 - 340.93-0ubuntu0.0.1 nvidia-opencl-icd-331 - 340.93-0ubuntu0.0.1 nvidia-opencl-icd-340-updates - 340.93-0ubuntu0.0.1 libcuda1-340 - 340.93-0ubuntu0.0.1 nvidia-340-updates - 340.93-0ubuntu0.0.1 nvidia-331-updates - 340.93-0ubuntu0.0.1 nvidia-340-updates-dev - 340.93-0ubuntu0.0.1 nvidia-340-updates-uvm - 340.93-0ubuntu0.0.1 nvidia-opencl-icd-331-updates - 340.93-0ubuntu0.0.1 nvidia-340-dev - 340.93-0ubuntu0.0.1 libcuda1-331-updates - 340.93-0ubuntu0.0.1 nvidia-libopencl1-331 - 340.93-0ubuntu0.0.1 nvidia-340 - 340.93-0ubuntu0.0.1 nvidia-opencl-icd-340 - 340.93-0ubuntu0.0.1 nvidia-340-uvm - 340.93-0ubuntu0.0.1 libcuda1-340-updates - 340.93-0ubuntu0.0.1 libcuda1-331 - 340.93-0ubuntu0.0.1 nvidia-331-updates-dev - 340.93-0ubuntu0.0.1 nvidia-331-dev - 340.93-0ubuntu0.0.1 nvidia-331-updates-uvm - 340.93-0ubuntu0.0.1 nvidia-libopencl1-340 - 340.93-0ubuntu0.0.1 nvidia-libopencl1-331-updates - 340.93-0ubuntu0.0.1 nvidia-libopencl1-340-updates - 340.93-0ubuntu0.0.1 nvidia-331-uvm - 340.93-0ubuntu0.0.1 No subscription required libcuda1-346 - 346.96-0ubuntu0.0.1 nvidia-346-uvm - 346.96-0ubuntu0.0.1 nvidia-opencl-icd-346 - 346.96-0ubuntu0.0.1 nvidia-346 - 346.96-0ubuntu0.0.1 nvidia-opencl-icd-346-updates - 346.96-0ubuntu0.0.1 nvidia-libopencl1-346-updates - 346.96-0ubuntu0.0.1 nvidia-346-updates - 346.96-0ubuntu0.0.1 nvidia-libopencl1-346 - 346.96-0ubuntu0.0.1 nvidia-346-updates-dev - 346.96-0ubuntu0.0.1 nvidia-346-dev - 346.96-0ubuntu0.0.1 nvidia-346-updates-uvm - 346.96-0ubuntu0.0.1 libcuda1-346-updates - 346.96-0ubuntu0.0.1 No subscription required Medium CVE-2015-5950 Ubuntu 14.04 LTS Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-André Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252) Update Instructions: Run `sudo pro fix USN-2748-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-65-powerpc-e500 - 3.13.0-65.105 linux-image-3.13.0-65-powerpc64-smp - 3.13.0-65.105 linux-image-3.13.0-65-powerpc-smp - 3.13.0-65.105 linux-image-extra-3.13.0-65-generic - 3.13.0-65.105 linux-image-3.13.0-65-powerpc64-emb - 3.13.0-65.105 linux-image-3.13.0-65-generic - 3.13.0-65.105 linux-image-3.13.0-65-generic-lpae - 3.13.0-65.105 linux-image-3.13.0-65-powerpc-e500mc - 3.13.0-65.105 linux-image-3.13.0-65-lowlatency - 3.13.0-65.105 No subscription required Medium CVE-2015-5697 CVE-2015-6252 Ubuntu 14.04 LTS It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Update Instructions: Run `sudo pro fix USN-2750-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-50-powerpc64-emb - 3.16.0-50.66~14.04.1 linux-image-3.16.0-50-generic - 3.16.0-50.66~14.04.1 linux-image-3.16.0-50-lowlatency - 3.16.0-50.66~14.04.1 linux-image-3.16.0-50-powerpc64-smp - 3.16.0-50.66~14.04.1 linux-image-3.16.0-50-powerpc-smp - 3.16.0-50.66~14.04.1 linux-image-3.16.0-50-powerpc-e500mc - 3.16.0-50.66~14.04.1 linux-image-extra-3.16.0-50-generic - 3.16.0-50.66~14.04.1 linux-image-3.16.0-50-generic-lpae - 3.16.0-50.66~14.04.1 No subscription required Medium CVE-2015-5707 Ubuntu 14.04 LTS Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-André Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252) Update Instructions: Run `sudo pro fix USN-2751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-30-powerpc64-smp - 3.19.0-30.33~14.04.1 linux-image-3.19.0-30-generic - 3.19.0-30.33~14.04.1 linux-image-3.19.0-30-powerpc-smp - 3.19.0-30.33~14.04.1 linux-image-3.19.0-30-powerpc64-emb - 3.19.0-30.33~14.04.1 linux-image-3.19.0-30-generic-lpae - 3.19.0-30.33~14.04.1 linux-image-extra-3.19.0-30-generic - 3.19.0-30.33~14.04.1 linux-image-3.19.0-30-lowlatency - 3.19.0-30.33~14.04.1 linux-image-3.19.0-30-powerpc-e500mc - 3.19.0-30.33~14.04.1 No subscription required Medium CVE-2015-5697 CVE-2015-6252 Ubuntu 14.04 LTS Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Update Instructions: Run `sudo pro fix USN-2753-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.7-0ubuntu0.5 liblxc1 - 1.0.7-0ubuntu0.5 lxc-templates - 1.0.7-0ubuntu0.5 python3-lxc - 1.0.7-0ubuntu0.5 lxc - 1.0.7-0ubuntu0.5 lxc-tests - 1.0.7-0ubuntu0.5 No subscription required Medium CVE-2015-1335 Ubuntu 14.04 LTS USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had an absolute path specified as a bind mount target in their configuration file. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Update Instructions: Run `sudo pro fix USN-2753-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.7-0ubuntu0.6 liblxc1 - 1.0.7-0ubuntu0.6 lxc-templates - 1.0.7-0ubuntu0.6 python3-lxc - 1.0.7-0ubuntu0.6 lxc - 1.0.7-0ubuntu0.6 lxc-tests - 1.0.7-0ubuntu0.6 No subscription required None https://launchpad.net/bugs/1501310 Ubuntu 14.04 LTS USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a '/./' directory specified as a bind mount target in their configuration file. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Update Instructions: Run `sudo pro fix USN-2753-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.7-0ubuntu0.7 liblxc1 - 1.0.7-0ubuntu0.7 lxc-templates - 1.0.7-0ubuntu0.7 python3-lxc - 1.0.7-0ubuntu0.7 lxc - 1.0.7-0ubuntu0.7 lxc-tests - 1.0.7-0ubuntu0.7 No subscription required None https://launchpad.net/bugs/1501491 Ubuntu 14.04 LTS Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4500) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4506) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4509) Atte Kettunen discovered a buffer overflow in the nestegg library when decoding WebM format video in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4511) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520) Update Instructions: Run `sudo pro fix USN-2754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.3.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.3.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.3.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4500 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Ubuntu 14.04 LTS It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.1-2ubuntu2.2 No subscription required Medium CVE-2015-7236 Ubuntu 14.04 LTS Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same-origin restrictions. (CVE-2015-1303, CVE-2015-1304) Update Instructions: Run `sudo pro fix USN-2757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.9.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.9.5-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.9.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.9.5-0ubuntu0.14.04.1 oxideqmlscene - 1.9.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.9.5-0ubuntu0.14.04.1 liboxideqtquick0 - 1.9.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-1303 CVE-2015-1304 Ubuntu 14.04 LTS It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-5589) It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5590) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6831, CVE-2015-6834, CVE-2015-6835 Sean Heelan discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6832) It was discovered that the PHP phar extension incorrectly handled certain archives. A remote attacker could use this issue to cause files to be placed outside of the destination directory. (CVE-2015-6833) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6836) It was discovered that the PHP XSLTProcessor class incorrectly handled certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-6837) Update Instructions: Run `sudo pro fix USN-2758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.13 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.13 php5-curl - 5.5.9+dfsg-1ubuntu4.13 php5-intl - 5.5.9+dfsg-1ubuntu4.13 php5-snmp - 5.5.9+dfsg-1ubuntu4.13 php5-mysql - 5.5.9+dfsg-1ubuntu4.13 php5-odbc - 5.5.9+dfsg-1ubuntu4.13 php5-xsl - 5.5.9+dfsg-1ubuntu4.13 php5-gd - 5.5.9+dfsg-1ubuntu4.13 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.13 php5-tidy - 5.5.9+dfsg-1ubuntu4.13 php5-dev - 5.5.9+dfsg-1ubuntu4.13 php5-pgsql - 5.5.9+dfsg-1ubuntu4.13 php5-enchant - 5.5.9+dfsg-1ubuntu4.13 php5-readline - 5.5.9+dfsg-1ubuntu4.13 php5-gmp - 5.5.9+dfsg-1ubuntu4.13 php5-fpm - 5.5.9+dfsg-1ubuntu4.13 php5-cgi - 5.5.9+dfsg-1ubuntu4.13 php5-sqlite - 5.5.9+dfsg-1ubuntu4.13 php5-ldap - 5.5.9+dfsg-1ubuntu4.13 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.13 php5 - 5.5.9+dfsg-1ubuntu4.13 php5-cli - 5.5.9+dfsg-1ubuntu4.13 php-pear - 5.5.9+dfsg-1ubuntu4.13 php5-sybase - 5.5.9+dfsg-1ubuntu4.13 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.13 php5-pspell - 5.5.9+dfsg-1ubuntu4.13 php5-common - 5.5.9+dfsg-1ubuntu4.13 libphp5-embed - 5.5.9+dfsg-1ubuntu4.13 No subscription required Medium CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-65-powerpc-e500 - 3.13.0-65.106 linux-image-3.13.0-65-powerpc64-smp - 3.13.0-65.106 linux-image-3.13.0-65-powerpc-smp - 3.13.0-65.106 linux-image-extra-3.13.0-65-generic - 3.13.0-65.106 linux-image-3.13.0-65-powerpc64-emb - 3.13.0-65.106 linux-image-3.13.0-65-generic - 3.13.0-65.106 linux-image-3.13.0-65-generic-lpae - 3.13.0-65.106 linux-image-3.13.0-65-powerpc-e500mc - 3.13.0-65.106 linux-image-3.13.0-65-lowlatency - 3.13.0-65.106 No subscription required High CVE-2015-7613 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-50-powerpc64-emb - 3.16.0-50.67~14.04.1 linux-image-3.16.0-50-generic - 3.16.0-50.67~14.04.1 linux-image-3.16.0-50-lowlatency - 3.16.0-50.67~14.04.1 linux-image-3.16.0-50-powerpc64-smp - 3.16.0-50.67~14.04.1 linux-image-3.16.0-50-powerpc-smp - 3.16.0-50.67~14.04.1 linux-image-3.16.0-50-powerpc-e500mc - 3.16.0-50.67~14.04.1 linux-image-extra-3.16.0-50-generic - 3.16.0-50.67~14.04.1 linux-image-3.16.0-50-generic-lpae - 3.16.0-50.67~14.04.1 No subscription required High CVE-2015-7613 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-30-powerpc64-smp - 3.19.0-30.34~14.04.1 linux-image-3.19.0-30-generic - 3.19.0-30.34~14.04.1 linux-image-3.19.0-30-powerpc-smp - 3.19.0-30.34~14.04.1 linux-image-3.19.0-30-powerpc64-emb - 3.19.0-30.34~14.04.1 linux-image-3.19.0-30-generic-lpae - 3.19.0-30.34~14.04.1 linux-image-extra-3.19.0-30-generic - 3.19.0-30.34~14.04.1 linux-image-3.19.0-30-lowlatency - 3.19.0-30.34~14.04.1 linux-image-3.19.0-30-powerpc-e500mc - 3.19.0-30.34~14.04.1 No subscription required High CVE-2015-7613 Ubuntu 14.04 LTS Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. (CVE-2015-5260, CVE-2015-5261) Update Instructions: Run `sudo pro fix USN-2766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.2 libspice-server1 - 0.12.4-0nocelt2ubuntu1.2 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.2 No subscription required Medium CVE-2015-5260 CVE-2015-5261 Ubuntu 14.04 LTS Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7673) Gustavo Grieco discovered that the GDK-PixBuf library contained an integer overflow when handling certain GIF images. If a user or automated system were tricked into opening a GIF image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7674) Update Instructions: Run `sudo pro fix USN-2767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.30.7-0ubuntu1.2 libgdk-pixbuf2.0-common - 2.30.7-0ubuntu1.2 libgdk-pixbuf2.0-dev - 2.30.7-0ubuntu1.2 libgdk-pixbuf2.0-0-udeb - 2.30.7-0ubuntu1.2 libgdk-pixbuf2.0-doc - 2.30.7-0ubuntu1.2 gir1.2-gdkpixbuf-2.0 - 2.30.7-0ubuntu1.2 No subscription required Medium CVE-2015-7673 CVE-2015-7674 Ubuntu 14.04 LTS Abdulrahman Alqabandi and Ben Kelly discovered that the fetch() API did not correctly implement the Cross Origin Resource Sharing (CORS) specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2015-7184) Update Instructions: Run `sudo pro fix USN-2768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-nn - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-nb - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fa - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fi - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fr - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fy - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-or - 41.0.2+build2-0ubuntu0.14.04.1 firefox-testsuite - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-oc - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-cs - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ga - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gd - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gl - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gu - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-pa - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-pl - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-cy - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-pt - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hi - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ms - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-he - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hy - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hr - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hu - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-it - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-as - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ar - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-az - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-id - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mai - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-af - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-is - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-vi - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-an - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-bs - 41.0.2+build2-0ubuntu0.14.04.1 firefox - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ro - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ja - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ru - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-br - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-bn - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-be - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-bg - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sl - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sk - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-si - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sw - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sv - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sr - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sq - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ko - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-kn - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-km - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-kk - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ka - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-xh - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ca - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ku - 41.0.2+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-lv - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-lt - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-th - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 41.0.2+build2-0ubuntu0.14.04.1 firefox-dev - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-te - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ta - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-lg - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-tr - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-nso - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-de - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-da - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-uk - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mr - 41.0.2+build2-0ubuntu0.14.04.1 firefox-globalmenu - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-uz - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ml - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mn - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mk - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-eu - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-et - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-es - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-csb - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-el - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-eo - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-en - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-zu - 41.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ast - 41.0.2+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7184 Ubuntu 14.04 LTS It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783) Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-6153) Subodh Iyengar and Will Shackleton discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3577) It was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. (CVE-2015-5262) Update Instructions: Run `sudo pro fix USN-2769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-httpclient-java - 3.1-10.2ubuntu0.14.04.1 libcommons-httpclient-java-doc - 3.1-10.2ubuntu0.14.04.1 No subscription required Medium CVE-2012-5783 CVE-2012-6153 CVE-2014-3577 CVE-2015-5262 Ubuntu 14.04 LTS It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6755) A use-after-free was discovered in the service worker implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6757) It was discovered that Blink did not ensure that the origin of LocalStorage resources are considered unique. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-6759) A race condition and memory corruption was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6761) It was discovered that CSSFontFaceSrcValue::fetch in Blink did not use CORS in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6762) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6763) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-7834) Update Instructions: Run `sudo pro fix USN-2770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.10.3-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.10.3-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.10.3-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.10.3-0ubuntu0.14.04.1 oxideqmlscene - 1.10.3-0ubuntu0.14.04.1 oxideqt-codecs - 1.10.3-0ubuntu0.14.04.1 liboxideqtquick0 - 1.10.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-6755 CVE-2015-6757 CVE-2015-6759 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763 CVE-2015-7834 Ubuntu 14.04 LTS It was discovered that click did not properly perform input sanitization during click package installation. If a user were tricked into installing a crafted click package, a remote attacker could exploit this to escalate privileges by tricking click into installing lenient security policy for the installed application. Update Instructions: Run `sudo pro fix USN-2771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: click-doc - 0.4.21.1ubuntu0.2 libclick-0.4-dev - 0.4.21.1ubuntu0.2 libclick-0.4-0 - 0.4.21.1ubuntu0.2 click-dev - 0.4.21.1ubuntu0.2 packagekit-plugin-click - 0.4.21.1ubuntu0.2 gir1.2-click-0.4 - 0.4.21.1ubuntu0.2 python3-click - 0.4.21.1ubuntu0.2 click - 0.4.21.1ubuntu0.2 No subscription required Critical CVE-2015-8768 https://launchpad.net/bugs/1506467 Ubuntu 14.04 LTS Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. (CVE-2015-5288) Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this flaw to perform a denial of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-5289) Update Instructions: Run `sudo pro fix USN-2772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.10-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.10-0ubuntu0.14.04 postgresql-9.3 - 9.3.10-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.10-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.10-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.10-0ubuntu0.14.04 libecpg6 - 9.3.10-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.10-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.10-0ubuntu0.14.04 libpgtypes3 - 9.3.10-0ubuntu0.14.04 libecpg-dev - 9.3.10-0ubuntu0.14.04 libpq-dev - 9.3.10-0ubuntu0.14.04 libpq5 - 9.3.10-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.10-0ubuntu0.14.04 libecpg-compat3 - 9.3.10-0ubuntu0.14.04 No subscription required Medium CVE-2015-5288 CVE-2015-5289 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312) Update Instructions: Run `sudo pro fix USN-2776-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-66-powerpc64-smp - 3.13.0-66.108 linux-image-3.13.0-66-powerpc-e500 - 3.13.0-66.108 linux-image-3.13.0-66-generic - 3.13.0-66.108 linux-image-3.13.0-66-lowlatency - 3.13.0-66.108 linux-image-3.13.0-66-powerpc64-emb - 3.13.0-66.108 linux-image-3.13.0-66-powerpc-smp - 3.13.0-66.108 linux-image-3.13.0-66-powerpc-e500mc - 3.13.0-66.108 linux-image-extra-3.13.0-66-generic - 3.13.0-66.108 linux-image-3.13.0-66-generic-lpae - 3.13.0-66.108 No subscription required Medium CVE-2015-0272 CVE-2015-5156 CVE-2015-6937 CVE-2015-7312 Ubuntu 14.04 LTS It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-André Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312) Update Instructions: Run `sudo pro fix USN-2777-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-51-generic-lpae - 3.16.0-51.69~14.04.1 linux-image-extra-3.16.0-51-generic - 3.16.0-51.69~14.04.1 linux-image-3.16.0-51-powerpc-smp - 3.16.0-51.69~14.04.1 linux-image-3.16.0-51-generic - 3.16.0-51.69~14.04.1 linux-image-3.16.0-51-powerpc-e500mc - 3.16.0-51.69~14.04.1 linux-image-3.16.0-51-powerpc64-emb - 3.16.0-51.69~14.04.1 linux-image-3.16.0-51-lowlatency - 3.16.0-51.69~14.04.1 linux-image-3.16.0-51-powerpc64-smp - 3.16.0-51.69~14.04.1 No subscription required Medium CVE-2015-5156 CVE-2015-5697 CVE-2015-6252 CVE-2015-6937 CVE-2015-7312 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312) Update Instructions: Run `sudo pro fix USN-2778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-31-generic - 3.19.0-31.36~14.04.1 linux-image-3.19.0-31-powerpc-e500mc - 3.19.0-31.36~14.04.1 linux-image-3.19.0-31-lowlatency - 3.19.0-31.36~14.04.1 linux-image-3.19.0-31-powerpc-smp - 3.19.0-31.36~14.04.1 linux-image-3.19.0-31-generic-lpae - 3.19.0-31.36~14.04.1 linux-image-extra-3.19.0-31-generic - 3.19.0-31.36~14.04.1 linux-image-3.19.0-31-powerpc64-smp - 3.19.0-31.36~14.04.1 linux-image-3.19.0-31-powerpc64-emb - 3.19.0-31.36~14.04.1 No subscription required Medium CVE-2015-0272 CVE-2015-5156 CVE-2015-6937 CVE-2015-7312 Ubuntu 14.04 LTS Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Update Instructions: Run `sudo pro fix USN-2780-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libminiupnpc-dev - 1.6-3ubuntu2.14.04.2 libminiupnpc8 - 1.6-3ubuntu2.14.04.2 miniupnpc - 1.6-3ubuntu2.14.04.2 No subscription required Medium CVE-2015-6031 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html Update Instructions: Run `sudo pro fix USN-2781-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.46-0ubuntu0.14.04.2 mysql-client - 5.5.46-0ubuntu0.14.04.2 libmysqlclient18 - 5.5.46-0ubuntu0.14.04.2 libmysqlclient-dev - 5.5.46-0ubuntu0.14.04.2 libmysqld-pic - 5.5.46-0ubuntu0.14.04.2 mysql-client-core-5.5 - 5.5.46-0ubuntu0.14.04.2 mysql-client-5.5 - 5.5.46-0ubuntu0.14.04.2 mysql-server-5.5 - 5.5.46-0ubuntu0.14.04.2 mysql-common - 5.5.46-0ubuntu0.14.04.2 mysql-server - 5.5.46-0ubuntu0.14.04.2 mysql-testsuite - 5.5.46-0ubuntu0.14.04.2 mysql-server-core-5.5 - 5.5.46-0ubuntu0.14.04.2 libmysqld-dev - 5.5.46-0ubuntu0.14.04.2 mysql-testsuite-5.5 - 5.5.46-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4910 CVE-2015-4913 Ubuntu 14.04 LTS Gabriel Campana discovered that Apport incorrectly handled Python module imports. A local attacker could use this issue to elevate privileges. Update Instructions: Run `sudo pro fix USN-2782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.18 python3-problem-report - 2.14.1-0ubuntu3.18 apport-kde - 2.14.1-0ubuntu3.18 apport-retrace - 2.14.1-0ubuntu3.18 apport-valgrind - 2.14.1-0ubuntu3.18 python3-apport - 2.14.1-0ubuntu3.18 dh-apport - 2.14.1-0ubuntu3.18 apport-gtk - 2.14.1-0ubuntu3.18 apport - 2.14.1-0ubuntu3.18 python-problem-report - 2.14.1-0ubuntu3.18 apport-noui - 2.14.1-0ubuntu3.18 No subscription required High CVE-2015-1341 Ubuntu 14.04 LTS Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5146) Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5194) Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5195) Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or overwrite certain files. (CVE-2015-5196, CVE-2015-7703) Miroslav Lichvar discovered that NTP incorrectly handled certain packets. A remote attacker could possibly use this issue to cause NTP to hang, resulting in a denial of service. (CVE-2015-5219) Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. A remote attacker could possibly use this issue to alter the system time on clients. (CVE-2015-5300) It was discovered that NTP incorrectly handled autokey data packets. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) It was discovered that NTP incorrectly handled memory when processing certain autokey messages. A remote attacker could possibly use this issue to cause NTP to consume memory, resulting in a denial of service. (CVE-2015-7701) Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705) Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service. (CVE-2015-7850) Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7852) Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853) John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. An attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7855) Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. A remote attacker could use this issue to possibly bypass authentication and alter the system clock. (CVE-2015-7871) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update Instructions: Run `sudo pro fix USN-2783-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 No subscription required Medium CVE-2015-5146 CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7850 CVE-2015-7852 CVE-2015-7853 CVE-2015-7855 CVE-2015-7871 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-4805, CVE-2015-4835, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4881, CVE-2015-4883) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2015-4806) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-4872) Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-4734, CVE-2015-4840, CVE-2015-4842, CVE-2015-4903) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-4803, CVE-2015-4882, CVE-2015-4893, CVE-2015-4911) Update Instructions: Run `sudo pro fix USN-2784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-source - 7u85-2.6.1-5ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-jre-lib - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-jdk - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-jre-headless - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-jre - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-doc - 7u85-2.6.1-5ubuntu0.14.04.1 openjdk-7-demo - 7u85-2.6.1-5ubuntu0.14.04.1 No subscription required Medium CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 Ubuntu 14.04 LTS Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4513, CVE-2015-4514) Tim Brown discovered that Firefox discloses the hostname during NTLM authentication in some circumstances. If a user were tricked in to opening a specially crafted website with NTLM v1 enabled, an attacker could exploit this to obtain sensitive information. (CVE-2015-4515) Mario Heiderich and Frederik Braun discovered that CSP could be bypassed in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4518) Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7181, CVE-2015-7182) Ryan Sleevi discovered an integer overflow in NSPR. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7183) Jason Hamilton, Peter Arremann and Sylvain Giroux discovered that panels created via the Addon SDK with { script: false } could still execute inline script. If a user installed an addon that relied on this as a security mechanism, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, depending on the source of the panel content. (CVE-2015-7187) Michał Bentkowski discovered that adding white-space to hostnames that are IP address can bypass same-origin protections. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-7188) Looben Yang discovered a buffer overflow during script interactions with the canvas element in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7189) Shinto K Anto discovered that CORS preflight is bypassed when receiving non-standard Content-Type headers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-7193) Gustavo Grieco discovered a buffer overflow in libjar in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7194) Frans Rosén discovered that certain escaped characters in the Location header are parsed incorrectly, resulting in a navigation to the previously parsed version of a URL. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain site specific tokens. (CVE-2015-7195) Vytautas Staraitis discovered a garbage collection crash when interacting with Java applets in some circumstances. If a user were tricked in to opening a specially crafted website with the Java plugin installed, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7196) Ehsan Akhgari discovered a mechanism for a web worker to bypass secure requirements for web sockets. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to bypass the mixed content web socket policy. (CVE-2015-7197) Ronald Crane discovered several vulnerabilities through code-inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200) Update Instructions: Run `sudo pro fix USN-2785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 42.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 42.0+build2-0ubuntu0.14.04.1 firefox - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 42.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 42.0+build2-0ubuntu0.14.04.1 firefox-dev - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 42.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 42.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 42.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Ubuntu 14.04 LTS It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-7803, CVE-2015-7804) Update Instructions: Run `sudo pro fix USN-2786-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.14 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.14 php5-curl - 5.5.9+dfsg-1ubuntu4.14 php5-intl - 5.5.9+dfsg-1ubuntu4.14 php5-snmp - 5.5.9+dfsg-1ubuntu4.14 php5-mysql - 5.5.9+dfsg-1ubuntu4.14 php5-odbc - 5.5.9+dfsg-1ubuntu4.14 php5-xsl - 5.5.9+dfsg-1ubuntu4.14 php5-gd - 5.5.9+dfsg-1ubuntu4.14 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.14 php5-tidy - 5.5.9+dfsg-1ubuntu4.14 php5-dev - 5.5.9+dfsg-1ubuntu4.14 php5-pgsql - 5.5.9+dfsg-1ubuntu4.14 php5-enchant - 5.5.9+dfsg-1ubuntu4.14 php5-readline - 5.5.9+dfsg-1ubuntu4.14 php5-gmp - 5.5.9+dfsg-1ubuntu4.14 php5-fpm - 5.5.9+dfsg-1ubuntu4.14 php5-cgi - 5.5.9+dfsg-1ubuntu4.14 php5-sqlite - 5.5.9+dfsg-1ubuntu4.14 php5-ldap - 5.5.9+dfsg-1ubuntu4.14 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.14 php5 - 5.5.9+dfsg-1ubuntu4.14 php5-cli - 5.5.9+dfsg-1ubuntu4.14 php-pear - 5.5.9+dfsg-1ubuntu4.14 php5-sybase - 5.5.9+dfsg-1ubuntu4.14 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.14 php5-pspell - 5.5.9+dfsg-1ubuntu4.14 php5-common - 5.5.9+dfsg-1ubuntu4.14 libphp5-embed - 5.5.9+dfsg-1ubuntu4.14 No subscription required Medium CVE-2015-7803 CVE-2015-7804 Ubuntu 14.04 LTS Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2787-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools - 0.3.6-2ubuntu0.14.04.1 libaudiofile-dev - 0.3.6-2ubuntu0.14.04.1 libaudiofile1 - 0.3.6-2ubuntu0.14.04.1 No subscription required Medium CVE-2015-7747 Ubuntu 14.04 LTS Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696) Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. (CVE-2015-7697) Update Instructions: Run `sudo pro fix USN-2788-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.4 No subscription required Medium CVE-2015-7696 CVE-2015-7697 Ubuntu 14.04 LTS USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696) Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. (CVE-2015-7697) Update Instructions: Run `sudo pro fix USN-2788-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.5 No subscription required None https://launchpad.net/bugs/1513293 Ubuntu 14.04 LTS Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnspr4-dev - 2:4.10.10-0ubuntu0.14.04.1 libnspr4 - 2:4.10.10-0ubuntu0.14.04.1 libnspr4-0d - 2:4.10.10-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7183 Ubuntu 14.04 LTS Tyson Smith and David Keeler discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2791-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.19.2.1-0ubuntu0.14.04.1 libnss3-dev - 2:3.19.2.1-0ubuntu0.14.04.1 libnss3 - 2:3.19.2.1-0ubuntu0.14.04.1 libnss3-1d - 2:3.19.2.1-0ubuntu0.14.04.1 libnss3-tools - 2:3.19.2.1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7181 CVE-2015-7182 Ubuntu 14.04 LTS Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files. (CVE-2015-4551) It was discovered that LibreOffice incorrectly handled PrinterSetup data stored in ODF files. If a user were tricked into opening a specially crafted ODF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5212) It was discovered that LibreOffice incorrectly handled the number of pieces in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5213) It was discovered that LibreOffice incorrectly handled bookmarks in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5214) Update Instructions: Run `sudo pro fix USN-2793-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu3 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu3 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu3 libreoffice-impress - 1:4.2.8-0ubuntu3 libreoffice-officebean - 1:4.2.8-0ubuntu3 libreoffice-base - 1:4.2.8-0ubuntu3 libreoffice-librelogo - 1:4.2.8-0ubuntu3 libreoffice-java-common - 1:4.2.8-0ubuntu3 browser-plugin-libreoffice - 1:4.2.8-0ubuntu3 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu3 libreoffice-style-tango - 1:4.2.8-0ubuntu3 libreoffice-style-crystal - 1:4.2.8-0ubuntu3 libreoffice-kde - 1:4.2.8-0ubuntu3 libreoffice-l10n-ku - 1:4.2.8-0ubuntu3 libreoffice-style-galaxy - 1:4.2.8-0ubuntu3 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu3 libreoffice-core - 1:4.2.8-0ubuntu3 libreoffice-presenter-console - 1:4.2.8-0ubuntu3 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu3 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu3 libreoffice-script-provider-python - 1:4.2.8-0ubuntu3 libreoffice-common - 1:4.2.8-0ubuntu3 libreoffice-gnome - 1:4.2.8-0ubuntu3 libreoffice-dev - 1:4.2.8-0ubuntu3 libreoffice-gtk3 - 1:4.2.8-0ubuntu3 libreoffice-report-builder - 1:4.2.8-0ubuntu3 libreoffice-pdfimport - 1:4.2.8-0ubuntu3 libreoffice-base-core - 1:4.2.8-0ubuntu3 libreoffice-ogltrans - 1:4.2.8-0ubuntu3 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu3 libreoffice-gtk - 1:4.2.8-0ubuntu3 libreoffice-calc - 1:4.2.8-0ubuntu3 libreoffice-base-drivers - 1:4.2.8-0ubuntu3 libreoffice-style-oxygen - 1:4.2.8-0ubuntu3 libreoffice-emailmerge - 1:4.2.8-0ubuntu3 libreoffice-style-human - 1:4.2.8-0ubuntu3 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu3 python3-uno - 1:4.2.8-0ubuntu3 libreoffice-math - 1:4.2.8-0ubuntu3 libreoffice-writer - 1:4.2.8-0ubuntu3 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu3 libreoffice-script-provider-js - 1:4.2.8-0ubuntu3 libreoffice - 1:4.2.8-0ubuntu3 libreoffice-draw - 1:4.2.8-0ubuntu3 libreoffice-style-sifr - 1:4.2.8-0ubuntu3 libreoffice-dev-doc - 1:4.2.8-0ubuntu3 libreoffice-l10n-in - 1:4.2.8-0ubuntu3 libreoffice-l10n-za - 1:4.2.8-0ubuntu3 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu3 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu3 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu3 No subscription required uno-libs3 - 4.2.8-0ubuntu3 ure - 4.2.8-0ubuntu3 No subscription required Medium CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 Ubuntu 14.04 LTS It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. (CVE-2015-2925) Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). (CVE-2015-5257) Update Instructions: Run `sudo pro fix USN-2794-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-67-generic - 3.13.0-67.110 linux-image-3.13.0-67-generic-lpae - 3.13.0-67.110 linux-image-3.13.0-67-powerpc-smp - 3.13.0-67.110 linux-image-3.13.0-67-generic - 3.13.0-67.110 linux-image-3.13.0-67-powerpc-e500mc - 3.13.0-67.110 linux-image-3.13.0-67-powerpc64-emb - 3.13.0-67.110 linux-image-3.13.0-67-lowlatency - 3.13.0-67.110 linux-image-3.13.0-67-powerpc-e500 - 3.13.0-67.110 linux-image-3.13.0-67-powerpc64-smp - 3.13.0-67.110 No subscription required Medium CVE-2015-2925 CVE-2015-5257 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. (CVE-2015-2925) Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). (CVE-2015-5257) It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283) Update Instructions: Run `sudo pro fix USN-2797-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-52-powerpc-smp - 3.16.0-52.71~14.04.1 linux-image-3.16.0-52-powerpc64-smp - 3.16.0-52.71~14.04.1 linux-image-extra-3.16.0-52-generic - 3.16.0-52.71~14.04.1 linux-image-3.16.0-52-generic - 3.16.0-52.71~14.04.1 linux-image-3.16.0-52-powerpc-e500mc - 3.16.0-52.71~14.04.1 linux-image-3.16.0-52-generic-lpae - 3.16.0-52.71~14.04.1 linux-image-3.16.0-52-lowlatency - 3.16.0-52.71~14.04.1 linux-image-3.16.0-52-powerpc64-emb - 3.16.0-52.71~14.04.1 No subscription required Medium CVE-2015-0272 CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 Ubuntu 14.04 LTS It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. (CVE-2015-2925) Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). (CVE-2015-5257) Update Instructions: Run `sudo pro fix USN-2798-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-32-powerpc-e500mc - 3.19.0-32.37~14.04.1 linux-image-3.19.0-32-powerpc-smp - 3.19.0-32.37~14.04.1 linux-image-extra-3.19.0-32-generic - 3.19.0-32.37~14.04.1 linux-image-3.19.0-32-powerpc64-emb - 3.19.0-32.37~14.04.1 linux-image-3.19.0-32-lowlatency - 3.19.0-32.37~14.04.1 linux-image-3.19.0-32-generic - 3.19.0-32.37~14.04.1 linux-image-3.19.0-32-powerpc64-smp - 3.19.0-32.37~14.04.1 linux-image-3.19.0-32-generic-lpae - 3.19.0-32.37~14.04.1 No subscription required Medium CVE-2015-2925 CVE-2015-5257 Ubuntu 14.04 LTS Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. Update Instructions: Run `sudo pro fix USN-2801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-68-powerpc64-smp - 3.13.0-68.111 linux-image-3.13.0-68-generic-lpae - 3.13.0-68.111 linux-image-3.13.0-68-powerpc-e500mc - 3.13.0-68.111 linux-image-3.13.0-68-lowlatency - 3.13.0-68.111 linux-image-3.13.0-68-powerpc64-emb - 3.13.0-68.111 linux-image-extra-3.13.0-68-generic - 3.13.0-68.111 linux-image-3.13.0-68-generic - 3.13.0-68.111 linux-image-3.13.0-68-powerpc-smp - 3.13.0-68.111 linux-image-3.13.0-68-powerpc-e500 - 3.13.0-68.111 No subscription required High CVE-2015-5307 Ubuntu 14.04 LTS Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. Update Instructions: Run `sudo pro fix USN-2805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-53-powerpc64-smp - 3.16.0-53.72~14.04.1 linux-image-3.16.0-53-powerpc-smp - 3.16.0-53.72~14.04.1 linux-image-extra-3.16.0-53-generic - 3.16.0-53.72~14.04.1 linux-image-3.16.0-53-powerpc64-emb - 3.16.0-53.72~14.04.1 linux-image-3.16.0-53-generic - 3.16.0-53.72~14.04.1 linux-image-3.16.0-53-generic-lpae - 3.16.0-53.72~14.04.1 linux-image-3.16.0-53-powerpc-e500mc - 3.16.0-53.72~14.04.1 linux-image-3.16.0-53-lowlatency - 3.16.0-53.72~14.04.1 No subscription required High CVE-2015-5307 Ubuntu 14.04 LTS Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. Update Instructions: Run `sudo pro fix USN-2806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-33-powerpc-smp - 3.19.0-33.38~14.04.1 linux-image-3.19.0-33-powerpc-e500mc - 3.19.0-33.38~14.04.1 linux-image-3.19.0-33-generic-lpae - 3.19.0-33.38~14.04.1 linux-image-3.19.0-33-generic - 3.19.0-33.38~14.04.1 linux-image-3.19.0-33-powerpc64-smp - 3.19.0-33.38~14.04.1 linux-image-3.19.0-33-lowlatency - 3.19.0-33.38~14.04.1 linux-image-extra-3.19.0-33-generic - 3.19.0-33.38~14.04.1 linux-image-3.19.0-33-powerpc64-emb - 3.19.0-33.38~14.04.1 No subscription required High CVE-2015-5307 Ubuntu 14.04 LTS Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. Update Instructions: Run `sudo pro fix USN-2807-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-18-lowlatency - 4.2.0-18.22~14.04.1 linux-image-4.2.0-18-generic-lpae - 4.2.0-18.22~14.04.1 linux-image-4.2.0-18-powerpc64-emb - 4.2.0-18.22~14.04.1 linux-image-4.2.0-18-generic - 4.2.0-18.22~14.04.1 linux-image-4.2.0-18-powerpc-e500mc - 4.2.0-18.22~14.04.1 linux-image-4.2.0-18-powerpc64-smp - 4.2.0-18.22~14.04.1 linux-image-extra-4.2.0-18-generic - 4.2.0-18.22~14.04.1 linux-image-4.2.0-18-powerpc-smp - 4.2.0-18.22~14.04.1 No subscription required High CVE-2015-5307 Ubuntu 14.04 LTS It was discovered that wpa_supplicant incorrectly handled WMM Sleep Mode Response frame processing. A remote attacker could use this issue to perform broadcast/multicast packet injections, or cause a denial of service. (CVE-2015-5310) It was discovered that wpa_supplicant and hostapd incorrectly handled certain EAP-pwd messages. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5314, CVE-2015-5315) It was discovered that wpa_supplicant incorrectly handled certain EAP-pwd Confirm messages. A remote attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-5316) Update Instructions: Run `sudo pro fix USN-2808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.4 No subscription required wpagui - 2.1-0ubuntu1.4 wpasupplicant-udeb - 2.1-0ubuntu1.4 wpasupplicant - 2.1-0ubuntu1.4 No subscription required Medium CVE-2015-5310 CVE-2015-5314 CVE-2015-5315 CVE-2015-5316 Ubuntu 14.04 LTS It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443) It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5355) It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694) It was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2695) It was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2696, CVE-2015-2698) It was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2697) Update Instructions: Run `sudo pro fix USN-2810-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.12+dfsg-2ubuntu5.2 libkadm5srv-mit8 - 1.12+dfsg-2ubuntu5.2 libk5crypto3 - 1.12+dfsg-2ubuntu5.2 krb5-user - 1.12+dfsg-2ubuntu5.2 libgssrpc4 - 1.12+dfsg-2ubuntu5.2 libkrb5support0 - 1.12+dfsg-2ubuntu5.2 krb5-doc - 1.12+dfsg-2ubuntu5.2 libkrb5-dev - 1.12+dfsg-2ubuntu5.2 krb5-pkinit - 1.12+dfsg-2ubuntu5.2 libkrb5-3 - 1.12+dfsg-2ubuntu5.2 krb5-kdc-ldap - 1.12+dfsg-2ubuntu5.2 krb5-otp - 1.12+dfsg-2ubuntu5.2 libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu5.2 krb5-gss-samples - 1.12+dfsg-2ubuntu5.2 krb5-multidev - 1.12+dfsg-2ubuntu5.2 krb5-locales - 1.12+dfsg-2ubuntu5.2 libgssapi-krb5-2 - 1.12+dfsg-2ubuntu5.2 krb5-kdc - 1.12+dfsg-2ubuntu5.2 libkrad-dev - 1.12+dfsg-2ubuntu5.2 libkrad0 - 1.12+dfsg-2ubuntu5.2 libkdb5-7 - 1.12+dfsg-2ubuntu5.2 krb5-admin-server - 1.12+dfsg-2ubuntu5.2 No subscription required Medium CVE-2002-2443 CVE-2014-5355 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 Ubuntu 14.04 LTS It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-2811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.4 strongswan-plugin-unbound - 5.1.2-0ubuntu2.4 strongswan-plugin-farp - 5.1.2-0ubuntu2.4 strongswan-ikev1 - 5.1.2-0ubuntu2.4 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.4 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.4 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.4 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.4 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.4 strongswan-plugin-sql - 5.1.2-0ubuntu2.4 strongswan-plugin-coupling - 5.1.2-0ubuntu2.4 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.4 strongswan-plugin-lookip - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.4 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.4 strongswan-ike - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.4 libstrongswan - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.4 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.4 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.4 strongswan - 5.1.2-0ubuntu2.4 strongswan-tnc-server - 5.1.2-0ubuntu2.4 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.4 strongswan-tnc-base - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.4 strongswan-starter - 5.1.2-0ubuntu2.4 strongswan-plugin-curl - 5.1.2-0ubuntu2.4 strongswan-plugin-radattr - 5.1.2-0ubuntu2.4 strongswan-plugin-soup - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.4 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.4 strongswan-ikev2 - 5.1.2-0ubuntu2.4 strongswan-plugin-mysql - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.4 strongswan-plugin-openssl - 5.1.2-0ubuntu2.4 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.4 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.4 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.4 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.4 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.4 strongswan-pt-tls-client - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.4 strongswan-nm - 5.1.2-0ubuntu2.4 strongswan-plugin-ldap - 5.1.2-0ubuntu2.4 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.4 strongswan-tnc-pdp - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.4 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.4 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.4 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.4 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.4 strongswan-plugin-ntru - 5.1.2-0ubuntu2.4 strongswan-plugin-gmp - 5.1.2-0ubuntu2.4 strongswan-plugin-agent - 5.1.2-0ubuntu2.4 strongswan-plugin-pgp - 5.1.2-0ubuntu2.4 strongswan-tnc-client - 5.1.2-0ubuntu2.4 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.4 strongswan-plugin-unity - 5.1.2-0ubuntu2.4 strongswan-plugin-led - 5.1.2-0ubuntu2.4 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.4 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.4 No subscription required Medium CVE-2015-8023 Ubuntu 14.04 LTS Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819) Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941) Kostya Serebryany discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7942) Gustavo Grieco discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8035) Update Instructions: Run `sudo pro fix USN-2812-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.5 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.5 libxml2 - 2.9.1+dfsg1-3ubuntu4.5 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.5 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.5 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.5 No subscription required Medium CVE-2015-1819 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges. Update Instructions: Run `sudo pro fix USN-2814-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.131-0ubuntu0.14.04.1 libcuda1-304 - 304.131-0ubuntu0.14.04.1 nvidia-current-updates-dev - 304.131-0ubuntu0.14.04.1 nvidia-libopencl1-304-updates - 304.131-0ubuntu0.14.04.1 nvidia-current - 304.131-0ubuntu0.14.04.1 nvidia-304-updates - 304.131-0ubuntu0.14.04.1 nvidia-304 - 304.131-0ubuntu0.14.04.1 nvidia-304-updates-dev - 304.131-0ubuntu0.14.04.1 nvidia-opencl-icd-304 - 304.131-0ubuntu0.14.04.1 nvidia-experimental-304-dev - 304.131-0ubuntu0.14.04.1 nvidia-current-updates - 304.131-0ubuntu0.14.04.1 nvidia-304-dev - 304.131-0ubuntu0.14.04.1 libcuda1-304-updates - 304.131-0ubuntu0.14.04.1 nvidia-experimental-304 - 304.131-0ubuntu0.14.04.1 nvidia-libopencl1-304 - 304.131-0ubuntu0.14.04.1 nvidia-opencl-icd-304-updates - 304.131-0ubuntu0.14.04.1 No subscription required nvidia-331 - 340.96-0ubuntu0.14.04.1 nvidia-opencl-icd-331 - 340.96-0ubuntu0.14.04.1 libcuda1-340 - 340.96-0ubuntu0.14.04.1 nvidia-340-updates - 340.96-0ubuntu0.14.04.1 nvidia-331-updates - 340.96-0ubuntu0.14.04.1 nvidia-opencl-icd-340-updates - 340.96-0ubuntu0.14.04.1 nvidia-340-updates-dev - 340.96-0ubuntu0.14.04.1 nvidia-340-updates-uvm - 340.96-0ubuntu0.14.04.1 nvidia-opencl-icd-331-updates - 340.96-0ubuntu0.14.04.1 nvidia-340-dev - 340.96-0ubuntu0.14.04.1 libcuda1-331-updates - 340.96-0ubuntu0.14.04.1 nvidia-libopencl1-331 - 340.96-0ubuntu0.14.04.1 nvidia-340 - 340.96-0ubuntu0.14.04.1 nvidia-opencl-icd-340 - 340.96-0ubuntu0.14.04.1 nvidia-340-uvm - 340.96-0ubuntu0.14.04.1 libcuda1-340-updates - 340.96-0ubuntu0.14.04.1 libcuda1-331 - 340.96-0ubuntu0.14.04.1 nvidia-331-updates-dev - 340.96-0ubuntu0.14.04.1 nvidia-331-dev - 340.96-0ubuntu0.14.04.1 nvidia-331-updates-uvm - 340.96-0ubuntu0.14.04.1 nvidia-libopencl1-340 - 340.96-0ubuntu0.14.04.1 nvidia-libopencl1-331-updates - 340.96-0ubuntu0.14.04.1 nvidia-libopencl1-340-updates - 340.96-0ubuntu0.14.04.1 nvidia-331-uvm - 340.96-0ubuntu0.14.04.1 No subscription required nvidia-opencl-icd-352 - 352.63-0ubuntu0.14.04.1 nvidia-opencl-icd-352-updates - 352.63-0ubuntu0.14.04.1 libcuda1-346 - 352.63-0ubuntu0.14.04.1 nvidia-352-updates-dev - 352.63-0ubuntu0.14.04.1 nvidia-346 - 352.63-0ubuntu0.14.04.1 nvidia-opencl-icd-346-updates - 352.63-0ubuntu0.14.04.1 nvidia-libopencl1-352 - 352.63-0ubuntu0.14.04.1 nvidia-opencl-icd-346 - 352.63-0ubuntu0.14.04.1 nvidia-346-updates - 352.63-0ubuntu0.14.04.1 libcuda1-352 - 352.63-0ubuntu0.14.04.1 nvidia-libopencl1-346 - 352.63-0ubuntu0.14.04.1 nvidia-346-updates-dev - 352.63-0ubuntu0.14.04.1 nvidia-346-dev - 352.63-0ubuntu0.14.04.1 nvidia-libopencl1-346-updates - 352.63-0ubuntu0.14.04.1 nvidia-352 - 352.63-0ubuntu0.14.04.1 nvidia-libopencl1-352-updates - 352.63-0ubuntu0.14.04.1 libcuda1-346-updates - 352.63-0ubuntu0.14.04.1 nvidia-352-dev - 352.63-0ubuntu0.14.04.1 nvidia-352-updates - 352.63-0ubuntu0.14.04.1 libcuda1-352-updates - 352.63-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7869 Ubuntu 14.04 LTS Mikulas Patocka discovered that libpng incorrectly handled certain large fields. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-3425) Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. (CVE-2015-7981) It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8126) Update Instructions: Run `sudo pro fix USN-2815-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng12-0-udeb - 1.2.50-1ubuntu2.14.04.1 libpng12-dev - 1.2.50-1ubuntu2.14.04.1 libpng3 - 1.2.50-1ubuntu2.14.04.1 libpng12-0 - 1.2.50-1ubuntu2.14.04.1 No subscription required Medium CVE-2012-3425 CVE-2015-7981 CVE-2015-8126 Ubuntu 14.04 LTS Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings. Update Instructions: Run `sudo pro fix USN-2816-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.11 python-django - 1.6.1-2ubuntu0.11 No subscription required Medium CVE-2015-8213 Ubuntu 14.04 LTS It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. (CVE-2015-5234) Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. (CVE-2015-5235) Update Instructions: Run `sudo pro fix USN-2817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icedtea-7-plugin - 1.5.3-0ubuntu0.14.04.1 icedtea-plugin - 1.5.3-0ubuntu0.14.04.1 icedtea-netx-common - 1.5.3-0ubuntu0.14.04.1 icedtea-6-plugin - 1.5.3-0ubuntu0.14.04.1 icedtea-netx - 1.5.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-5234 CVE-2015-5235 Ubuntu 14.04 LTS It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2818-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-source - 7u91-2.6.3-0ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-jre-lib - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-jdk - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-jre-headless - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-jre - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-doc - 7u91-2.6.3-0ubuntu0.14.04.1 openjdk-7-demo - 7u91-2.6.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4871 Ubuntu 14.04 LTS Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4513) Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. An attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7181, CVE-2015-7182) Ryan Sleevi discovered an integer overflow in NSPR. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7183) Michał Bentkowski discovered that adding white-space to hostnames that are IP addresses can bypass same-origin protections. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-7188) Looben Yang discovered a buffer overflow during script interactions with the canvas element in some circumstances. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7189) Shinto K Anto discovered that CORS preflight is bypassed when receiving non-standard Content-Type headers in some circumstances. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-7193) Gustavo Grieco discovered a buffer overflow in libjar in some circumstances. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7194) Ehsan Akhgari discovered a mechanism for a web worker to bypass secure requirements for web sockets. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could exploit this to bypass the mixed content web socket policy. (CVE-2015-7197) Ronald Crane discovered several vulnerabilities through code-inspection. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200) Update Instructions: Run `sudo pro fix USN-2819-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.4.0+build3-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.4.0+build3-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-dev - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.4.0+build3-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.4.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Ubuntu 14.04 LTS Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2820-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.17.5ubuntu5.5 dselect - 1.17.5ubuntu5.5 libdpkg-dev - 1.17.5ubuntu5.5 dpkg - 1.17.5ubuntu5.5 libdpkg-perl - 1.17.5ubuntu5.5 No subscription required Medium CVE-2015-0860 Ubuntu 14.04 LTS It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack. Update Instructions: Run `sudo pro fix USN-2821-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.3 gnutls26-doc - 2.12.23-12ubuntu2.3 libgnutls26 - 2.12.23-12ubuntu2.3 libgnutls-dev - 2.12.23-12ubuntu2.3 libgnutls-openssl27 - 2.12.23-12ubuntu2.3 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.3 No subscription required None https://launchpad.net/bugs/1510163 Ubuntu 14.04 LTS It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283) Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872) Update Instructions: Run `sudo pro fix USN-2823-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-71-powerpc64-emb - 3.13.0-71.114 linux-image-3.13.0-71-powerpc-e500 - 3.13.0-71.114 linux-image-3.13.0-71-generic - 3.13.0-71.114 linux-image-3.13.0-71-lowlatency - 3.13.0-71.114 linux-image-3.13.0-71-powerpc64-smp - 3.13.0-71.114 linux-image-3.13.0-71-powerpc-smp - 3.13.0-71.114 linux-image-3.13.0-71-powerpc-e500mc - 3.13.0-71.114 linux-image-3.13.0-71-generic-lpae - 3.13.0-71.114 linux-image-extra-3.13.0-71-generic - 3.13.0-71.114 No subscription required Medium CVE-2015-5283 CVE-2015-7872 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-2824-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-55-powerpc64-emb - 3.16.0-55.74~14.04.1 linux-image-3.16.0-55-lowlatency - 3.16.0-55.74~14.04.1 linux-image-3.16.0-55-generic - 3.16.0-55.74~14.04.1 linux-image-3.16.0-55-generic-lpae - 3.16.0-55.74~14.04.1 linux-image-3.16.0-55-powerpc-e500mc - 3.16.0-55.74~14.04.1 linux-image-3.16.0-55-powerpc64-smp - 3.16.0-55.74~14.04.1 linux-image-extra-3.16.0-55-generic - 3.16.0-55.74~14.04.1 linux-image-3.16.0-55-powerpc-smp - 3.16.0-55.74~14.04.1 No subscription required Medium CVE-2015-7872 Ubuntu 14.04 LTS Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6765, CVE-2015-6766, CVE-2015-6767) Several security issues were discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions. (CVE-2015-6768, CVE-2015-6770) A security issue was discovered in the provisional-load commit implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6769) An out-of-bounds read was discovered in the array map and filter operations in V8 in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-6771) It was discovered that the DOM implementation in Chromium does not prevent javascript: URL navigation while a document is being detached. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6772) An out-of bounds read was discovered in Skia in some cirumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-6773) A use-after-free was discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6777) It was discovered that the Document::open function in Chromium did not ensure that page-dismissal event handling is compatible with modal dialog blocking. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to spoof application UI content. (CVE-2015-6782) It was discovered that the page serializer in Chromium mishandled MOTW comments for URLs in some circumstances. An attacker could potentially exploit this to inject HTML content. (CVE-2015-6784) It was discovered that the Content Security Policy (CSP) implementation in Chromium accepted an x.y hostname as a match for a *.x.y pattern. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-6785) It was discovered that the Content Security Policy (CSP) implementation in Chromium accepted blob:, data: and filesystem: URLs as a match for a * pattern. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-6786) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6787) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-8478) Update Instructions: Run `sudo pro fix USN-2825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.11.3-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.11.3-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.11.3-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.11.3-0ubuntu0.14.04.1 oxideqmlscene - 1.11.3-0ubuntu0.14.04.1 oxideqt-codecs - 1.11.3-0ubuntu0.14.04.1 liboxideqtquick0 - 1.11.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6777 CVE-2015-6782 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-8478 Ubuntu 14.04 LTS Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption, resulting in a denial of service. (CVE-2015-7295) Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the pcnet driver when used in loopback mode. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-7504) Ling Liu and Jason Wang discovered that QEMU incorrectly handled the pcnet driver. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-7512) Qinghao Tang discovered that QEMU incorrectly handled the eepro100 driver. A malicious guest could use this issue to cause an infinite loop, leading to a denial of service. (CVE-2015-8345) Update Instructions: Run `sudo pro fix USN-2828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.21 qemu-user-static - 2.0.0+dfsg-2ubuntu1.21 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.21 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.21 qemu-kvm - 2.0.0+dfsg-2ubuntu1.21 qemu-user - 2.0.0+dfsg-2ubuntu1.21 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.21 qemu-system - 2.0.0+dfsg-2ubuntu1.21 qemu-utils - 2.0.0+dfsg-2ubuntu1.21 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.21 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.21 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.21 qemu-common - 2.0.0+dfsg-2ubuntu1.21 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.21 qemu - 2.0.0+dfsg-2ubuntu1.21 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.21 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.21 No subscription required Medium CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 Ubuntu 14.04 LTS It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283) Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872) Update Instructions: Run `sudo pro fix USN-2829-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-39-powerpc64-emb - 3.19.0-39.44~14.04.1 linux-image-3.19.0-39-powerpc64-smp - 3.19.0-39.44~14.04.1 linux-image-3.19.0-39-generic - 3.19.0-39.44~14.04.1 linux-image-3.19.0-39-powerpc-smp - 3.19.0-39.44~14.04.1 linux-image-3.19.0-39-generic-lpae - 3.19.0-39.44~14.04.1 linux-image-extra-3.19.0-39-generic - 3.19.0-39.44~14.04.1 linux-image-3.19.0-39-powerpc-e500mc - 3.19.0-39.44~14.04.1 linux-image-3.19.0-39-lowlatency - 3.19.0-39.44~14.04.1 No subscription required Medium CVE-2015-5283 CVE-2015-7872 Ubuntu 14.04 LTS Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-1794) Hanno Böck discovered that the OpenSSL Montgomery squaring procedure algorithm may produce incorrect results when being used on x86_64. A remote attacker could possibly use this issue to break encryption. This issue only applied to Ubuntu 15.10. (CVE-2015-3193) Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194) Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195) It was discovered that OpenSSL incorrectly handled PSK identity hints. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196) Update Instructions: Run `sudo pro fix USN-2830-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.16 libssl-dev - 1.0.1f-1ubuntu2.16 openssl - 1.0.1f-1ubuntu2.16 libssl-doc - 1.0.1f-1ubuntu2.16 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.16 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.16 No subscription required Medium CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 Ubuntu 14.04 LTS Michal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Update Instructions: Run `sudo pro fix USN-2831-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.0.52-0ubuntu1.6 libfontembed1 - 1.0.52-0ubuntu1.6 libcupsfilters-dev - 1.0.52-0ubuntu1.6 cups-filters - 1.0.52-0ubuntu1.6 cups-browsed - 1.0.52-0ubuntu1.6 cups-filters-core-drivers - 1.0.52-0ubuntu1.6 libcupsfilters1 - 1.0.52-0ubuntu1.6 No subscription required Medium CVE-2015-8327 Ubuntu 14.04 LTS It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496) Joshua Rogers discovered that libsndfile incorrectly handled division when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. (CVE-2014-9756) Marco Romano discovered that libsndfile incorrectly handled certain malformed AIFF files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7805) Update Instructions: Run `sudo pro fix USN-2832-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-7ubuntu2.1 libsndfile1-dev - 1.0.25-7ubuntu2.1 sndfile-programs - 1.0.25-7ubuntu2.1 No subscription required Medium CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 Ubuntu 14.04 LTS Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7201, CVE-2015-7202) Ronald Crane discovered three buffer overflows through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221) Cajus Pollmeier discovered a crash during javascript variable assignments in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7204) Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7205) It was discovered that it is possible to read cross-origin URLs following a redirect if performance.getEntries() is used with an iframe to host a page. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-7207) It was discovered that Firefox allows for control characters to be set in cookies. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2015-7208) Looben Yang discovered a use-after-free in WebRTC when closing channels in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7210) Abdulrahman Alqabandi discovered that hash symbol is incorrectly handled when parsing data: URLs. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-7211) Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7212) Ronald Crane dicovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7213) Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information and read local files. (CVE-2015-7214) Masato Kinugawa discovered a cross-origin information leak in error events in web workers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-7215) Gustavo Grieco discovered that the file chooser crashed on malformed images due to flaws in the Jasper library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-7216, CVE-2015-7217) Stuart Larsen discoverd two integer underflows when handling malformed HTTP/2 frames in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash. (CVE-2015-7218, CVE-2015-7219) Gerald Squelart discovered an integer underflow in the libstagefright library when parsing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7222) Kris Maglione discovered a mechanism where web content could use WebExtension APIs to execute code with the privileges of a particular WebExtension. If a user were tricked in to opening a specially crafted website with a vulnerable extension installed, an attacker could potentially exploit this to obtain sensitive information or conduct cross-site scripting (XSS) attacks. (CVE-2015-7223) Update Instructions: Run `sudo pro fix USN-2833-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-nn - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-nb - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-fa - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-fi - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-fr - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-fy - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-or - 43.0+build1-0ubuntu0.14.04.1 firefox-testsuite - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-oc - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-cs - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ga - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-gd - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-gl - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-gu - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-pa - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-pl - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-cy - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-pt - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-hi - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ms - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-he - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-hy - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-hr - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-hu - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-it - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-as - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ar - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-az - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-id - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-mai - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-af - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-is - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-vi - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-an - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-bs - 43.0+build1-0ubuntu0.14.04.1 firefox - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ro - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ja - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ru - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-br - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-bn - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-be - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-bg - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-sl - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-sk - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-si - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-sw - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-sv - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-sr - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-sq - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ko - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-kn - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-km - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-kk - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ka - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-xh - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ca - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ku - 43.0+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-lv - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-lt - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-th - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 43.0+build1-0ubuntu0.14.04.1 firefox-dev - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-te - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ta - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-lg - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-tr - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-nso - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-de - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-da - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-uk - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-mr - 43.0+build1-0ubuntu0.14.04.1 firefox-globalmenu - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-uz - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ml - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-mn - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-mk - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-eu - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-et - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-es - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-csb - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-el - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-eo - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-en - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-zu - 43.0+build1-0ubuntu0.14.04.1 firefox-locale-ast - 43.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 Ubuntu 14.04 LTS Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500) Hugh Davenport discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8241, CVE-2015-8242) Hanno Boeck discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317) Update Instructions: Run `sudo pro fix USN-2834-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.6 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.6 libxml2 - 2.9.1+dfsg1-3ubuntu4.6 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.6 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.6 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.6 No subscription required Medium CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 Ubuntu 14.04 LTS Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs. Update Instructions: Run `sudo pro fix USN-2835-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.2 gitweb - 1:1.9.1-1ubuntu0.2 git-gui - 1:1.9.1-1ubuntu0.2 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.2 git-arch - 1:1.9.1-1ubuntu0.2 git-bzr - 1:1.9.1-1ubuntu0.2 git-el - 1:1.9.1-1ubuntu0.2 gitk - 1:1.9.1-1ubuntu0.2 git-all - 1:1.9.1-1ubuntu0.2 git-mediawiki - 1:1.9.1-1ubuntu0.2 git-daemon-run - 1:1.9.1-1ubuntu0.2 git-man - 1:1.9.1-1ubuntu0.2 git-doc - 1:1.9.1-1ubuntu0.2 git-svn - 1:1.9.1-1ubuntu0.2 git-cvs - 1:1.9.1-1ubuntu0.2 git-core - 1:1.9.1-1ubuntu0.2 git-email - 1:1.9.1-1ubuntu0.2 No subscription required Medium CVE-2015-7545 Ubuntu 14.04 LTS Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection. Update Instructions: Run `sudo pro fix USN-2836-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-ieee1275 - 2.02~beta2-9ubuntu1.6 grub-efi-amd64 - 2.02~beta2-9ubuntu1.6 grub2-common - 2.02~beta2-9ubuntu1.6 grub-xen-bin - 2.02~beta2-9ubuntu1.6 grub-uboot-bin - 2.02~beta2-9ubuntu1.6 grub-common - 2.02~beta2-9ubuntu1.6 grub-efi-amd64-bin - 2.02~beta2-9ubuntu1.6 grub-firmware-qemu - 2.02~beta2-9ubuntu1.6 grub-theme-starfield - 2.02~beta2-9ubuntu1.6 grub-efi-arm - 2.02~beta2-9ubuntu1.6 grub-coreboot-bin - 2.02~beta2-9ubuntu1.6 grub2 - 2.02~beta2-9ubuntu1.6 grub-efi-arm64-bin - 2.02~beta2-9ubuntu1.6 grub-pc - 2.02~beta2-9ubuntu1.6 grub-emu - 2.02~beta2-9ubuntu1.6 grub-efi-arm-bin - 2.02~beta2-9ubuntu1.6 grub-linuxbios - 2.02~beta2-9ubuntu1.6 grub-xen - 2.02~beta2-9ubuntu1.6 grub-uboot - 2.02~beta2-9ubuntu1.6 grub-efi-ia32 - 2.02~beta2-9ubuntu1.6 grub-coreboot - 2.02~beta2-9ubuntu1.6 grub-efi-ia32-bin - 2.02~beta2-9ubuntu1.6 grub-ieee1275-bin - 2.02~beta2-9ubuntu1.6 grub-rescue-pc - 2.02~beta2-9ubuntu1.6 grub-mount-udeb - 2.02~beta2-9ubuntu1.6 grub-pc-bin - 2.02~beta2-9ubuntu1.6 grub-efi-arm64 - 2.02~beta2-9ubuntu1.6 grub-efi - 2.02~beta2-9ubuntu1.6 No subscription required Medium CVE-2015-8370 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2837-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.6 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.6 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.6 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.6 bind9utils - 1:9.9.5.dfsg-3ubuntu0.6 libdns100 - 1:9.9.5.dfsg-3ubuntu0.6 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.6 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.6 host - 1:9.9.5.dfsg-3ubuntu0.6 lwresd - 1:9.9.5.dfsg-3ubuntu0.6 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.6 libisc95 - 1:9.9.5.dfsg-3ubuntu0.6 bind9 - 1:9.9.5.dfsg-3ubuntu0.6 bind9-host - 1:9.9.5.dfsg-3ubuntu0.6 No subscription required Medium CVE-2015-8000 Ubuntu 14.04 LTS Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Update Instructions: Run `sudo pro fix USN-2838-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.0.52-0ubuntu1.7 libfontembed1 - 1.0.52-0ubuntu1.7 libcupsfilters-dev - 1.0.52-0ubuntu1.7 cups-filters - 1.0.52-0ubuntu1.7 cups-browsed - 1.0.52-0ubuntu1.7 cups-filters-core-drivers - 1.0.52-0ubuntu1.7 libcupsfilters1 - 1.0.52-0ubuntu1.7 No subscription required Medium CVE-2015-8560 Ubuntu 14.04 LTS As a security improvement against the POODLE attack, this update disables SSLv3 support in the CUPS web interface. For legacy environments where SSLv3 support is still required, it can be re-enabled by adding "SSLOptions AllowSSL3" to /etc/cups/cupsd.conf. Update Instructions: Run `sudo pro fix USN-2839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.7 libcups2-dev - 1.7.2-0ubuntu1.7 cups-bsd - 1.7.2-0ubuntu1.7 libcupsmime1 - 1.7.2-0ubuntu1.7 cups-common - 1.7.2-0ubuntu1.7 cups-core-drivers - 1.7.2-0ubuntu1.7 cups-server-common - 1.7.2-0ubuntu1.7 libcupsimage2 - 1.7.2-0ubuntu1.7 cups-client - 1.7.2-0ubuntu1.7 libcupscgi1-dev - 1.7.2-0ubuntu1.7 libcups2 - 1.7.2-0ubuntu1.7 libcupsmime1-dev - 1.7.2-0ubuntu1.7 cups-ppdc - 1.7.2-0ubuntu1.7 libcupsppdc1 - 1.7.2-0ubuntu1.7 cups - 1.7.2-0ubuntu1.7 libcupsppdc1-dev - 1.7.2-0ubuntu1.7 libcupsimage2-dev - 1.7.2-0ubuntu1.7 cups-daemon - 1.7.2-0ubuntu1.7 No subscription required None https://launchpad.net/bugs/1505328 Ubuntu 14.04 LTS Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) It was discovered that the driver for Digi Neo and ClassicBoard devices did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7885) Update Instructions: Run `sudo pro fix USN-2841-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-73-powerpc-smp - 3.13.0-73.116 linux-image-3.13.0-73-powerpc-e500 - 3.13.0-73.116 linux-image-3.13.0-73-powerpc64-smp - 3.13.0-73.116 linux-image-3.13.0-73-powerpc64-emb - 3.13.0-73.116 linux-image-3.13.0-73-powerpc-e500mc - 3.13.0-73.116 linux-image-extra-3.13.0-73-generic - 3.13.0-73.116 linux-image-3.13.0-73-generic-lpae - 3.13.0-73.116 linux-image-3.13.0-73-lowlatency - 3.13.0-73.116 linux-image-3.13.0-73-generic - 3.13.0-73.116 No subscription required Medium CVE-2015-7799 CVE-2015-7885 CVE-2015-8104 Ubuntu 14.04 LTS Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) It was discovered that the virtual video osd test driver in the Linux kernel did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7884) It was discovered that the driver for Digi Neo and ClassicBoard devices did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7885) Update Instructions: Run `sudo pro fix USN-2842-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-41-powerpc64-emb - 3.19.0-41.46~14.04.2 linux-image-3.19.0-41-generic - 3.19.0-41.46~14.04.2 linux-image-3.19.0-41-powerpc64-smp - 3.19.0-41.46~14.04.2 linux-image-3.19.0-41-powerpc-e500mc - 3.19.0-41.46~14.04.2 linux-image-3.19.0-41-lowlatency - 3.19.0-41.46~14.04.2 linux-image-3.19.0-41-powerpc-smp - 3.19.0-41.46~14.04.2 linux-image-3.19.0-41-generic-lpae - 3.19.0-41.46~14.04.2 linux-image-extra-3.19.0-41-generic - 3.19.0-41.46~14.04.2 No subscription required Medium CVE-2015-7799 CVE-2015-7884 CVE-2015-7885 CVE-2015-8104 Ubuntu 14.04 LTS Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872) It was discovered that the virtual video osd test driver in the Linux kernel did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7884) It was discovered that the driver for Digi Neo and ClassicBoard devices did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7885) Update Instructions: Run `sudo pro fix USN-2843-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-21-powerpc64-emb - 4.2.0-21.25~14.04.1 linux-image-4.2.0-21-powerpc-smp - 4.2.0-21.25~14.04.1 linux-image-4.2.0-21-lowlatency - 4.2.0-21.25~14.04.1 linux-image-4.2.0-21-generic-lpae - 4.2.0-21.25~14.04.1 linux-image-4.2.0-21-generic - 4.2.0-21.25~14.04.1 linux-image-4.2.0-21-powerpc-e500mc - 4.2.0-21.25~14.04.1 linux-image-extra-4.2.0-21-generic - 4.2.0-21.25~14.04.1 linux-image-4.2.0-21-powerpc64-smp - 4.2.0-21.25~14.04.1 No subscription required Medium CVE-2015-7799 CVE-2015-7872 CVE-2015-7884 CVE-2015-7885 CVE-2015-8104 Ubuntu 14.04 LTS Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) It was discovered that the driver for Digi Neo and ClassicBoard devices did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7885) Update Instructions: Run `sudo pro fix USN-2844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-56-powerpc64-smp - 3.16.0-56.75~14.04.1 linux-image-extra-3.16.0-56-generic - 3.16.0-56.75~14.04.1 linux-image-3.16.0-56-powerpc64-emb - 3.16.0-56.75~14.04.1 linux-image-3.16.0-56-generic - 3.16.0-56.75~14.04.1 linux-image-3.16.0-56-powerpc-e500mc - 3.16.0-56.75~14.04.1 linux-image-3.16.0-56-lowlatency - 3.16.0-56.75~14.04.1 linux-image-3.16.0-56-powerpc-smp - 3.16.0-56.75~14.04.1 linux-image-3.16.0-56-generic-lpae - 3.16.0-56.75~14.04.1 No subscription required Medium CVE-2015-7799 CVE-2015-7885 CVE-2015-8104 Ubuntu 14.04 LTS Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925) Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. (CVE-2015-7529) Update Instructions: Run `sudo pro fix USN-2845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sosreport - 3.1-1ubuntu2.2 No subscription required Low CVE-2014-3925 CVE-2015-7529 Ubuntu 14.04 LTS Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552) Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709) Update Instructions: Run `sudo pro fix USN-2848-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-74-generic - 3.13.0-74.118 linux-image-3.13.0-74-powerpc64-emb - 3.13.0-74.118 linux-image-3.13.0-74-lowlatency - 3.13.0-74.118 linux-image-3.13.0-74-generic - 3.13.0-74.118 linux-image-3.13.0-74-generic-lpae - 3.13.0-74.118 linux-image-3.13.0-74-powerpc-e500mc - 3.13.0-74.118 linux-image-3.13.0-74-powerpc-e500 - 3.13.0-74.118 linux-image-3.13.0-74-powerpc64-smp - 3.13.0-74.118 linux-image-3.13.0-74-powerpc-smp - 3.13.0-74.118 No subscription required Medium CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8709 Ubuntu 14.04 LTS Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552) Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709) Update Instructions: Run `sudo pro fix USN-2849-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-57-generic - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-generic-lpae - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-lowlatency - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-powerpc-e500mc - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-powerpc-smp - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-powerpc64-smp - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-generic - 3.16.0-57.77~14.04.1 linux-image-3.16.0-57-powerpc64-emb - 3.16.0-57.77~14.04.1 No subscription required Medium CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8709 Ubuntu 14.04 LTS Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552) Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709) Update Instructions: Run `sudo pro fix USN-2853-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-22-powerpc64-smp - 4.2.0-22.27~14.04.1 linux-image-4.2.0-22-lowlatency - 4.2.0-22.27~14.04.1 linux-image-4.2.0-22-generic - 4.2.0-22.27~14.04.1 linux-image-4.2.0-22-powerpc-e500mc - 4.2.0-22.27~14.04.1 linux-image-4.2.0-22-powerpc-smp - 4.2.0-22.27~14.04.1 linux-image-4.2.0-22-powerpc64-emb - 4.2.0-22.27~14.04.1 linux-image-extra-4.2.0-22-generic - 4.2.0-22.27~14.04.1 linux-image-4.2.0-22-generic-lpae - 4.2.0-22.27~14.04.1 No subscription required Medium CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8709 Ubuntu 14.04 LTS Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552) Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709) Update Instructions: Run `sudo pro fix USN-2854-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.19.0-42-generic - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-generic-lpae - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-powerpc64-smp - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-powerpc64-emb - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-generic - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-lowlatency - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-powerpc-smp - 3.19.0-42.48~14.04.1 linux-image-3.19.0-42-powerpc-e500mc - 3.19.0-42.48~14.04.1 No subscription required Medium CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8709 Ubuntu 14.04 LTS Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A remote attacker could use this issue to access files outside the exported share path. (CVE-2015-5252) Stefan Metzmacher discovered that Samba did not enforce signing when creating encrypted connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-5296) It was discovered that Samba incorrectly performed access control when using the VFS shadow_copy2 module. A remote attacker could use this issue to access snapshots, contrary to intended permissions. (CVE-2015-5299) Douglas Bagnall discovered that Samba incorrectly handled certain string lengths. A remote attacker could use this issue to possibly access sensitive information. (CVE-2015-5330) It was discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-7540) Andrew Bartlett discovered that Samba incorrectly checked administrative privileges during creation of machine accounts. A remote attacker could possibly use this issue to bypass intended access restrictions in certain environments. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-8467) Update Instructions: Run `sudo pro fix USN-2855-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.11 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.11 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.11 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.11 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.11 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.11 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.11 No subscription required Medium CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-7540 CVE-2015-8467 Ubuntu 14.04 LTS USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory details: Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A remote attacker could use this issue to access files outside the exported share path. (CVE-2015-5252) Stefan Metzmacher discovered that Samba did not enforce signing when creating encrypted connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-5296) It was discovered that Samba incorrectly performed access control when using the VFS shadow_copy2 module. A remote attacker could use this issue to access snapshots, contrary to intended permissions. (CVE-2015-5299) Douglas Bagnall discovered that Samba incorrectly handled certain string lengths. A remote attacker could use this issue to possibly access sensitive information. (CVE-2015-5330) It was discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-7540) Andrew Bartlett discovered that Samba incorrectly checked administrative privileges during creation of machine accounts. A remote attacker could possibly use this issue to bypass intended access restrictions in certain environments. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-8467) Update Instructions: Run `sudo pro fix USN-2855-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.12 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.12 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.12 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.12 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.12 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.12 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.12 No subscription required None https://launchpad.net/bugs/1545750 Ubuntu 14.04 LTS Thilo Uttendorfer discovered that the ldb incorrectly handled certain zero values. A remote attacker could use this issue to cause applications using ldb, such as Samba, to stop responding, resulting in a denial of service. (CVE-2015-3223) Douglas Bagnall discovered that ldb incorrectly handled certain string lengths. A remote attacker could use this issue to possibly access sensitive information from memory of applications using ldb, such as Samba. (CVE-2015-5330) Update Instructions: Run `sudo pro fix USN-2856-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldb-tools - 1:1.1.16-1ubuntu0.1 libldb-dev - 1:1.1.16-1ubuntu0.1 python-ldb-dev - 1:1.1.16-1ubuntu0.1 python-ldb - 1:1.1.16-1ubuntu0.1 libldb1 - 1:1.1.16-1ubuntu0.1 No subscription required Medium CVE-2015-3223 CVE-2015-5330 Ubuntu 14.04 LTS Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Update Instructions: Run `sudo pro fix USN-2857-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-43-powerpc64-emb - 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-lowlatency - 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-powerpc64-smp - 3.19.0-43.49~14.04.1 linux-image-extra-3.19.0-43-generic - 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-generic-lpae - 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-powerpc-smp - 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-generic - 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-powerpc-e500mc - 3.19.0-43.49~14.04.1 No subscription required High CVE-2015-8660 Ubuntu 14.04 LTS Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Update Instructions: Run `sudo pro fix USN-2858-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-23-powerpc64-emb - 4.2.0-23.28~14.04.1 linux-image-4.2.0-23-lowlatency - 4.2.0-23.28~14.04.1 linux-image-4.2.0-23-powerpc64-smp - 4.2.0-23.28~14.04.1 linux-image-4.2.0-23-generic - 4.2.0-23.28~14.04.1 linux-image-extra-4.2.0-23-generic - 4.2.0-23.28~14.04.1 linux-image-4.2.0-23-powerpc-smp - 4.2.0-23.28~14.04.1 linux-image-4.2.0-23-generic-lpae - 4.2.0-23.28~14.04.1 linux-image-4.2.0-23-powerpc-e500mc - 4.2.0-23.28~14.04.1 No subscription required High CVE-2015-8660 Ubuntu 14.04 LTS Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Ruderman discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7201) Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7205) Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7212) Ronald Crane dicovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7213) Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information and read local files. (CVE-2015-7214) Update Instructions: Run `sudo pro fix USN-2859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.5.1+build2-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.5.1+build2-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-dev - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.5.1+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7201 CVE-2015-7205 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 Ubuntu 14.04 LTS A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6789) An issue was discovered with the page serializer in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to inject arbitrary script or HTML. (CVE-2015-6790) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6791) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-8548) An integer overflow was discovered in the WebCursor::Deserialize function in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-8664) Update Instructions: Run `sudo pro fix USN-2860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.11.4-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.11.4-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.11.4-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.11.4-0ubuntu0.14.04.1 oxideqmlscene - 1.11.4-0ubuntu0.14.04.1 oxideqt-codecs - 1.11.4-0ubuntu0.14.04.1 liboxideqtquick0 - 1.11.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 CVE-2015-8548 CVE-2015-8664 Ubuntu 14.04 LTS It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8472) Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certain malformed images. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2015-8540) Update Instructions: Run `sudo pro fix USN-2861-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng12-0-udeb - 1.2.50-1ubuntu2.14.04.2 libpng12-dev - 1.2.50-1ubuntu2.14.04.2 libpng3 - 1.2.50-1ubuntu2.14.04.2 libpng12-0 - 1.2.50-1ubuntu2.14.04.2 No subscription required Medium CVE-2015-8472 CVE-2015-8540 Ubuntu 14.04 LTS It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2862-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pygments - 1.6+dfsg-1ubuntu1.1 python-pygments - 1.6+dfsg-1ubuntu1.1 No subscription required Medium CVE-2015-8557 Ubuntu 14.04 LTS Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. Update Instructions: Run `sudo pro fix USN-2864-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.19.2.1-0ubuntu0.14.04.2 libnss3-dev - 2:3.19.2.1-0ubuntu0.14.04.2 libnss3 - 2:3.19.2.1-0ubuntu0.14.04.2 libnss3-1d - 2:3.19.2.1-0ubuntu0.14.04.2 libnss3-tools - 2:3.19.2.1-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-7575 Ubuntu 14.04 LTS Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. Update Instructions: Run `sudo pro fix USN-2865-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.4 gnutls26-doc - 2.12.23-12ubuntu2.4 libgnutls26 - 2.12.23-12ubuntu2.4 libgnutls-dev - 2.12.23-12ubuntu2.4 libgnutls-openssl27 - 2.12.23-12ubuntu2.4 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.4 No subscription required Medium CVE-2015-7575 Ubuntu 14.04 LTS Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. Update Instructions: Run `sudo pro fix USN-2866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-nn - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-nb - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-fa - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-fi - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-fr - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-fy - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-or - 43.0.4+build3-0ubuntu0.14.04.1 firefox-testsuite - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-oc - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-cs - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ga - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-gd - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-gl - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-gu - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-pa - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-pl - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-cy - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-pt - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-hi - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ms - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-he - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-hy - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-hr - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-hu - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-it - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-as - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ar - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-az - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-id - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-mai - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-af - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-is - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-vi - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-an - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-bs - 43.0.4+build3-0ubuntu0.14.04.1 firefox - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ro - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ja - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ru - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-br - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-bn - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-be - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-bg - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-sl - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-sk - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-si - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-sw - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-sv - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-sr - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-sq - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ko - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-kn - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-km - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-kk - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ka - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-xh - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ca - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ku - 43.0.4+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-lv - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-lt - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-th - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 43.0.4+build3-0ubuntu0.14.04.1 firefox-dev - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-te - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ta - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-lg - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-tr - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-nso - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-de - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-da - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-uk - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-mr - 43.0.4+build3-0ubuntu0.14.04.1 firefox-globalmenu - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-uz - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ml - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-mn - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-mk - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-eu - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-et - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-es - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-csb - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-el - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-eo - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-en - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-zu - 43.0.4+build3-0ubuntu0.14.04.1 firefox-locale-ast - 43.0.4+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7575 Ubuntu 14.04 LTS It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-4600) Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local attacker could use this issue to cause libvirt to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8136) Luyao Huang discovered that libvirt incorrectly handled VNC passwords in shapshot and image files. A remote authenticated user could use this issue to possibly obtain VNC passwords. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-0236) Han Han discovered that libvirt incorrectly handled volume creation failure when used with NFS. A remote authenticated user could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-5247) Ossi Herrala and Joonas Kuorilehto discovered that libvirt incorrectly performed storage pool name validation. A remote authenticated user could use this issue to bypass ACLs and gain access to unintended files. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-5313) Update Instructions: Run `sudo pro fix USN-2867-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.16 libvirt-dev - 1.2.2-0ubuntu13.1.16 libvirt-doc - 1.2.2-0ubuntu13.1.16 libvirt-bin - 1.2.2-0ubuntu13.1.16 No subscription required Medium CVE-2011-4600 CVE-2014-8136 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 Ubuntu 14.04 LTS Sebastian Poehn discovered that the DHCP server, client, and relay incorrectly handled certain malformed UDP packets. A remote attacker could use this issue to cause the DHCP server, client, or relay to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-relay - 4.2.4-7ubuntu12.4 isc-dhcp-dev - 4.2.4-7ubuntu12.4 isc-dhcp-client - 4.2.4-7ubuntu12.4 isc-dhcp-common - 4.2.4-7ubuntu12.4 isc-dhcp-server - 4.2.4-7ubuntu12.4 isc-dhcp-client-udeb - 4.2.4-7ubuntu12.4 isc-dhcp-server-ldap - 4.2.4-7ubuntu12.4 No subscription required Medium CVE-2015-8605 Ubuntu 14.04 LTS It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys. Update Instructions: Run `sudo pro fix USN-2869-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.4 openssh-client - 1:6.6p1-2ubuntu2.4 openssh-server - 1:6.6p1-2ubuntu2.4 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.4 ssh - 1:6.6p1-2ubuntu2.4 ssh-krb5 - 1:6.6p1-2ubuntu2.4 openssh-client-udeb - 1:6.6p1-2ubuntu2.4 openssh-sftp-server - 1:6.6p1-2ubuntu2.4 No subscription required High CVE-2016-0777 CVE-2016-0778 Ubuntu 14.04 LTS Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-76-generic-lpae - 3.13.0-76.120 linux-image-3.13.0-76-lowlatency - 3.13.0-76.120 linux-image-extra-3.13.0-76-generic - 3.13.0-76.120 linux-image-3.13.0-76-powerpc-e500mc - 3.13.0-76.120 linux-image-3.13.0-76-powerpc64-emb - 3.13.0-76.120 linux-image-3.13.0-76-powerpc64-smp - 3.13.0-76.120 linux-image-3.13.0-76-powerpc-e500 - 3.13.0-76.120 linux-image-3.13.0-76-generic - 3.13.0-76.120 linux-image-3.13.0-76-powerpc-smp - 3.13.0-76.120 No subscription required High CVE-2016-0728 Ubuntu 14.04 LTS Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2871-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-47-powerpc-e500mc - 3.19.0-47.53~14.04.1 linux-image-3.19.0-47-powerpc64-emb - 3.19.0-47.53~14.04.1 linux-image-3.19.0-47-powerpc-smp - 3.19.0-47.53~14.04.1 linux-image-3.19.0-47-powerpc64-smp - 3.19.0-47.53~14.04.1 linux-image-3.19.0-47-lowlatency - 3.19.0-47.53~14.04.1 linux-image-3.19.0-47-generic - 3.19.0-47.53~14.04.1 linux-image-extra-3.19.0-47-generic - 3.19.0-47.53~14.04.1 linux-image-3.19.0-47-generic-lpae - 3.19.0-47.53~14.04.1 No subscription required High CVE-2016-0728 Ubuntu 14.04 LTS Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2872-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.2.0-25-generic - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-powerpc64-smp - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-powerpc-smp - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-lowlatency - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-powerpc-e500mc - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-generic-lpae - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-powerpc64-emb - 4.2.0-25.30~14.04.1 linux-image-4.2.0-25-generic - 4.2.0-25.30~14.04.1 No subscription required High CVE-2016-0728 Ubuntu 14.04 LTS Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2873-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-59-powerpc-e500mc - 3.16.0-59.79~14.04.1 linux-image-3.16.0-59-powerpc64-smp - 3.16.0-59.79~14.04.1 linux-image-3.16.0-59-generic-lpae - 3.16.0-59.79~14.04.1 linux-image-3.16.0-59-powerpc-smp - 3.16.0-59.79~14.04.1 linux-image-3.16.0-59-lowlatency - 3.16.0-59.79~14.04.1 linux-image-3.16.0-59-generic - 3.16.0-59.79~14.04.1 linux-image-extra-3.16.0-59-generic - 3.16.0-59.79~14.04.1 linux-image-3.16.0-59-powerpc64-emb - 3.16.0-59.79~14.04.1 No subscription required High CVE-2016-0728 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.7 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.7 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.7 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.7 bind9utils - 1:9.9.5.dfsg-3ubuntu0.7 libdns100 - 1:9.9.5.dfsg-3ubuntu0.7 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.7 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.7 host - 1:9.9.5.dfsg-3ubuntu0.7 lwresd - 1:9.9.5.dfsg-3ubuntu0.7 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.7 libisc95 - 1:9.9.5.dfsg-3ubuntu0.7 bind9 - 1:9.9.5.dfsg-3ubuntu0.7 bind9-host - 1:9.9.5.dfsg-3ubuntu0.7 No subscription required Medium CVE-2015-8704 Ubuntu 14.04 LTS It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2875-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.7 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.7 libxml2 - 2.9.1+dfsg1-3ubuntu4.7 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.7 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.7 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.7 No subscription required Medium CVE-2015-7499 CVE-2015-8710 Ubuntu 14.04 LTS Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges. (CVE-2016-1572) Update Instructions: Run `sudo pro fix USN-2876-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ecryptfs-utils - 104-0ubuntu1.14.04.4 python-ecryptfs - 104-0ubuntu1.14.04.4 libecryptfs0 - 104-0ubuntu1.14.04.4 libecryptfs-dev - 104-0ubuntu1.14.04.4 No subscription required Medium CVE-2016-1572 Ubuntu 14.04 LTS A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-1612) An issue was discovered when initializing the UnacceleratedImageBufferSurface class in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1614) An issue was discovered with the CSP implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to determine whether specific HSTS sites had been visited by reading a CSP report. (CVE-2016-1617) An issue was discovered with random number generator in Blink. An attacker could potentially exploit this to defeat cryptographic protection mechanisms. (CVE-2016-1618) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1620) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2051) Multiple security issues were discovered in Harfbuzz. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2052) Update Instructions: Run `sudo pro fix USN-2877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.12.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.12.5-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.12.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.12.5-0ubuntu0.14.04.1 oxideqmlscene - 1.12.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.12.5-0ubuntu0.14.04.1 liboxideqtquick0 - 1.12.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1612 CVE-2016-1614 CVE-2016-1617 CVE-2016-1618 CVE-2016-1620 CVE-2016-2051 CVE-2016-2052 Ubuntu 14.04 LTS It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory. Update Instructions: Run `sudo pro fix USN-2879-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.0-2ubuntu0.2 No subscription required Medium CVE-2014-9512 Ubuntu 14.04 LTS Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1930, CVE-2016-1931) Gustavo Grieco discovered an out-of-memory crash when loading GIF images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service. (CVE-2016-1933) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1935) It was discovered that a delay was missing when focusing the protocol handler dialog. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2016-1937) Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) Nicholas Hurley discovered that Firefox allows for control characters to be set in cookie names. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2016-1939) It was discovered that when certain invalid URLs are pasted in to the addressbar, the addressbar contents may be manipulated to show the location of arbitrary websites. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1942) Ronald Crane discovered three vulnerabilities through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946) François Marier discovered that Application Reputation lookups didn't work correctly, disabling warnings for potentially malicious downloads. An attacker could potentially exploit this by tricking a user in to downloading a malicious file. Other parts of the Safe Browsing feature were unaffected by this. (CVE-2016-1947) Update Instructions: Run `sudo pro fix USN-2880-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-nn - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-nb - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-fa - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-fi - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-fr - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-fy - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-or - 44.0+build3-0ubuntu0.14.04.1 firefox-testsuite - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-oc - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-cs - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ga - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-gd - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-gl - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-gu - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-pa - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-pl - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-cy - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-pt - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-hi - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ms - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-he - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-hy - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-hr - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-hu - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-it - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-as - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ar - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-az - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-id - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-mai - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-af - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-is - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-vi - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-an - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-bs - 44.0+build3-0ubuntu0.14.04.1 firefox - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ro - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ja - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ru - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-br - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-bn - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-be - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-bg - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-sl - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-sk - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-si - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-sw - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-sv - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-sr - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-sq - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ko - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-kn - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-km - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-kk - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ka - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-xh - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ca - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ku - 44.0+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-lv - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-lt - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-th - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 44.0+build3-0ubuntu0.14.04.1 firefox-dev - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-te - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ta - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-lg - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-tr - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-nso - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-de - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-da - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-uk - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-mr - 44.0+build3-0ubuntu0.14.04.1 firefox-globalmenu - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-uz - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ml - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-mn - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-mk - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-eu - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-et - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-es - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-csb - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-el - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-eo - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-en - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-zu - 44.0+build3-0ubuntu0.14.04.1 firefox-locale-ast - 44.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 Ubuntu 14.04 LTS USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1930, CVE-2016-1931) Gustavo Grieco discovered an out-of-memory crash when loading GIF images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service. (CVE-2016-1933) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1935) It was discovered that a delay was missing when focusing the protocol handler dialog. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2016-1937) Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) Nicholas Hurley discovered that Firefox allows for control characters to be set in cookie names. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2016-1939) It was discovered that when certain invalid URLs are pasted in to the addressbar, the addressbar contents may be manipulated to show the location of arbitrary websites. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1942) Ronald Crane discovered three vulnerabilities through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946) François Marier discovered that Application Reputation lookups didn't work correctly, disabling warnings for potentially malicious downloads. An attacker could potentially exploit this by tricking a user in to downloading a malicious file. Other parts of the Safe Browsing feature were unaffected by this. (CVE-2016-1947) Update Instructions: Run `sudo pro fix USN-2880-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 44.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 44.0.1+build2-0ubuntu0.14.04.1 firefox - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 44.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 44.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 44.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 44.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 44.0.1+build2-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1538724 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Update Instructions: Run `sudo pro fix USN-2881-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.47-0ubuntu0.14.04.1 mysql-client - 5.5.47-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.47-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.47-0ubuntu0.14.04.1 libmysqld-pic - 5.5.47-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.47-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.47-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.47-0ubuntu0.14.04.1 mysql-common - 5.5.47-0ubuntu0.14.04.1 mysql-server - 5.5.47-0ubuntu0.14.04.1 mysql-testsuite - 5.5.47-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.47-0ubuntu0.14.04.1 libmysqld-dev - 5.5.47-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.47-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-0503 CVE-2016-0504 CVE-2016-0505 CVE-2016-0546 CVE-2016-0595 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0607 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0611 CVE-2016-0616 Ubuntu 14.04 LTS Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy credentials when subsequently connecting to the same host. Update Instructions: Run `sudo pro fix USN-2882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.6 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.6 libcurl4-openssl-dev - 7.35.0-1ubuntu2.6 libcurl3-gnutls - 7.35.0-1ubuntu2.6 libcurl3-udeb - 7.35.0-1ubuntu2.6 libcurl4-doc - 7.35.0-1ubuntu2.6 libcurl3-nss - 7.35.0-1ubuntu2.6 libcurl4-nss-dev - 7.35.0-1ubuntu2.6 libcurl3 - 7.35.0-1ubuntu2.6 curl - 7.35.0-1ubuntu2.6 No subscription required Medium CVE-2016-0755 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used for TLS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to expose sensitive information. (CVE-2015-7575) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0448) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-0466) Update Instructions: Run `sudo pro fix USN-2884-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-source - 7u95-2.6.4-0ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-lib - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jdk - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-headless - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-doc - 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-demo - 7u95-2.6.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Ubuntu 14.04 LTS It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) Update Instructions: Run `sudo pro fix USN-2887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-77-powerpc64-emb - 3.13.0-77.121 linux-image-3.13.0-77-generic - 3.13.0-77.121 linux-image-3.13.0-77-powerpc-e500mc - 3.13.0-77.121 linux-image-3.13.0-77-lowlatency - 3.13.0-77.121 linux-image-extra-3.13.0-77-generic - 3.13.0-77.121 linux-image-3.13.0-77-powerpc-smp - 3.13.0-77.121 linux-image-3.13.0-77-powerpc-e500 - 3.13.0-77.121 linux-image-3.13.0-77-powerpc64-smp - 3.13.0-77.121 linux-image-3.13.0-77-generic-lpae - 3.13.0-77.121 No subscription required Medium CVE-2013-7446 CVE-2015-7513 CVE-2015-7990 CVE-2015-8374 Ubuntu 14.04 LTS It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) 郭永刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) Update Instructions: Run `sudo pro fix USN-2888-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-60-powerpc64-emb - 3.16.0-60.80~14.04.1 linux-image-3.16.0-60-lowlatency - 3.16.0-60.80~14.04.1 linux-image-3.16.0-60-generic - 3.16.0-60.80~14.04.1 linux-image-3.16.0-60-generic-lpae - 3.16.0-60.80~14.04.1 linux-image-3.16.0-60-powerpc-e500mc - 3.16.0-60.80~14.04.1 linux-image-3.16.0-60-powerpc64-smp - 3.16.0-60.80~14.04.1 linux-image-extra-3.16.0-60-generic - 3.16.0-60.80~14.04.1 linux-image-3.16.0-60-powerpc-smp - 3.16.0-60.80~14.04.1 No subscription required Medium CVE-2013-7446 CVE-2015-7513 CVE-2015-7550 CVE-2015-7990 CVE-2015-8374 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 Ubuntu 14.04 LTS It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) It was discovered that the netfilter Network Address Translation (NAT) implementation did not ensure that data structures were initialized when handling IPv4 addresses. An attacker could use this to cause a denial of service (system crash). (CVE-2015-8787) Update Instructions: Run `sudo pro fix USN-2889-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-49-powerpc-smp - 3.19.0-49.55~14.04.1 linux-image-3.19.0-49-powerpc-e500mc - 3.19.0-49.55~14.04.1 linux-image-3.19.0-49-lowlatency - 3.19.0-49.55~14.04.1 linux-image-3.19.0-49-generic-lpae - 3.19.0-49.55~14.04.1 linux-image-3.19.0-49-powerpc64-emb - 3.19.0-49.55~14.04.1 linux-image-3.19.0-49-generic - 3.19.0-49.55~14.04.1 linux-image-extra-3.19.0-49-generic - 3.19.0-49.55~14.04.1 linux-image-3.19.0-49-powerpc64-smp - 3.19.0-49.55~14.04.1 No subscription required Medium CVE-2013-7446 CVE-2015-7513 CVE-2015-7990 CVE-2015-8374 CVE-2015-8787 Ubuntu 14.04 LTS It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) 郭永刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the netfilter Network Address Translation (NAT) implementation did not ensure that data structures were initialized when handling IPv4 addresses. An attacker could use this to cause a denial of service (system crash). (CVE-2015-8787) Update Instructions: Run `sudo pro fix USN-2890-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.2.0-27-generic - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-lowlatency - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-generic-lpae - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-powerpc-e500mc - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-powerpc64-emb - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-powerpc-smp - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-powerpc64-smp - 4.2.0-27.32~14.04.1 linux-image-4.2.0-27-generic - 4.2.0-27.32~14.04.1 No subscription required Medium CVE-2013-7446 CVE-2015-7513 CVE-2015-7550 CVE-2015-7990 CVE-2015-8374 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8787 Ubuntu 14.04 LTS Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-7549) Lian Yihan discovered that QEMU incorrectly handled the VNC server. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8504) Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2015-8558) Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568) Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613) Ling Liu discovered that QEMU incorrectly handled the Human Monitor Interface. A local attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922) David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset emulation when performing VM guest migrations. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666) Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8743) It was discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745) Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1568) Donghai Zhu discovered that QEMU incorrect handled the firmware configuration device. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1714) It was discovered that QEMU incorrectly handled the e1000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-1981) Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 15.10. (CVE-2016-2197) Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-2198) Update Instructions: Run `sudo pro fix USN-2891-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.22 qemu-user-static - 2.0.0+dfsg-2ubuntu1.22 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.22 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.22 qemu-kvm - 2.0.0+dfsg-2ubuntu1.22 qemu-user - 2.0.0+dfsg-2ubuntu1.22 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.22 qemu-system - 2.0.0+dfsg-2ubuntu1.22 qemu-utils - 2.0.0+dfsg-2ubuntu1.22 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.22 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.22 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.22 qemu-common - 2.0.0+dfsg-2ubuntu1.22 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.22 qemu - 2.0.0+dfsg-2ubuntu1.22 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.22 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.22 No subscription required Medium CVE-2015-7549 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8666 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2197 CVE-2016-2198 Ubuntu 14.04 LTS It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. (CVE-2016-0742) It was discovered that nginx incorrectly handled CNAME response processing when the resolver is enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0746) It was discovered that nginx incorrectly handled CNAME resolution when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to consume resources, resulting in a denial of service. (CVE-2016-0747) Update Instructions: Run `sudo pro fix USN-2892-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.4 nginx-core - 1.4.6-1ubuntu3.4 nginx-common - 1.4.6-1ubuntu3.4 nginx-full - 1.4.6-1ubuntu3.4 nginx - 1.4.6-1ubuntu3.4 nginx-doc - 1.4.6-1ubuntu3.4 nginx-naxsi - 1.4.6-1ubuntu3.4 nginx-naxsi-ui - 1.4.6-1ubuntu3.4 nginx-light - 1.4.6-1ubuntu3.4 No subscription required Medium CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 Ubuntu 14.04 LTS Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to bypass same origin restrictions using the Flash plugin. (CVE-2016-1949) Update Instructions: Run `sudo pro fix USN-2893-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 44.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 44.0.2+build1-0ubuntu0.14.04.1 firefox - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 44.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 44.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 44.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 44.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 44.0.2+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1949 Ubuntu 14.04 LTS It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766) Update Instructions: Run `sudo pro fix USN-2894-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.11-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.11-0ubuntu0.14.04 postgresql-9.3 - 9.3.11-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.11-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.11-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.11-0ubuntu0.14.04 libecpg6 - 9.3.11-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.11-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.11-0ubuntu0.14.04 libpgtypes3 - 9.3.11-0ubuntu0.14.04 libecpg-dev - 9.3.11-0ubuntu0.14.04 libpq-dev - 9.3.11-0ubuntu0.14.04 libpq5 - 9.3.11-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.11-0ubuntu0.14.04 libecpg-compat3 - 9.3.11-0ubuntu0.14.04 No subscription required Medium CVE-2016-0766 CVE-2016-0773 Ubuntu 14.04 LTS The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1623) An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1624) Update Instructions: Run `sudo pro fix USN-2895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.12.6-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.12.6-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.12.6-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.12.6-0ubuntu0.14.04.1 oxideqmlscene - 1.12.6-0ubuntu0.14.04.1 oxideqt-codecs - 1.12.6-0ubuntu0.14.04.1 liboxideqtquick0 - 1.12.6-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1623 CVE-2016-1624 Ubuntu 14.04 LTS Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Update Instructions: Run `sudo pro fix USN-2896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.3 libgcrypt11-udeb - 1.5.3-2ubuntu4.3 libgcrypt11-dev - 1.5.3-2ubuntu4.3 libgcrypt11 - 1.5.3-2ubuntu4.3 No subscription required Medium CVE-2015-7511 Ubuntu 14.04 LTS Hanno Böck discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8803) Hanno Böck discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. (CVE-2015-8804) Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8805) Update Instructions: Run `sudo pro fix USN-2897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nettle-bin - 2.7.1-1ubuntu0.1 libhogweed2 - 2.7.1-1ubuntu0.1 nettle-dev - 2.7.1-1ubuntu0.1 libnettle4 - 2.7.1-1ubuntu0.1 No subscription required Medium CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 Ubuntu 14.04 LTS It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgail-doc - 2.24.23-0ubuntu1.4 libgtk2.0-0-udeb - 2.24.23-0ubuntu1.4 libgtk2.0-doc - 2.24.23-0ubuntu1.4 libgail-dev - 2.24.23-0ubuntu1.4 gir1.2-gtk-2.0 - 2.24.23-0ubuntu1.4 libgail-common - 2.24.23-0ubuntu1.4 gtk2.0-examples - 2.24.23-0ubuntu1.4 gtk2-engines-pixbuf - 2.24.23-0ubuntu1.4 libgtk2.0-common - 2.24.23-0ubuntu1.4 libgtk2.0-bin - 2.24.23-0ubuntu1.4 libgtk2.0-0 - 2.24.23-0ubuntu1.4 libgail18 - 2.24.23-0ubuntu1.4 libgtk2.0-dev - 2.24.23-0ubuntu1.4 No subscription required Medium CVE-2013-7447 Ubuntu 14.04 LTS It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2898-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: eog-dev - 3.10.2-0ubuntu5.1 eog - 3.10.2-0ubuntu5.1 No subscription required Medium CVE-2013-7447 Ubuntu 14.04 LTS It was discovered that LibreOffice incorrectly handled LWP document files. If a user were tricked into opening a specially crafted LWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu4 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu4 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu4 libreoffice-impress - 1:4.2.8-0ubuntu4 libreoffice-officebean - 1:4.2.8-0ubuntu4 libreoffice-base - 1:4.2.8-0ubuntu4 libreoffice-librelogo - 1:4.2.8-0ubuntu4 libreoffice-java-common - 1:4.2.8-0ubuntu4 browser-plugin-libreoffice - 1:4.2.8-0ubuntu4 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu4 libreoffice-style-tango - 1:4.2.8-0ubuntu4 libreoffice-style-crystal - 1:4.2.8-0ubuntu4 libreoffice-kde - 1:4.2.8-0ubuntu4 libreoffice-l10n-ku - 1:4.2.8-0ubuntu4 libreoffice-style-galaxy - 1:4.2.8-0ubuntu4 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu4 libreoffice-core - 1:4.2.8-0ubuntu4 libreoffice-presenter-console - 1:4.2.8-0ubuntu4 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu4 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu4 libreoffice-script-provider-python - 1:4.2.8-0ubuntu4 libreoffice-common - 1:4.2.8-0ubuntu4 libreoffice-gnome - 1:4.2.8-0ubuntu4 libreoffice-dev - 1:4.2.8-0ubuntu4 libreoffice-gtk3 - 1:4.2.8-0ubuntu4 libreoffice-report-builder - 1:4.2.8-0ubuntu4 libreoffice-pdfimport - 1:4.2.8-0ubuntu4 libreoffice-base-core - 1:4.2.8-0ubuntu4 libreoffice-ogltrans - 1:4.2.8-0ubuntu4 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu4 libreoffice-gtk - 1:4.2.8-0ubuntu4 libreoffice-calc - 1:4.2.8-0ubuntu4 libreoffice-base-drivers - 1:4.2.8-0ubuntu4 libreoffice-style-oxygen - 1:4.2.8-0ubuntu4 libreoffice-emailmerge - 1:4.2.8-0ubuntu4 libreoffice-style-human - 1:4.2.8-0ubuntu4 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu4 python3-uno - 1:4.2.8-0ubuntu4 libreoffice-math - 1:4.2.8-0ubuntu4 libreoffice-writer - 1:4.2.8-0ubuntu4 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu4 libreoffice-script-provider-js - 1:4.2.8-0ubuntu4 libreoffice - 1:4.2.8-0ubuntu4 libreoffice-draw - 1:4.2.8-0ubuntu4 libreoffice-style-sifr - 1:4.2.8-0ubuntu4 libreoffice-dev-doc - 1:4.2.8-0ubuntu4 libreoffice-l10n-in - 1:4.2.8-0ubuntu4 libreoffice-l10n-za - 1:4.2.8-0ubuntu4 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu4 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu4 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu4 No subscription required uno-libs3 - 4.2.8-0ubuntu4 ure - 4.2.8-0ubuntu4 No subscription required Medium CVE-2016-0794 CVE-2016-0795 Ubuntu 14.04 LTS It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.7 libnss-dns-udeb - 2.19-0ubuntu6.7 libc6-ppc64 - 2.19-0ubuntu6.7 libc-bin - 2.19-0ubuntu6.7 libc6-x32 - 2.19-0ubuntu6.7 libc6-armel - 2.19-0ubuntu6.7 eglibc-source - 2.19-0ubuntu6.7 libc6-pic - 2.19-0ubuntu6.7 libc6-dev-ppc64 - 2.19-0ubuntu6.7 libc6-dev-armel - 2.19-0ubuntu6.7 libnss-files-udeb - 2.19-0ubuntu6.7 glibc-doc - 2.19-0ubuntu6.7 nscd - 2.19-0ubuntu6.7 multiarch-support - 2.19-0ubuntu6.7 libc6-dev - 2.19-0ubuntu6.7 libc6-amd64 - 2.19-0ubuntu6.7 libc6-dev-amd64 - 2.19-0ubuntu6.7 libc6 - 2.19-0ubuntu6.7 libc6-dev-x32 - 2.19-0ubuntu6.7 libc6-udeb - 2.19-0ubuntu6.7 libc6-dev-i386 - 2.19-0ubuntu6.7 libc-dev-bin - 2.19-0ubuntu6.7 libc6-prof - 2.19-0ubuntu6.7 No subscription required High CVE-2015-7547 Ubuntu 14.04 LTS It was discovered that xdelta3 incorrectly handled certain files. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could use this issue to cause xdelta3 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2901-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdelta3 - 3.0.7-dfsg-2ubuntu0.2 No subscription required Medium CVE-2014-9765 Ubuntu 14.04 LTS Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2902-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphite2-doc - 1.2.4-1ubuntu1.1 libgraphite2-3 - 1.2.4-1ubuntu1.1 libgraphite2-dev - 1.2.4-1ubuntu1.1 No subscription required Medium CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 Ubuntu 14.04 LTS Hanno Böck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. (CVE-2016-1938) This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Update Instructions: Run `sudo pro fix USN-2903-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.21-0ubuntu0.14.04.1 libnss3-dev - 2:3.21-0ubuntu0.14.04.1 libnss3 - 2:3.21-0ubuntu0.14.04.1 libnss3-1d - 2:3.21-0ubuntu0.14.04.1 libnss3-tools - 2:3.21-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1938 Ubuntu 14.04 LTS Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code with the privileges of the user invoking Thunderbird. (CVE-2016-1523) Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1930) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1935) Update Instructions: Run `sudo pro fix USN-2904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.6.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.6.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.6.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935 Ubuntu 14.04 LTS A security issue was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or a sandbox protection mechanism. (CVE-2016-1629) Update Instructions: Run `sudo pro fix USN-2905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.12.7-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.12.7-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.12.7-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.12.7-0ubuntu0.14.04.1 oxideqmlscene - 1.12.7-0ubuntu0.14.04.1 oxideqt-codecs - 1.12.7-0ubuntu0.14.04.1 liboxideqtquick0 - 1.12.7-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1629 Ubuntu 14.04 LTS Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-1197) Gustavo Grieco discovered that GNU cpio incorrectly handled memory when extracting archive files. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could use this issue to cause GNU cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2037) Update Instructions: Run `sudo pro fix USN-2906-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.11+dfsg-1ubuntu1.2 No subscription required Medium CVE-2015-1197 CVE-2016-2037 Ubuntu 14.04 LTS halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Update Instructions: Run `sudo pro fix USN-2907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-79-lowlatency - 3.13.0-79.123 linux-image-extra-3.13.0-79-generic - 3.13.0-79.123 linux-image-3.13.0-79-powerpc-e500mc - 3.13.0-79.123 linux-image-3.13.0-79-powerpc64-emb - 3.13.0-79.123 linux-image-3.13.0-79-powerpc-e500 - 3.13.0-79.123 linux-image-3.13.0-79-generic - 3.13.0-79.123 linux-image-3.13.0-79-powerpc-smp - 3.13.0-79.123 linux-image-3.13.0-79-generic-lpae - 3.13.0-79.123 linux-image-3.13.0-79-powerpc64-smp - 3.13.0-79.123 No subscription required High CVE-2015-7550 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8785 CVE-2016-1575 CVE-2016-1576 Ubuntu 14.04 LTS halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069) Update Instructions: Run `sudo pro fix USN-2908-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.2.0-30-generic - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-powerpc-smp - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-powerpc64-smp - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-lowlatency - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-powerpc-e500mc - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-powerpc64-emb - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-generic-lpae - 4.2.0-30.35~14.04.1 linux-image-4.2.0-30-generic - 4.2.0-30.35~14.04.1 No subscription required High CVE-2013-4312 CVE-2015-8785 CVE-2016-1575 CVE-2016-1576 CVE-2016-2069 Ubuntu 14.04 LTS USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem. We apologize for the inconvenience. Original advisory details: halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069) Update Instructions: Run `sudo pro fix USN-2908-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.2.0-30-generic - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc-smp - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc64-smp - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-lowlatency - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc-e500mc - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc64-emb - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-generic-lpae - 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-generic - 4.2.0-30.36~14.04.1 No subscription required None https://launchpad.net/bugs/1548587 Ubuntu 14.04 LTS halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Update Instructions: Run `sudo pro fix USN-2909-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-62-generic - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-generic-lpae - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-lowlatency - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-powerpc-e500mc - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-powerpc-smp - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-powerpc64-smp - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-generic - 3.16.0-62.82~14.04.1 linux-image-3.16.0-62-powerpc64-emb - 3.16.0-62.82~14.04.1 No subscription required High CVE-2015-8785 CVE-2016-1575 CVE-2016-1576 Ubuntu 14.04 LTS USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 14.10 backport kernel within VMWare virtual machines. This update fixes the problem. We apologize for the inconvenience. Original advisory details: halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Update Instructions: Run `sudo pro fix USN-2909-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-62-generic - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-generic-lpae - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-lowlatency - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-powerpc-e500mc - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-powerpc-smp - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-powerpc64-smp - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-generic - 3.16.0-62.83~14.04.1 linux-image-3.16.0-62-powerpc64-emb - 3.16.0-62.83~14.04.1 No subscription required None https://launchpad.net/bugs/1548587 Ubuntu 14.04 LTS halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Update Instructions: Run `sudo pro fix USN-2910-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-51-generic-lpae - 3.19.0-51.57~14.04.1 linux-image-3.19.0-51-lowlatency - 3.19.0-51.57~14.04.1 linux-image-3.19.0-51-generic - 3.19.0-51.57~14.04.1 linux-image-extra-3.19.0-51-generic - 3.19.0-51.57~14.04.1 linux-image-3.19.0-51-powerpc-e500mc - 3.19.0-51.57~14.04.1 linux-image-3.19.0-51-powerpc64-smp - 3.19.0-51.57~14.04.1 linux-image-3.19.0-51-powerpc64-emb - 3.19.0-51.57~14.04.1 linux-image-3.19.0-51-powerpc-smp - 3.19.0-51.57~14.04.1 No subscription required High CVE-2015-7550 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8785 CVE-2016-1575 CVE-2016-1576 Ubuntu 14.04 LTS USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare virtual machines. This update fixes the problem. We apologize for the inconvenience. Original advisory details: halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Update Instructions: Run `sudo pro fix USN-2910-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-51-generic-lpae - 3.19.0-51.58~14.04.1 linux-image-3.19.0-51-lowlatency - 3.19.0-51.58~14.04.1 linux-image-3.19.0-51-generic - 3.19.0-51.58~14.04.1 linux-image-extra-3.19.0-51-generic - 3.19.0-51.58~14.04.1 linux-image-3.19.0-51-powerpc-e500mc - 3.19.0-51.58~14.04.1 linux-image-3.19.0-51-powerpc64-smp - 3.19.0-51.58~14.04.1 linux-image-3.19.0-51-powerpc64-emb - 3.19.0-51.58~14.04.1 linux-image-3.19.0-51-powerpc-smp - 3.19.0-51.58~14.04.1 No subscription required None https://launchpad.net/bugs/1548587 Ubuntu 14.04 LTS Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. (CVE-2015-3146) Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2016-0739) Update Instructions: Run `sudo pro fix USN-2912-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.6.1-0ubuntu3.3 libssh-dev - 0.6.1-0ubuntu3.3 libssh-doc - 0.6.1-0ubuntu3.3 No subscription required Medium CVE-2015-3146 CVE-2016-0739 Ubuntu 14.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Update Instructions: Run `sudo pro fix USN-2913-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20160104ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1528645 Ubuntu 14.04 LTS USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Update Instructions: Run `sudo pro fix USN-2913-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glib-networking - 2.40.0-1ubuntu0.1 glib-networking-services - 2.40.0-1ubuntu0.1 glib-networking-tests - 2.40.0-1ubuntu0.1 glib-networking-common - 2.40.0-1ubuntu0.1 No subscription required None https://launchpad.net/bugs/1528645 Ubuntu 14.04 LTS USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Update Instructions: Run `sudo pro fix USN-2913-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.17 libssl-dev - 1.0.1f-1ubuntu2.17 openssl - 1.0.1f-1ubuntu2.17 libssl-doc - 1.0.1f-1ubuntu2.17 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.17 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.17 No subscription required None https://launchpad.net/bugs/1528645 Ubuntu 14.04 LTS USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Update Instructions: Run `sudo pro fix USN-2913-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.5 gnutls26-doc - 2.12.23-12ubuntu2.5 libgnutls26 - 2.12.23-12ubuntu2.5 libgnutls-dev - 2.12.23-12ubuntu2.5 libgnutls-openssl27 - 2.12.23-12ubuntu2.5 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.5 No subscription required None https://launchpad.net/bugs/1528645 Ubuntu 14.04 LTS Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. (CVE-2016-0702) Adam Langley discovered that OpenSSL incorrectly handled memory when parsing DSA private keys. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0705) Guido Vranken discovered that OpenSSL incorrectly handled hex digit calculation in the BN_hex2bn function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0797) Emilia Käsper discovered that OpenSSL incorrectly handled memory when performing SRP user database lookups. A remote attacker could possibly use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2016-0798) Guido Vranken discovered that OpenSSL incorrectly handled memory when printing very long strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0799) Update Instructions: Run `sudo pro fix USN-2914-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.18 libssl-dev - 1.0.1f-1ubuntu2.18 openssl - 1.0.1f-1ubuntu2.18 libssl-doc - 1.0.1f-1ubuntu2.18 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.18 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.18 No subscription required Medium CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 Ubuntu 14.04 LTS Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. (CVE-2016-2513) Update Instructions: Run `sudo pro fix USN-2915-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.12 python-django - 1.6.1-2ubuntu0.12 No subscription required Medium CVE-2016-2512 CVE-2016-2513 Ubuntu 14.04 LTS USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. (CVE-2016-2513) Update Instructions: Run `sudo pro fix USN-2915-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.14 python-django - 1.6.1-2ubuntu0.14 No subscription required None https://launchpad.net/bugs/1553251 Ubuntu 14.04 LTS USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. (CVE-2016-2513) Update Instructions: Run `sudo pro fix USN-2915-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.14 python-django - 1.6.1-2ubuntu0.14 No subscription required None https://launchpad.net/bugs/1553251 Ubuntu 14.04 LTS It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-7422) Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. (CVE-2014-4330) Stephane Chazelas discovered that Perl incorrectly handled duplicate environment variables. An attacker could possibly use this issue to bypass the taint protection mechanism. (CVE-2016-2381) Update Instructions: Run `sudo pro fix USN-2916-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.1 perl-doc - 5.18.2-2ubuntu1.1 libperl5.18 - 5.18.2-2ubuntu1.1 perl-base - 5.18.2-2ubuntu1.1 perl-modules - 5.18.2-2ubuntu1.1 libcgi-fast-perl - 5.18.2-2ubuntu1.1 perl - 5.18.2-2ubuntu1.1 perl-debug - 5.18.2-2ubuntu1.1 No subscription required Medium CVE-2013-7422 CVE-2014-4330 CVE-2016-2381 Ubuntu 14.04 LTS Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961) Dominique Hazaël-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963) Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update Instructions: Run `sudo pro fix USN-2917-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 45.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-gn - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 45.0+build2-0ubuntu0.14.04.1 firefox - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 45.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 45.0+build2-0ubuntu0.14.04.1 firefox-dev - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 45.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 45.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 45.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1973 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Ubuntu 14.04 LTS USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961) Dominique Hazaël-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963) Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update Instructions: Run `sudo pro fix USN-2917-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-nn - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-nb - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-fa - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-fi - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-fr - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-fy - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-or - 45.0.1+build1-0ubuntu0.14.04.2 firefox-testsuite - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-oc - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-cs - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ga - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-gd - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-gn - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-gl - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-gu - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-pa - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-pl - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-cy - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-pt - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-hi - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ms - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-he - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-hy - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-hr - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-hu - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-it - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-as - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ar - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-az - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-id - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-mai - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-af - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-is - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-vi - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-an - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-bs - 45.0.1+build1-0ubuntu0.14.04.2 firefox - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ro - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ja - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ru - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-br - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-zh-hant - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-zh-hans - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-bn - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-be - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-bg - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-sl - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-sk - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-si - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-sw - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-sv - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-sr - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-sq - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ko - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-kn - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-km - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-kk - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ka - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-xh - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ca - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ku - 45.0.1+build1-0ubuntu0.14.04.2 firefox-mozsymbols - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-lv - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-lt - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-th - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-hsb - 45.0.1+build1-0ubuntu0.14.04.2 firefox-dev - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-te - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ta - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-lg - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-tr - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-nso - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-de - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-da - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-uk - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-mr - 45.0.1+build1-0ubuntu0.14.04.2 firefox-globalmenu - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-uz - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ml - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-mn - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-mk - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-eu - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-et - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-es - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-csb - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-el - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-eo - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-en - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-zu - 45.0.1+build1-0ubuntu0.14.04.2 firefox-locale-ast - 45.0.1+build1-0ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1567671 Ubuntu 14.04 LTS USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961) Dominique Hazaël-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963) Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update Instructions: Run `sudo pro fix USN-2917-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 45.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 45.0.2+build1-0ubuntu0.14.04.1 firefox - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 45.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 45.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 45.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 45.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 45.0.2+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1572169 Ubuntu 14.04 LTS Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2918-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpixman-1-0 - 0.30.2-2ubuntu1.1 libpixman-1-dev - 0.30.2-2ubuntu1.1 libpixman-1-0-udeb - 0.30.2-2ubuntu1.1 No subscription required Medium CVE-2014-9766 Ubuntu 14.04 LTS Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2016-1577) Tyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. (CVE-2016-2116) Update Instructions: Run `sudo pro fix USN-2919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-14ubuntu3.3 libjasper-dev - 1.900.1-14ubuntu3.3 libjasper1 - 1.900.1-14ubuntu3.3 No subscription required Medium CVE-2016-1577 CVE-2016-2116 Ubuntu 14.04 LTS It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1630) It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1631) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-1633, CVE-2016-1634, CVE-2016-1644) It was discovered that the PendingScript::notifyFinished function in Blink relied on memory-cache information about integrity-check occurrences instead of integrity-check successes. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Subresource Integrity (SRI) protections. (CVE-2016-1636) It was discovered that the SkATan2_255 function in Skia mishandled arctangent calculations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1637) A use-after-free was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1641) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1642) A type-confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-1643) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2843) An invalid cast was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2844) It was discovered that the Content Security Policy (CSP) implementation in Blink did not ignore a URL's path component in the case of a ServiceWorker fetch. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-2845) Update Instructions: Run `sudo pro fix USN-2920-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.13.6-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.13.6-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.13.6-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.13.6-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.13.6-0ubuntu0.14.04.1 oxideqmlscene - 1.13.6-0ubuntu0.14.04.1 oxideqt-codecs - 1.13.6-0ubuntu0.14.04.1 liboxideqtquick0 - 1.13.6-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.13.6-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1630 CVE-2016-1631 CVE-2016-1633 CVE-2016-1634 CVE-2016-1636 CVE-2016-1637 CVE-2016-1641 CVE-2016-1642 CVE-2016-1643 CVE-2016-1644 CVE-2016-2843 CVE-2016-2844 CVE-2016-2845 Ubuntu 14.04 LTS Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6270) Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2016-2571) Update Instructions: Run `sudo pro fix USN-2921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.3.8-1ubuntu6.6 squid-cgi - 3.3.8-1ubuntu6.6 squid3-common - 3.3.8-1ubuntu6.6 squid-purge - 3.3.8-1ubuntu6.6 squidclient - 3.3.8-1ubuntu6.6 squid3 - 3.3.8-1ubuntu6.6 No subscription required Low CVE-2014-6270 CVE-2016-2571 Ubuntu 14.04 LTS Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. (CVE-2015-7560) Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly obtain uninitialized memory contents. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771) It was discovered that the Samba Web Administration Tool (SWAT) was vulnerable to clickjacking and cross-site request forgery attacks. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-0213, CVE-2013-0214) Update Instructions: Run `sudo pro fix USN-2922-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libpam-winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libwbclient0 - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-common - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-libs - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libsmbsharemodes0 - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-testsuite - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libsmbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-common-bin - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libsmbsharemodes-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.13 python-samba - 2:4.1.6+dfsg-1ubuntu2.14.04.13 winbind - 2:4.1.6+dfsg-1ubuntu2.14.04.13 smbclient - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-vfs-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libwbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-dsdb-modules - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libsmbclient-dev - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libparse-pidl-perl - 2:4.1.6+dfsg-1ubuntu2.14.04.13 registry-tools - 2:4.1.6+dfsg-1ubuntu2.14.04.13 samba-doc - 2:4.1.6+dfsg-1ubuntu2.14.04.13 libpam-smbpass - 2:4.1.6+dfsg-1ubuntu2.14.04.13 No subscription required Medium CVE-2013-0213 CVE-2013-0214 CVE-2015-7560 CVE-2016-0771 Ubuntu 14.04 LTS Alvaro Muñoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbsh-java - 2.0b4-15ubuntu0.14.04.1 bsh - 2.0b4-15ubuntu0.14.04.1 bsh-doc - 2.0b4-15ubuntu0.14.04.1 bsh-src - 2.0b4-15ubuntu0.14.04.1 No subscription required Medium CVE-2016-2510 Ubuntu 14.04 LTS Francis Gabriel discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2924-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.21-0ubuntu0.14.04.2 libnss3-dev - 2:3.21-0ubuntu0.14.04.2 libnss3 - 2:3.21-0ubuntu0.14.04.2 libnss3-1d - 2:3.21-0ubuntu0.14.04.2 libnss3-tools - 2:3.21-0ubuntu0.14.04.2 No subscription required Medium CVE-2016-1950 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-1285) It was discovered that Bind incorrectly parsed resource record signatures for DNAME resource records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-1286) Update Instructions: Run `sudo pro fix USN-2925-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.8 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.8 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.8 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.8 bind9utils - 1:9.9.5.dfsg-3ubuntu0.8 libdns100 - 1:9.9.5.dfsg-3ubuntu0.8 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.8 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.8 host - 1:9.9.5.dfsg-3ubuntu0.8 lwresd - 1:9.9.5.dfsg-3ubuntu0.8 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.8 libisc95 - 1:9.9.5.dfsg-3ubuntu0.8 bind9 - 1:9.9.5.dfsg-3ubuntu0.8 bind9-host - 1:9.9.5.dfsg-3ubuntu0.8 No subscription required Medium CVE-2016-1285 CVE-2016-1286 Ubuntu 14.04 LTS It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphite2-doc - 1.3.6-1ubuntu0.14.04.1 libgraphite2-3 - 1.3.6-1ubuntu0.14.04.1 libgraphite2-dev - 1.3.6-1ubuntu0.14.04.1 No subscription required Medium CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Ubuntu 14.04 LTS Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) It was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723) Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543) Dmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544) Dmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545) Dmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2546) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549) Ralf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782) Update Instructions: Run `sudo pro fix USN-2929-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-83-generic - 3.13.0-83.127 linux-image-3.13.0-83-powerpc-smp - 3.13.0-83.127 linux-image-3.13.0-83-powerpc-e500 - 3.13.0-83.127 linux-image-3.13.0-83-generic-lpae - 3.13.0-83.127 linux-image-3.13.0-83-powerpc-e500mc - 3.13.0-83.127 linux-image-3.13.0-83-lowlatency - 3.13.0-83.127 linux-image-3.13.0-83-powerpc64-smp - 3.13.0-83.127 linux-image-3.13.0-83-powerpc64-emb - 3.13.0-83.127 linux-image-3.13.0-83-generic - 3.13.0-83.127 No subscription required High CVE-2013-4312 CVE-2015-7566 CVE-2015-7833 CVE-2016-0723 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134 Ubuntu 14.04 LTS Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2015-8767) It was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723) Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543) Dmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544) Dmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545) Dmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2546) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549) Ralf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782) Update Instructions: Run `sudo pro fix USN-2930-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-34-powerpc64-emb - 4.2.0-34.39~14.04.1 linux-image-extra-4.2.0-34-generic - 4.2.0-34.39~14.04.1 linux-image-4.2.0-34-lowlatency - 4.2.0-34.39~14.04.1 linux-image-4.2.0-34-generic - 4.2.0-34.39~14.04.1 linux-image-4.2.0-34-powerpc-smp - 4.2.0-34.39~14.04.1 linux-image-4.2.0-34-powerpc-e500mc - 4.2.0-34.39~14.04.1 linux-image-4.2.0-34-powerpc64-smp - 4.2.0-34.39~14.04.1 linux-image-4.2.0-34-generic-lpae - 4.2.0-34.39~14.04.1 No subscription required High CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-2384 CVE-2016-2782 CVE-2016-3134 CVE-2016-3135 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 Ubuntu 14.04 LTS Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2015-8767) Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069) Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543) Dmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544) Dmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545) Dmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2546) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549) Update Instructions: Run `sudo pro fix USN-2931-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-67-powerpc-smp - 3.16.0-67.87~14.04.1 linux-image-3.16.0-67-powerpc64-smp - 3.16.0-67.87~14.04.1 linux-image-extra-3.16.0-67-generic - 3.16.0-67.87~14.04.1 linux-image-3.16.0-67-generic - 3.16.0-67.87~14.04.1 linux-image-3.16.0-67-powerpc-e500mc - 3.16.0-67.87~14.04.1 linux-image-3.16.0-67-generic-lpae - 3.16.0-67.87~14.04.1 linux-image-3.16.0-67-lowlatency - 3.16.0-67.87~14.04.1 linux-image-3.16.0-67-powerpc64-emb - 3.16.0-67.87~14.04.1 No subscription required High CVE-2013-4312 CVE-2015-8767 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-3134 Ubuntu 14.04 LTS Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2015-8767) It was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723) Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069) Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543) Dmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544) Dmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545) Dmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2546) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548) Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549) Ralf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782) Update Instructions: Run `sudo pro fix USN-2932-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.19.0-56-generic - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-powerpc-smp - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-generic-lpae - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-powerpc-e500mc - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-lowlatency - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-powerpc64-smp - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-powerpc64-emb - 3.19.0-56.62~14.04.1 linux-image-3.19.0-56-generic - 3.19.0-56.62~14.04.1 No subscription required High CVE-2013-4312 CVE-2015-7566 CVE-2015-7833 CVE-2015-8767 CVE-2016-0723 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134 Ubuntu 14.04 LTS It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean the complete execution environment by default on startup, including any subprocesses such as transports that call other programs. This change in behaviour may break existing installations and can be adjusted by using two new configuration options, keep_environment and add_environment. (CVE-2016-1531) Patrick William discovered that Exim incorrectly expanded mathematical comparisons twice. A local attacker could possibly use this issue to perform arbitrary file operations as the Exim user. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2972) Update Instructions: Run `sudo pro fix USN-2933-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.82-3ubuntu2.1 eximon4 - 4.82-3ubuntu2.1 exim4 - 4.82-3ubuntu2.1 exim4-daemon-light - 4.82-3ubuntu2.1 exim4-config - 4.82-3ubuntu2.1 exim4-daemon-heavy - 4.82-3ubuntu2.1 exim4-base - 4.82-3ubuntu2.1 No subscription required Medium CVE-2014-2972 CVE-2016-1531 Ubuntu 14.04 LTS Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1952) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website in a browsing context with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1961) Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1964) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website in a browsing context with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1966) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1974) Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1950) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update Instructions: Run `sudo pro fix USN-2934-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.7.2+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.7.2+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.7.2+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.7.2+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Ubuntu 14.04 LTS It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, or possibly bypass authentication. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583) Sebastien Macke discovered that the PAM pam_unix module incorrectly handled large passwords. A local attacker could possibly use this issue in certain environments to enumerate usernames or cause a denial of service. (CVE-2015-3238) Update Instructions: Run `sudo pro fix USN-2935-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-1ubuntu2.1 libpam0g-dev - 1.1.8-1ubuntu2.1 libpam-modules - 1.1.8-1ubuntu2.1 libpam-modules-bin - 1.1.8-1ubuntu2.1 libpam-doc - 1.1.8-1ubuntu2.1 libpam-cracklib - 1.1.8-1ubuntu2.1 libpam0g - 1.1.8-1ubuntu2.1 No subscription required Low CVE-2013-7041 CVE-2014-2583 CVE-2015-3238 Ubuntu 14.04 LTS USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, or possibly bypass authentication. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583) Sebastien Macke discovered that the PAM pam_unix module incorrectly handled large passwords. A local attacker could possibly use this issue in certain environments to enumerate usernames or cause a denial of service. (CVE-2015-3238) Update Instructions: Run `sudo pro fix USN-2935-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-1ubuntu2.2 libpam0g-dev - 1.1.8-1ubuntu2.2 libpam-modules - 1.1.8-1ubuntu2.2 libpam-modules-bin - 1.1.8-1ubuntu2.2 libpam-doc - 1.1.8-1ubuntu2.2 libpam-cracklib - 1.1.8-1ubuntu2.2 libpam0g - 1.1.8-1ubuntu2.2 No subscription required None https://launchpad.net/bugs/1558114 Ubuntu 14.04 LTS Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, CVE-2016-2807) An invalid write was discovered when using the JavaScript .watch() method in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2808) Looben Yang discovered a use-after-free and buffer overflow in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812) Sascha Just discovered a buffer overflow in libstagefright in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2814) Muneaki Nishimura discovered that CSP is not applied correctly to web content sent with the multipart/x-mixed-replace MIME type. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks when they would otherwise be prevented. (CVE-2016-2816) Muneaki Nishimura discovered that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs. A malicious extension could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-2817) Mark Goodwin discovered that about:healthreport accepts certain events from any content present in the remote-report iframe. If another vulnerability allowed the injection of web content in the remote-report iframe, an attacker could potentially exploit this to change the user's sharing preferences. (CVE-2016-2820) Update Instructions: Run `sudo pro fix USN-2936-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-nn - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-nb - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-fa - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-fi - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-fr - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-fy - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-or - 46.0+build5-0ubuntu0.14.04.2 firefox-testsuite - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-oc - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-cs - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ga - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-gd - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-gn - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-gl - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-gu - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-pa - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-pl - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-cy - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-pt - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-hi - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ms - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-he - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-hy - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-hr - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-hu - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-it - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-as - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ar - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-az - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-id - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-mai - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-af - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-is - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-vi - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-an - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-bs - 46.0+build5-0ubuntu0.14.04.2 firefox - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ro - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ja - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ru - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-br - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-zh-hant - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-zh-hans - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-bn - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-be - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-bg - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-sl - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-sk - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-si - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-sw - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-sv - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-sr - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-sq - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ko - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-kn - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-km - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-kk - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ka - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-xh - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ca - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ku - 46.0+build5-0ubuntu0.14.04.2 firefox-mozsymbols - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-lv - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-lt - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-th - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-hsb - 46.0+build5-0ubuntu0.14.04.2 firefox-dev - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-te - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ta - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-lg - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-tr - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-nso - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-de - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-da - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-uk - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-mr - 46.0+build5-0ubuntu0.14.04.2 firefox-globalmenu - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-uz - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ml - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-mn - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-mk - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-eu - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-et - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-es - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-csb - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-el - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-eo - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-en - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-zu - 46.0+build5-0ubuntu0.14.04.2 firefox-locale-ast - 46.0+build5-0ubuntu0.14.04.2 No subscription required Medium CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2811 CVE-2016-2812 CVE-2016-2814 CVE-2016-2816 CVE-2016-2817 CVE-2016-2820 Ubuntu 14.04 LTS USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, CVE-2016-2807) An invalid write was discovered when using the JavaScript .watch() method in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2808) Looben Yang discovered a use-after-free and buffer overflow in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812) Sascha Just discovered a buffer overflow in libstagefright in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2814) Muneaki Nishimura discovered that CSP is not applied correctly to web content sent with the multipart/x-mixed-replace MIME type. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks when they would otherwise be prevented. (CVE-2016-2816) Muneaki Nishimura discovered that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs. A malicious extension could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-2817) Mark Goodwin discovered that about:healthreport accepts certain events from any content present in the remote-report iframe. If another vulnerability allowed the injection of web content in the remote-report iframe, an attacker could potentially exploit this to change the user's sharing preferences. (CVE-2016-2820) Update Instructions: Run `sudo pro fix USN-2936-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-nn - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-nb - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-fa - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-fi - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-fr - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-fy - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-or - 46.0.1+build1-0ubuntu0.14.04.3 firefox-testsuite - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-oc - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-cs - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ga - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-gd - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-gn - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-gl - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-gu - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-pa - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-pl - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-cy - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-pt - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-hi - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ms - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-he - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-hy - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-hr - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-hu - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-it - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-as - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ar - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-az - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-id - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-mai - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-af - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-is - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-vi - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-an - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-bs - 46.0.1+build1-0ubuntu0.14.04.3 firefox - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ro - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ja - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ru - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-br - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-zh-hant - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-zh-hans - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-bn - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-be - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-bg - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-sl - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-sk - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-si - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-sw - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-sv - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-sr - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-sq - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ko - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-kn - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-km - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-kk - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ka - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-xh - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ca - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ku - 46.0.1+build1-0ubuntu0.14.04.3 firefox-mozsymbols - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-lv - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-lt - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-th - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-hsb - 46.0.1+build1-0ubuntu0.14.04.3 firefox-dev - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-te - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ta - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-lg - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-tr - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-nso - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-de - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-da - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-uk - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-mr - 46.0.1+build1-0ubuntu0.14.04.3 firefox-globalmenu - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-uz - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ml - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-mn - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-mk - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-eu - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-et - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-es - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-csb - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-el - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-eo - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-en - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-zu - 46.0.1+build1-0ubuntu0.14.04.3 firefox-locale-ast - 46.0.1+build1-0ubuntu0.14.04.3 No subscription required None https://launchpad.net/bugs/1583389 Ubuntu 14.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-2937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-1.0 - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-dev - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-common-dev - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-dev - 2.4.10-0ubuntu0.14.04.1 libwebkit-dev - 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-1.0-0 - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-common - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-0 - 2.4.10-0ubuntu0.14.04.1 gir1.2-webkit-1.0 - 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-1.0-dev - 2.4.10-0ubuntu0.14.04.1 gir1.2-javascriptcoregtk-3.0 - 2.4.10-0ubuntu0.14.04.1 gir1.2-webkit2-3.0 - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-0 - 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-bin - 2.4.10-0ubuntu0.14.04.1 libwebkit2gtk-3.0-25 - 2.4.10-0ubuntu0.14.04.1 libwebkit2gtk-3.0-dev - 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-0 - 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-common - 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-dev - 2.4.10-0ubuntu0.14.04.1 gir1.2-webkit-3.0 - 2.4.10-0ubuntu0.14.04.1 No subscription required Medium CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 Ubuntu 14.04 LTS Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324) Update Instructions: Run `sudo pro fix USN-2938-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.3 gitweb - 1:1.9.1-1ubuntu0.3 git-gui - 1:1.9.1-1ubuntu0.3 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.3 git-arch - 1:1.9.1-1ubuntu0.3 git-bzr - 1:1.9.1-1ubuntu0.3 git-el - 1:1.9.1-1ubuntu0.3 gitk - 1:1.9.1-1ubuntu0.3 git-all - 1:1.9.1-1ubuntu0.3 git-mediawiki - 1:1.9.1-1ubuntu0.3 git-daemon-run - 1:1.9.1-1ubuntu0.3 git-man - 1:1.9.1-1ubuntu0.3 git-doc - 1:1.9.1-1ubuntu0.3 git-svn - 1:1.9.1-1ubuntu0.3 git-cvs - 1:1.9.1-1ubuntu0.3 git-core - 1:1.9.1-1ubuntu0.3 git-email - 1:1.9.1-1ubuntu0.3 No subscription required High CVE-2016-2315 CVE-2016-2324 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-2939-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.4 libtiffxx5 - 4.0.3-7ubuntu0.4 libtiff5-dev - 4.0.3-7ubuntu0.4 libtiff4-dev - 4.0.3-7ubuntu0.4 libtiff5-alt-dev - 4.0.3-7ubuntu0.4 libtiff5 - 4.0.3-7ubuntu0.4 libtiff-tools - 4.0.3-7ubuntu0.4 libtiff-doc - 4.0.3-7ubuntu0.4 No subscription required Medium CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 Ubuntu 14.04 LTS Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342) It was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236) Update Instructions: Run `sudo pro fix USN-2941-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.22.4-3ubuntu1.1 quagga-doc - 0.99.22.4-3ubuntu1.1 No subscription required High CVE-2013-2236 CVE-2016-2342 Ubuntu 14.04 LTS A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2942-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-source - 7u95-2.6.4-0ubuntu0.14.04.2 icedtea-7-jre-jamvm - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jre-lib - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jdk - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jre-headless - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-jre - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-doc - 7u95-2.6.4-0ubuntu0.14.04.2 openjdk-7-demo - 7u95-2.6.4-0ubuntu0.14.04.2 No subscription required High CVE-2016-0636 Ubuntu 14.04 LTS It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2943-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pcregrep - 1:8.31-2ubuntu2.2 libpcre3-dev - 1:8.31-2ubuntu2.2 libpcre3 - 1:8.31-2ubuntu2.2 libpcre3-udeb - 1:8.31-2ubuntu2.2 libpcrecpp0 - 1:8.31-2ubuntu2.2 No subscription required Medium CVE-2014-9769 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 Ubuntu 14.04 LTS It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a machine-in-the-middle attack. Update Instructions: Run `sudo pro fix USN-2945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xchat-gnome - 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2 xchat-gnome-common - 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2 No subscription required None https://launchpad.net/bugs/1565000 Ubuntu 14.04 LTS Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Update Instructions: Run `sudo pro fix USN-2946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-85-powerpc-smp - 3.13.0-85.129 linux-image-3.13.0-85-powerpc-e500mc - 3.13.0-85.129 linux-image-3.13.0-85-powerpc64-smp - 3.13.0-85.129 linux-image-extra-3.13.0-85-generic - 3.13.0-85.129 linux-image-3.13.0-85-generic - 3.13.0-85.129 linux-image-3.13.0-85-generic-lpae - 3.13.0-85.129 linux-image-3.13.0-85-powerpc64-emb - 3.13.0-85.129 linux-image-3.13.0-85-powerpc-e500 - 3.13.0-85.129 linux-image-3.13.0-85-lowlatency - 3.13.0-85.129 No subscription required Medium CVE-2015-8812 CVE-2016-2085 CVE-2016-2550 CVE-2016-2847 Ubuntu 14.04 LTS Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) It was discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not correctly compute branch offsets for backward jumps after ctx expansion. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2383) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Update Instructions: Run `sudo pro fix USN-2947-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-35-generic-lpae - 4.2.0-35.40~14.04.1 linux-image-4.2.0-35-powerpc-e500mc - 4.2.0-35.40~14.04.1 linux-image-4.2.0-35-powerpc64-smp - 4.2.0-35.40~14.04.1 linux-image-4.2.0-35-lowlatency - 4.2.0-35.40~14.04.1 linux-image-4.2.0-35-generic - 4.2.0-35.40~14.04.1 linux-image-4.2.0-35-powerpc-smp - 4.2.0-35.40~14.04.1 linux-image-extra-4.2.0-35-generic - 4.2.0-35.40~14.04.1 linux-image-4.2.0-35-powerpc64-emb - 4.2.0-35.40~14.04.1 No subscription required Medium CVE-2015-7833 CVE-2015-8812 CVE-2016-2085 CVE-2016-2383 CVE-2016-2550 CVE-2016-2847 Ubuntu 14.04 LTS Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) It was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) Ralf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Update Instructions: Run `sudo pro fix USN-2948-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-69-generic-lpae - 3.16.0-69.89~14.04.1 linux-image-3.16.0-69-lowlatency - 3.16.0-69.89~14.04.1 linux-image-3.16.0-69-generic - 3.16.0-69.89~14.04.1 linux-image-extra-3.16.0-69-generic - 3.16.0-69.89~14.04.1 linux-image-3.16.0-69-powerpc-e500mc - 3.16.0-69.89~14.04.1 linux-image-3.16.0-69-powerpc64-smp - 3.16.0-69.89~14.04.1 linux-image-3.16.0-69-powerpc64-emb - 3.16.0-69.89~14.04.1 linux-image-3.16.0-69-powerpc-smp - 3.16.0-69.89~14.04.1 No subscription required Medium CVE-2015-7566 CVE-2015-7833 CVE-2015-8812 CVE-2016-0723 CVE-2016-2085 CVE-2016-2550 CVE-2016-2782 CVE-2016-2847 Ubuntu 14.04 LTS USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) It was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) Ralf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Update Instructions: Run `sudo pro fix USN-2948-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-70-powerpc64-emb - 3.16.0-70.90~14.04.1 linux-image-3.16.0-70-powerpc-e500mc - 3.16.0-70.90~14.04.1 linux-image-3.16.0-70-powerpc-smp - 3.16.0-70.90~14.04.1 linux-image-extra-3.16.0-70-generic - 3.16.0-70.90~14.04.1 linux-image-3.16.0-70-powerpc64-smp - 3.16.0-70.90~14.04.1 linux-image-3.16.0-70-lowlatency - 3.16.0-70.90~14.04.1 linux-image-3.16.0-70-generic - 3.16.0-70.90~14.04.1 linux-image-3.16.0-70-generic-lpae - 3.16.0-70.90~14.04.1 No subscription required None https://bugs.launchpad.net/bugs/1566726 Ubuntu 14.04 LTS Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Update Instructions: Run `sudo pro fix USN-2949-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-58-powerpc64-smp - 3.19.0-58.64~14.04.1 linux-image-3.19.0-58-lowlatency - 3.19.0-58.64~14.04.1 linux-image-3.19.0-58-generic - 3.19.0-58.64~14.04.1 linux-image-3.19.0-58-generic-lpae - 3.19.0-58.64~14.04.1 linux-image-3.19.0-58-powerpc-e500mc - 3.19.0-58.64~14.04.1 linux-image-3.19.0-58-powerpc64-emb - 3.19.0-58.64~14.04.1 linux-image-extra-3.19.0-58-generic - 3.19.0-58.64~14.04.1 linux-image-3.19.0-58-powerpc-smp - 3.19.0-58.64~14.04.1 No subscription required Medium CVE-2015-8812 CVE-2016-2085 CVE-2016-2550 CVE-2016-2847 Ubuntu 14.04 LTS Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libpam-winbind - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libwbclient0 - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-common - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-libs - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libsmbsharemodes0 - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-testsuite - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libsmbclient - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-common-bin - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libsmbsharemodes-dev - 2:4.3.8+dfsg-0ubuntu0.14.04.2 python-samba - 2:4.3.8+dfsg-0ubuntu0.14.04.2 winbind - 2:4.3.8+dfsg-0ubuntu0.14.04.2 smbclient - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-vfs-modules - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libwbclient-dev - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-dsdb-modules - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-dev - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libsmbclient-dev - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libparse-pidl-perl - 2:4.3.8+dfsg-0ubuntu0.14.04.2 registry-tools - 2:4.3.8+dfsg-0ubuntu0.14.04.2 samba-doc - 2:4.3.8+dfsg-0ubuntu0.14.04.2 libpam-smbpass - 2:4.3.8+dfsg-0ubuntu0.14.04.2 No subscription required Medium CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 Ubuntu 14.04 LTS USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.44.2-1ubuntu2.1 libsoup-gnome2.4-dev - 2.44.2-1ubuntu2.1 gir1.2-soup-2.4 - 2.44.2-1ubuntu2.1 libsoup2.4-1 - 2.44.2-1ubuntu2.1 libsoup2.4-dev - 2.44.2-1ubuntu2.1 libsoup2.4-doc - 2.44.2-1ubuntu2.1 No subscription required None https://launchpad.net/bugs/1573494 Ubuntu 14.04 LTS USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libpam-winbind - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libwbclient0 - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-common - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-libs - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libsmbsharemodes0 - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-testsuite - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libsmbclient - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-common-bin - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libsmbsharemodes-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.1 python-samba - 2:4.3.9+dfsg-0ubuntu0.14.04.1 winbind - 2:4.3.9+dfsg-0ubuntu0.14.04.1 smbclient - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-vfs-modules - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libwbclient-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-dsdb-modules - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libsmbclient-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libparse-pidl-perl - 2:4.3.9+dfsg-0ubuntu0.14.04.1 registry-tools - 2:4.3.9+dfsg-0ubuntu0.14.04.1 samba-doc - 2:4.3.9+dfsg-0ubuntu0.14.04.1 libpam-smbpass - 2:4.3.9+dfsg-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1577739 Ubuntu 14.04 LTS USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libpam-winbind - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libwbclient0 - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-common - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-libs - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libsmbsharemodes0 - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-testsuite - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libsmbclient - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-common-bin - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libsmbsharemodes-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.3 python-samba - 2:4.3.9+dfsg-0ubuntu0.14.04.3 winbind - 2:4.3.9+dfsg-0ubuntu0.14.04.3 smbclient - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-vfs-modules - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libwbclient-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-dsdb-modules - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libsmbclient-dev - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libparse-pidl-perl - 2:4.3.9+dfsg-0ubuntu0.14.04.3 registry-tools - 2:4.3.9+dfsg-0ubuntu0.14.04.3 samba-doc - 2:4.3.9+dfsg-0ubuntu0.14.04.3 libpam-smbpass - 2:4.3.9+dfsg-0ubuntu0.14.04.3 No subscription required None https://launchpad.net/bugs/1578576 Ubuntu 14.04 LTS Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801) Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. (CVE-2015-7802) Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2191) Henri Salo discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-3981) Henri Salo discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-3982) Update Instructions: Run `sudo pro fix USN-2951-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: optipng - 0.6.4-1ubuntu0.14.04.1 No subscription required Medium CVE-2015-7801 CVE-2015-7802 CVE-2016-2191 CVE-2016-3981 CVE-2016-3982 Ubuntu 14.04 LTS It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8835, CVE-2016-3185) It was discovered that the PHP MySQL native driver incorrectly handled TLS connections to MySQL databases. A machine-in-the-middle attacker could possibly use this issue to downgrade and snoop on TLS connections. This vulnerability is known as BACKRONYM. (CVE-2015-8838) It was discovered that PHP incorrectly handled the imagerotate function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903) Hans Jerry Illikainen discovered that the PHP phar extension incorrectly handled certain tar archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2554) It was discovered that the PHP WDDX extension incorrectly handled certain malformed XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-3141) It was discovered that the PHP phar extension incorrectly handled certain zip files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-3142) It was discovered that the PHP libxml_disable_entity_loader() setting was shared between threads. When running under PHP-FPM, this could result in XML external entity injection and entity expansion issues. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number) It was discovered that the PHP openssl_random_pseudo_bytes() function did not return cryptographically strong pseudo-random bytes. (No CVE number) It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE number pending) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE number pending) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE number pending) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE number pending) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE number pending) Update Instructions: Run `sudo pro fix USN-2952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.16 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.16 php5-curl - 5.5.9+dfsg-1ubuntu4.16 php5-intl - 5.5.9+dfsg-1ubuntu4.16 php5-snmp - 5.5.9+dfsg-1ubuntu4.16 php5-mysql - 5.5.9+dfsg-1ubuntu4.16 php5-odbc - 5.5.9+dfsg-1ubuntu4.16 php5-xsl - 5.5.9+dfsg-1ubuntu4.16 php5-gd - 5.5.9+dfsg-1ubuntu4.16 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.16 php5-tidy - 5.5.9+dfsg-1ubuntu4.16 php5-dev - 5.5.9+dfsg-1ubuntu4.16 php5-pgsql - 5.5.9+dfsg-1ubuntu4.16 php5-enchant - 5.5.9+dfsg-1ubuntu4.16 php5-readline - 5.5.9+dfsg-1ubuntu4.16 php5-gmp - 5.5.9+dfsg-1ubuntu4.16 php5-fpm - 5.5.9+dfsg-1ubuntu4.16 php5-cgi - 5.5.9+dfsg-1ubuntu4.16 php5-sqlite - 5.5.9+dfsg-1ubuntu4.16 php5-ldap - 5.5.9+dfsg-1ubuntu4.16 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.16 php5 - 5.5.9+dfsg-1ubuntu4.16 php5-cli - 5.5.9+dfsg-1ubuntu4.16 php-pear - 5.5.9+dfsg-1ubuntu4.16 php5-sybase - 5.5.9+dfsg-1ubuntu4.16 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.16 php5-pspell - 5.5.9+dfsg-1ubuntu4.16 php5-common - 5.5.9+dfsg-1ubuntu4.16 libphp5-embed - 5.5.9+dfsg-1ubuntu4.16 No subscription required Medium CVE-2014-9767 CVE-2015-8835 CVE-2015-8838 CVE-2016-1903 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Update Instructions: Run `sudo pro fix USN-2953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.49-0ubuntu0.14.04.1 mysql-client - 5.5.49-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.49-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.49-0ubuntu0.14.04.1 libmysqld-pic - 5.5.49-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.49-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.49-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.49-0ubuntu0.14.04.1 mysql-common - 5.5.49-0ubuntu0.14.04.1 mysql-server - 5.5.49-0ubuntu0.14.04.1 mysql-testsuite - 5.5.49-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.49-0ubuntu0.14.04.1 libmysqld-dev - 5.5.49-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.49-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-0639 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0661 CVE-2016-0665 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 Ubuntu 14.04 LTS A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1578) An out-of-bounds read was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2016-1646) A use-after-free was discovered in the navigation implementation in Chromium in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1647) A buffer overflow was discovered in ANGLE. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1649) An out-of-bounds write was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderer process. (CVE-2016-1653) An invalid read was discovered in the media subsystem in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-1654) It was discovered that frame removal during callback execution could trigger a use-after-free in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderer process. (CVE-2016-1655) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1659) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-3679) Update Instructions: Run `sudo pro fix USN-2955-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.14.7-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.14.7-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.14.7-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.14.7-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.14.7-0ubuntu0.14.04.1 oxideqmlscene - 1.14.7-0ubuntu0.14.04.1 oxideqt-codecs - 1.14.7-0ubuntu0.14.04.1 liboxideqtquick0 - 1.14.7-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.14.7-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1578 CVE-2016-1646 CVE-2016-1647 CVE-2016-1649 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1659 CVE-2016-3679 https://launchpad.net/bugs/1561450 Ubuntu 14.04 LTS Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2957-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 3.4-3ubuntu0.4 libtasn1-3-bin - 3.4-3ubuntu0.4 libtasn1-bin - 3.4-3ubuntu0.4 libtasn1-3-dev - 3.4-3ubuntu0.4 libtasn1-6 - 3.4-3ubuntu0.4 No subscription required Medium CVE-2016-4008 Ubuntu 14.04 LTS It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473, CVE-2013-4474) It was discovered that poppler incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2015-8868) Update Instructions: Run `sudo pro fix USN-2958-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.4 libpoppler-qt5-1 - 0.24.5-2ubuntu4.4 libpoppler-cpp-dev - 0.24.5-2ubuntu4.4 libpoppler-cpp0 - 0.24.5-2ubuntu4.4 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.4 libpoppler-dev - 0.24.5-2ubuntu4.4 libpoppler-glib8 - 0.24.5-2ubuntu4.4 libpoppler-private-dev - 0.24.5-2ubuntu4.4 libpoppler-qt4-dev - 0.24.5-2ubuntu4.4 libpoppler-glib-dev - 0.24.5-2ubuntu4.4 libpoppler-qt4-4 - 0.24.5-2ubuntu4.4 libpoppler44 - 0.24.5-2ubuntu4.4 libpoppler-qt5-dev - 0.24.5-2ubuntu4.4 libpoppler-glib-doc - 0.24.5-2ubuntu4.4 No subscription required Medium CVE-2013-4473 CVE-2013-4474 CVE-2015-8868 Ubuntu 14.04 LTS Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2105) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2106) Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Update Instructions: Run `sudo pro fix USN-2959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.19 libssl-dev - 1.0.1f-1ubuntu2.19 openssl - 1.0.1f-1ubuntu2.19 libssl-doc - 1.0.1f-1ubuntu2.19 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.19 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.19 No subscription required High CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 Ubuntu 14.04 LTS An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame which passes same-origin checks is local in some cases. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1661) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1663) It was discovered that the JSGenericLowering class in V8 mishandles comparison operators. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1665) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code. (CVE-2016-1666) It was discovered that the TreeScope::adoptIfNeeded function in Blink does not prevent script execution during node-adoption operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1667) It was discovered that the forEachForBinding in the V8 bindings in Blink uses an improper creation context. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1668) A buffer overflow was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1669) A race condition was discovered in ResourceDispatcherHostImpl in Chromium. An attacker could potentially exploit this to make arbitrary HTTP requests. (CVE-2016-1670) Update Instructions: Run `sudo pro fix USN-2960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.14.9-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.14.9-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.14.9-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.14.9-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.14.9-0ubuntu0.14.04.1 oxideqmlscene - 1.14.9-0ubuntu0.14.04.1 oxideqt-codecs - 1.14.9-0ubuntu0.14.04.1 liboxideqtquick0 - 1.14.9-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.14.9-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1660 CVE-2016-1661 CVE-2016-1663 CVE-2016-1665 CVE-2016-1666 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 Ubuntu 14.04 LTS It was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2961-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblcms2-dev - 2.5-0ubuntu4.1 liblcms2-2 - 2.5-0ubuntu4.1 liblcms2-utils - 2.5-0ubuntu4.1 No subscription required Medium CVE-2013-7455 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0695) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-3425) Update Instructions: Run `sudo pro fix USN-2964-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-source - 7u101-2.6.6-0ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-jre-lib - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-jdk - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-jre-headless - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-jre - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-doc - 7u101-2.6.6-0ubuntu0.14.04.1 openjdk-7-demo - 7u101-2.6.6-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 Ubuntu 14.04 LTS USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Update Instructions: Run `sudo pro fix USN-2965-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-22-powerpc-e500mc - 4.4.0-22.39~14.04.1 linux-image-4.4.0-22-powerpc64-smp - 4.4.0-22.39~14.04.1 linux-image-4.4.0-22-generic-lpae - 4.4.0-22.39~14.04.1 linux-image-4.4.0-22-lowlatency - 4.4.0-22.39~14.04.1 linux-image-4.4.0-22-powerpc-smp - 4.4.0-22.39~14.04.1 linux-image-4.4.0-22-generic - 4.4.0-22.39~14.04.1 linux-image-4.4.0-22-powerpc64-emb - 4.4.0-22.39~14.04.1 linux-image-extra-4.4.0-22-generic - 4.4.0-22.39~14.04.1 No subscription required High CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2847 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557 Ubuntu 14.04 LTS Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. (CVE-2015-8325) Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause OpenSSH to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2016-1907) Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11 forwarding when the SECURITY extension is disabled. A connection configured as being untrusted could get switched to trusted in certain scenarios, contrary to expectations. (CVE-2016-1908) It was discovered that OpenSSH incorrectly handled certain X11 forwarding data. A remote authenticated attacker could possibly use this issue to bypass certain intended command restrictions. (CVE-2016-3115) Update Instructions: Run `sudo pro fix USN-2966-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.7 openssh-client - 1:6.6p1-2ubuntu2.7 openssh-server - 1:6.6p1-2ubuntu2.7 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.7 ssh - 1:6.6p1-2ubuntu2.7 ssh-krb5 - 1:6.6p1-2ubuntu2.7 openssh-client-udeb - 1:6.6p1-2ubuntu2.7 openssh-sftp-server - 1:6.6p1-2ubuntu2.7 No subscription required Low CVE-2015-8325 CVE-2016-1907 CVE-2016-1908 CVE-2016-3115 Ubuntu 14.04 LTS Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8830) It was discovered that the Linux kernel did not keep accurate track of pipe buffer details when error conditions occurred, due to an incomplete fix for CVE-2015-1805. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0774) Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. (CVE-2016-0821) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Update Instructions: Run `sudo pro fix USN-2968-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-86-powerpc64-smp - 3.13.0-86.130 linux-image-extra-3.13.0-86-generic - 3.13.0-86.130 linux-image-3.13.0-86-generic-lpae - 3.13.0-86.130 linux-image-3.13.0-86-powerpc-e500mc - 3.13.0-86.130 linux-image-3.13.0-86-lowlatency - 3.13.0-86.130 linux-image-3.13.0-86-powerpc64-emb - 3.13.0-86.130 linux-image-3.13.0-86-generic - 3.13.0-86.130 linux-image-3.13.0-86-powerpc-smp - 3.13.0-86.130 linux-image-3.13.0-86-powerpc-e500 - 3.13.0-86.130 No subscription required Medium CVE-2015-7515 CVE-2015-8830 CVE-2016-0774 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689 Ubuntu 14.04 LTS Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8830) Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. (CVE-2016-0821) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) Update Instructions: Run `sudo pro fix USN-2969-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-71-generic - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-generic-lpae - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-powerpc-smp - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-powerpc-e500mc - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-lowlatency - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-powerpc64-smp - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-powerpc64-emb - 3.16.0-71.91~14.04.1 linux-image-3.16.0-71-generic - 3.16.0-71.91~14.04.1 No subscription required Medium CVE-2015-7515 CVE-2015-8830 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3138 CVE-2016-3156 CVE-2016-3157 Ubuntu 14.04 LTS Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8830) Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. (CVE-2016-0821) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Update Instructions: Run `sudo pro fix USN-2970-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-59-powerpc64-smp - 3.19.0-59.65~14.04.1 linux-image-3.19.0-59-lowlatency - 3.19.0-59.65~14.04.1 linux-image-extra-3.19.0-59-generic - 3.19.0-59.65~14.04.1 linux-image-3.19.0-59-powerpc64-emb - 3.19.0-59.65~14.04.1 linux-image-3.19.0-59-powerpc-smp - 3.19.0-59.65~14.04.1 linux-image-3.19.0-59-powerpc-e500mc - 3.19.0-59.65~14.04.1 linux-image-3.19.0-59-generic-lpae - 3.19.0-59.65~14.04.1 linux-image-3.19.0-59-generic - 3.19.0-59.65~14.04.1 No subscription required Medium CVE-2015-7515 CVE-2015-8830 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689 Ubuntu 14.04 LTS USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. (CVE-2016-0821) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Update Instructions: Run `sudo pro fix USN-2971-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-36-generic-lpae - 4.2.0-36.41~14.04.1 linux-image-4.2.0-36-powerpc64-smp - 4.2.0-36.41~14.04.1 linux-image-4.2.0-36-powerpc64-emb - 4.2.0-36.41~14.04.1 linux-image-4.2.0-36-powerpc-smp - 4.2.0-36.41~14.04.1 linux-image-4.2.0-36-powerpc-e500mc - 4.2.0-36.41~14.04.1 linux-image-4.2.0-36-lowlatency - 4.2.0-36.41~14.04.1 linux-image-4.2.0-36-generic - 4.2.0-36.41~14.04.1 linux-image-extra-4.2.0-36-generic - 4.2.0-36.41~14.04.1 No subscription required Medium CVE-2015-7515 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689 Ubuntu 14.04 LTS Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1978) A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1979) Update Instructions: Run `sudo pro fix USN-2973-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:38.8.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:38.8.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:38.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:38.8.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1938 CVE-2016-1978 CVE-2016-1979 CVE-2016-2805 CVE-2016-2807 Ubuntu 14.04 LTS Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2391) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2392) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. (CVE-2016-2538) Hongke Yang discovered that QEMU incorrectly handled NE2000 emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2841) Ling Liu discovered that QEMU incorrectly handled IP checksum routines. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. (CVE-2016-2857) It was discovered that QEMU incorrectly handled the PRNG back-end support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-2858) Wei Xiao and Qinghao Tang discovered that QEMU incorrectly handled access in the VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-3710) Zuozhi Fzz discovered that QEMU incorrectly handled access in the VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-3712) Oleksandr Bazhaniuk discovered that QEMU incorrectly handled Luminary Micro Stellaris ethernet controller emulation. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-4001) Oleksandr Bazhaniuk discovered that QEMU incorrectly handled MIPSnet controller emulation. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-4002) Donghai Zdh discovered that QEMU incorrectly handled the Task Priority Register(TPR). A privileged attacker inside the guest could use this issue to possibly leak host memory bytes. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4020) Du Shaobo discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-4037) Update Instructions: Run `sudo pro fix USN-2974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.24 qemu-user-static - 2.0.0+dfsg-2ubuntu1.24 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.24 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.24 qemu-kvm - 2.0.0+dfsg-2ubuntu1.24 qemu-user - 2.0.0+dfsg-2ubuntu1.24 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.24 qemu-system - 2.0.0+dfsg-2ubuntu1.24 qemu-utils - 2.0.0+dfsg-2ubuntu1.24 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.24 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.24 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.24 qemu-common - 2.0.0+dfsg-2ubuntu1.24 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.24 qemu - 2.0.0+dfsg-2ubuntu1.24 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.24 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.24 No subscription required Medium CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 Ubuntu 14.04 LTS Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2975-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-86-powerpc64-smp - 3.13.0-86.131 linux-image-extra-3.13.0-86-generic - 3.13.0-86.131 linux-image-3.13.0-86-generic-lpae - 3.13.0-86.131 linux-image-3.13.0-86-powerpc-e500mc - 3.13.0-86.131 linux-image-3.13.0-86-lowlatency - 3.13.0-86.131 linux-image-3.13.0-86-powerpc64-emb - 3.13.0-86.131 linux-image-3.13.0-86-generic - 3.13.0-86.131 linux-image-3.13.0-86-powerpc-smp - 3.13.0-86.131 linux-image-3.13.0-86-powerpc-e500 - 3.13.0-86.131 No subscription required High CVE-2016-0758 Ubuntu 14.04 LTS Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2976-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.16.0-71-generic - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-generic-lpae - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc-smp - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc-e500mc - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-lowlatency - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc64-smp - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc64-emb - 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-generic - 3.16.0-71.92~14.04.1 No subscription required High CVE-2016-0758 Ubuntu 14.04 LTS Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2977-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-59-powerpc64-smp - 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-lowlatency - 3.19.0-59.66~14.04.1 linux-image-extra-3.19.0-59-generic - 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-powerpc64-emb - 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-powerpc-smp - 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-powerpc-e500mc - 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-generic-lpae - 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-generic - 3.19.0-59.66~14.04.1 No subscription required High CVE-2016-0758 Ubuntu 14.04 LTS USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713) Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758) Update Instructions: Run `sudo pro fix USN-2978-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-36-generic-lpae - 4.2.0-36.42~14.04.1 linux-image-4.2.0-36-powerpc64-smp - 4.2.0-36.42~14.04.1 linux-image-4.2.0-36-powerpc64-emb - 4.2.0-36.42~14.04.1 linux-image-4.2.0-36-powerpc-smp - 4.2.0-36.42~14.04.1 linux-image-4.2.0-36-powerpc-e500mc - 4.2.0-36.42~14.04.1 linux-image-4.2.0-36-lowlatency - 4.2.0-36.42~14.04.1 linux-image-4.2.0-36-generic - 4.2.0-36.42~14.04.1 linux-image-extra-4.2.0-36-generic - 4.2.0-36.42~14.04.1 No subscription required High CVE-2016-0758 CVE-2016-3713 Ubuntu 14.04 LTS USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713) Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758) Update Instructions: Run `sudo pro fix USN-2979-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-22-powerpc-e500mc - 4.4.0-22.40~14.04.1 linux-image-4.4.0-22-powerpc64-smp - 4.4.0-22.40~14.04.1 linux-image-4.4.0-22-generic-lpae - 4.4.0-22.40~14.04.1 linux-image-4.4.0-22-lowlatency - 4.4.0-22.40~14.04.1 linux-image-4.4.0-22-powerpc-smp - 4.4.0-22.40~14.04.1 linux-image-4.4.0-22-generic - 4.4.0-22.40~14.04.1 linux-image-4.4.0-22-powerpc64-emb - 4.4.0-22.40~14.04.1 linux-image-extra-4.4.0-22-generic - 4.4.0-22.40~14.04.1 No subscription required High CVE-2016-0758 CVE-2016-3713 Ubuntu 14.04 LTS It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1541) It was discovered that libarchive incorrectly handled memory when processing certain tar files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service. (CVE number pending) Update Instructions: Run `sudo pro fix USN-2981-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.2 libarchive13 - 3.1.2-7ubuntu2.2 bsdtar - 3.1.2-7ubuntu2.2 libarchive-dev - 3.1.2-7ubuntu2.2 No subscription required Medium CVE-2016-1541 Ubuntu 14.04 LTS Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4354, CVE-2016-4355) Hanno Böck discovered that Libksba incorrectly handled incorrect utf-8 strings when decoding certain DN data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4356) Pascal Cuoq discovered that Libksba incorrectly handled incorrect utf-8 strings when decoding certain DN data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4574) Pascal Cuoq discovered that Libksba incorrectly handled decoding certain data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. (CVE-2016-4579) Update Instructions: Run `sudo pro fix USN-2982-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.0-3ubuntu0.14.04.2 libksba-dev - 1.3.0-3ubuntu0.14.04.2 No subscription required Medium CVE-2016-4353 CVE-2016-4354 CVE-2016-4355 CVE-2016-4356 CVE-2016-4574 CVE-2016-4579 Ubuntu 14.04 LTS Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718) Update Instructions: Run `sudo pro fix USN-2983-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-4ubuntu1.2 expat - 2.1.0-4ubuntu1.2 libexpat1-dev - 2.1.0-4ubuntu1.2 lib64expat1-dev - 2.1.0-4ubuntu1.2 libexpat1-udeb - 2.1.0-4ubuntu1.2 lib64expat1 - 2.1.0-4ubuntu1.2 No subscription required Medium CVE-2016-0718 Ubuntu 14.04 LTS It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078) It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073) It was discovered that the PHP phar extension incorrectly handled certain archive files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343) It was discovered that the PHP bcpowmod() function incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4537, CVE-2016-4538) It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4539) It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4540, CVE-2016-4541) It was discovered that PHP incorrectly handled certain malformed EXIF tags. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544) Update Instructions: Run `sudo pro fix USN-2984-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.17 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.17 php5-curl - 5.5.9+dfsg-1ubuntu4.17 php5-intl - 5.5.9+dfsg-1ubuntu4.17 php5-snmp - 5.5.9+dfsg-1ubuntu4.17 php5-mysql - 5.5.9+dfsg-1ubuntu4.17 php5-odbc - 5.5.9+dfsg-1ubuntu4.17 php5-xsl - 5.5.9+dfsg-1ubuntu4.17 php5-gd - 5.5.9+dfsg-1ubuntu4.17 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.17 php5-tidy - 5.5.9+dfsg-1ubuntu4.17 php5-dev - 5.5.9+dfsg-1ubuntu4.17 php5-pgsql - 5.5.9+dfsg-1ubuntu4.17 php5-enchant - 5.5.9+dfsg-1ubuntu4.17 php5-readline - 5.5.9+dfsg-1ubuntu4.17 php5-gmp - 5.5.9+dfsg-1ubuntu4.17 php5-fpm - 5.5.9+dfsg-1ubuntu4.17 php5-cgi - 5.5.9+dfsg-1ubuntu4.17 php5-sqlite - 5.5.9+dfsg-1ubuntu4.17 php5-ldap - 5.5.9+dfsg-1ubuntu4.17 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.17 php5 - 5.5.9+dfsg-1ubuntu4.17 php5-cli - 5.5.9+dfsg-1ubuntu4.17 php-pear - 5.5.9+dfsg-1ubuntu4.17 php5-sybase - 5.5.9+dfsg-1ubuntu4.17 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.17 php5-pspell - 5.5.9+dfsg-1ubuntu4.17 php5-common - 5.5.9+dfsg-1ubuntu4.17 libphp5-embed - 5.5.9+dfsg-1ubuntu4.17 No subscription required Medium CVE-2015-8865 CVE-2016-3078 CVE-2016-3132 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 Ubuntu 14.04 LTS Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121) Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code. (CVE-2014-9761) Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781) Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-5277) Adam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776) Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. (CVE-2015-8777) Szabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8778) Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8779) Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075) Update Instructions: Run `sudo pro fix USN-2985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.8 libnss-dns-udeb - 2.19-0ubuntu6.8 libc6-ppc64 - 2.19-0ubuntu6.8 libc-bin - 2.19-0ubuntu6.8 libc6-x32 - 2.19-0ubuntu6.8 libc6-armel - 2.19-0ubuntu6.8 eglibc-source - 2.19-0ubuntu6.8 libc6-pic - 2.19-0ubuntu6.8 libc6-dev-ppc64 - 2.19-0ubuntu6.8 libc6-dev-armel - 2.19-0ubuntu6.8 libnss-files-udeb - 2.19-0ubuntu6.8 glibc-doc - 2.19-0ubuntu6.8 nscd - 2.19-0ubuntu6.8 multiarch-support - 2.19-0ubuntu6.8 libc6-dev - 2.19-0ubuntu6.8 libc6-amd64 - 2.19-0ubuntu6.8 libc6-dev-amd64 - 2.19-0ubuntu6.8 libc6 - 2.19-0ubuntu6.8 libc6-dev-x32 - 2.19-0ubuntu6.8 libc6-udeb - 2.19-0ubuntu6.8 libc6-dev-i386 - 2.19-0ubuntu6.8 libc-dev-bin - 2.19-0ubuntu6.8 libc6-prof - 2.19-0ubuntu6.8 No subscription required Medium CVE-2013-2207 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-5277 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-2856 CVE-2016-3075 Ubuntu 14.04 LTS USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. We apologize for the inconvenience. Original advisory details: Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121) Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code. (CVE-2014-9761) Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781) Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-5277) Adam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776) Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. (CVE-2015-8777) Szabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8778) Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8779) Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075) Update Instructions: Run `sudo pro fix USN-2985-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.9 libnss-dns-udeb - 2.19-0ubuntu6.9 libc6-ppc64 - 2.19-0ubuntu6.9 libc-bin - 2.19-0ubuntu6.9 libc6-x32 - 2.19-0ubuntu6.9 libc6-armel - 2.19-0ubuntu6.9 eglibc-source - 2.19-0ubuntu6.9 libc6-pic - 2.19-0ubuntu6.9 libc6-dev-ppc64 - 2.19-0ubuntu6.9 libc6-dev-armel - 2.19-0ubuntu6.9 libnss-files-udeb - 2.19-0ubuntu6.9 glibc-doc - 2.19-0ubuntu6.9 nscd - 2.19-0ubuntu6.9 multiarch-support - 2.19-0ubuntu6.9 libc6-dev - 2.19-0ubuntu6.9 libc6-amd64 - 2.19-0ubuntu6.9 libc6-dev-amd64 - 2.19-0ubuntu6.9 libc6 - 2.19-0ubuntu6.9 libc6-dev-x32 - 2.19-0ubuntu6.9 libc6-udeb - 2.19-0ubuntu6.9 libc6-dev-i386 - 2.19-0ubuntu6.9 libc-dev-bin - 2.19-0ubuntu6.9 libc6-prof - 2.19-0ubuntu6.9 No subscription required None https://launchpad.net/bugs/1585614 Ubuntu 14.04 LTS Hanno Böck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2986-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dosfstools - 3.0.26-1ubuntu0.1 dosfstools-udeb - 3.0.26-1ubuntu0.1 No subscription required Medium CVE-2015-8872 CVE-2016-4804 Ubuntu 14.04 LTS It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709) It was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874) It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877) Hans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074) Update Instructions: Run `sudo pro fix USN-2987-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.1 libgd2-xpm-dev - 2.1.0-3ubuntu0.1 libgd-tools - 2.1.0-3ubuntu0.1 libgd2-noxpm-dev - 2.1.0-3ubuntu0.1 libgd-dev - 2.1.0-3ubuntu0.1 No subscription required Medium CVE-2014-2497 CVE-2014-9709 CVE-2015-8874 CVE-2015-8877 CVE-2016-3074 Ubuntu 14.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004) Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-2989-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-87-powerpc-e500 - 3.13.0-87.133 linux-image-3.13.0-87-generic - 3.13.0-87.133 linux-image-3.13.0-87-powerpc-smp - 3.13.0-87.133 linux-image-3.13.0-87-powerpc-e500mc - 3.13.0-87.133 linux-image-3.13.0-87-lowlatency - 3.13.0-87.133 linux-image-3.13.0-87-generic-lpae - 3.13.0-87.133 linux-image-extra-3.13.0-87-generic - 3.13.0-87.133 linux-image-3.13.0-87-powerpc64-smp - 3.13.0-87.133 linux-image-3.13.0-87-powerpc64-emb - 3.13.0-87.133 No subscription required High CVE-2015-4004 CVE-2016-2069 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581 Ubuntu 14.04 LTS Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718) Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118) Update Instructions: Run `sudo pro fix USN-2990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.1 libmagickcore5 - 8:6.7.7.10-6ubuntu3.1 imagemagick - 8:6.7.7.10-6ubuntu3.1 imagemagick-doc - 8:6.7.7.10-6ubuntu3.1 libmagickwand5 - 8:6.7.7.10-6ubuntu3.1 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.1 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.1 libmagick++-dev - 8:6.7.7.10-6ubuntu3.1 libmagick++5 - 8:6.7.7.10-6ubuntu3.1 perlmagick - 8:6.7.7.10-6ubuntu3.1 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.1 No subscription required Medium CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118 Ubuntu 14.04 LTS It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.5 nginx-core - 1.4.6-1ubuntu3.5 nginx-common - 1.4.6-1ubuntu3.5 nginx-full - 1.4.6-1ubuntu3.5 nginx - 1.4.6-1ubuntu3.5 nginx-doc - 1.4.6-1ubuntu3.5 nginx-naxsi - 1.4.6-1ubuntu3.5 nginx-naxsi-ui - 1.4.6-1ubuntu3.5 nginx-light - 1.4.6-1ubuntu3.5 No subscription required Medium CVE-2016-4450 Ubuntu 14.04 LTS An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1673) An issue was discovered with Document reattachment in Blink in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1675) A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1677) A heap overflow was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1678) A use-after-free was discovered in the V8ValueConverter implementation in Chromium in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1679) A use-after-free was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1680) A security issue was discovered in ServiceWorker registration in Blink in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-1682) An out-of-bounds memory access was discovered in libxslt. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1683) An integer overflow was discovered in libxslt. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash or resource consumption). (CVE-2016-1684) An out-of-bounds read was discovered in the regular expression implementation in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash). (CVE-2016-1688) A heap overflow was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1689) A heap overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1691) It was discovered that Blink permits cross-origin loading of stylesheets by a service worker even when the stylesheet download has an incorrect MIME type. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1692) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1695, CVE-2016-1703) It was discovered that Blink does not prevent frame navigation during DocumentLoader detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1697) A parameter sanitization bug was discovered in the devtools subsystem in Blink. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2016-1699) An out-of-bounds read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash). (CVE-2016-1702) Update Instructions: Run `sudo pro fix USN-2992-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.15.7-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.15.7-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.15.7-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.15.7-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.15.7-0ubuntu0.14.04.1 oxideqmlscene - 1.15.7-0ubuntu0.14.04.1 oxideqt-codecs - 1.15.7-0ubuntu0.14.04.1 liboxideqtquick0 - 1.15.7-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.15.7-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1673 CVE-2016-1675 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1688 CVE-2016-1689 CVE-2016-1691 CVE-2016-1692 CVE-2016-1695 CVE-2016-1697 CVE-2016-1699 CVE-2016-1702 CVE-2016-1703 Ubuntu 14.04 LTS Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818) A buffer overflow was discovered when parsing HTML5 fragments in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2819) A use-after-free was discovered in contenteditable mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2821) Jordi Chancel discovered a way to use a persistent menu within a <select> element and place this in an arbitrary location. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-2822) Armin Razmdjou that the location.host property can be set to an arbitrary string after creating an invalid data: URI. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass some same-origin protections. (CVE-2016-2825) A use-after-free was discovered when processing WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2828) Tim McCormack discovered that the permissions notification can show the wrong icon when a page requests several permissions in quick succession. An attacker could potentially exploit this by tricking the user in to giving consent for access to the wrong resource. (CVE-2016-2829) It was discovered that a pointerlock can be created in a fullscreen window without user consent in some circumstances, and this pointerlock cannot be cancelled without quitting Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or conduct clickjacking attacks. (CVE-2016-2831) John Schoenick discovered that CSS pseudo-classes can leak information about plugins that are installed but disabled. An attacker could potentially exploit this to fingerprint users. (CVE-2016-2832) Matt Wobensmith discovered that Content Security Policy (CSP) does not block the loading of cross-domain Java applets when specified by policy. An attacker could potentially exploit this to bypass CSP protections and conduct cross-site scripting (XSS) attacks. (CVE-2016-2833) In addition, multiple unspecified security issues were discovered in NSS. (CVE-2016-2834) Update Instructions: Run `sudo pro fix USN-2993-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-nn - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-nb - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-fa - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-fi - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-fr - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-fy - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-or - 47.0+build3-0ubuntu0.14.04.1 firefox-testsuite - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-oc - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-cs - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ga - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-gd - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-gn - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-gl - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-gu - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-pa - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-pl - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-cy - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-pt - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-hi - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ms - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-he - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-hy - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-hr - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-hu - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-it - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-as - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ar - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-az - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-id - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-mai - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-af - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-is - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-vi - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-an - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-bs - 47.0+build3-0ubuntu0.14.04.1 firefox - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ro - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ja - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ru - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-br - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-bn - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-be - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-bg - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-sl - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-sk - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-si - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-sw - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-sv - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-sr - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-sq - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ko - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-kn - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-km - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-kk - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ka - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-xh - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ca - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ku - 47.0+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-lv - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-lt - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-th - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 47.0+build3-0ubuntu0.14.04.1 firefox-dev - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-te - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-cak - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ta - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-lg - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-tr - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-nso - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-de - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-da - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-uk - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-mr - 47.0+build3-0ubuntu0.14.04.1 firefox-globalmenu - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-uz - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ml - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-mn - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-mk - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-eu - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-et - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-es - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-csb - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-el - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-eo - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-en - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-zu - 47.0+build3-0ubuntu0.14.04.1 firefox-locale-ast - 47.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 Ubuntu 14.04 LTS It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1835, CVE-2016-1837) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836) Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1840) It was discovered that libxml2 would load certain XML external entities. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. (CVE-2016-4449) Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2016-4483) Update Instructions: Run `sudo pro fix USN-2994-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.8 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.8 libxml2 - 2.9.1+dfsg1-3ubuntu4.8 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.8 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.8 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.8 No subscription required Medium CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483 Ubuntu 14.04 LTS Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectly handled certain crafted data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4051) It was discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) Jianjun Chen discovered that Squid did not correctly ignore the Host header when absolute-URI is provided. A remote attacker could possibly use this issue to conduct cache-poisoning attacks. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4553) Jianjun Chen discovered that Squid incorrectly handled certain HTTP Host headers. A remote attacker could possibly use this issue to conduct cache-poisoning attacks. (CVE-2016-4554) It was discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2016-4555, CVE-2016-4556) Update Instructions: Run `sudo pro fix USN-2995-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.3.8-1ubuntu6.8 squid-cgi - 3.3.8-1ubuntu6.8 squid3-common - 3.3.8-1ubuntu6.8 squid-purge - 3.3.8-1ubuntu6.8 squidclient - 3.3.8-1ubuntu6.8 squid3 - 3.3.8-1ubuntu6.8 No subscription required Medium CVE-2016-3947 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Ubuntu 14.04 LTS Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2999-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-88-powerpc64-emb - 3.13.0-88.135 linux-image-3.13.0-88-powerpc-e500 - 3.13.0-88.135 linux-image-3.13.0-88-generic - 3.13.0-88.135 linux-image-3.13.0-88-lowlatency - 3.13.0-88.135 linux-image-3.13.0-88-powerpc64-smp - 3.13.0-88.135 linux-image-3.13.0-88-powerpc-smp - 3.13.0-88.135 linux-image-3.13.0-88-powerpc-e500mc - 3.13.0-88.135 linux-image-extra-3.13.0-88-generic - 3.13.0-88.135 linux-image-3.13.0-88-generic-lpae - 3.13.0-88.135 No subscription required High CVE-2016-1583 Ubuntu 14.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-3000-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-73-powerpc-e500mc - 3.16.0-73.95~14.04.1 linux-image-3.16.0-73-powerpc64-smp - 3.16.0-73.95~14.04.1 linux-image-3.16.0-73-generic-lpae - 3.16.0-73.95~14.04.1 linux-image-3.16.0-73-powerpc-smp - 3.16.0-73.95~14.04.1 linux-image-3.16.0-73-lowlatency - 3.16.0-73.95~14.04.1 linux-image-extra-3.16.0-73-generic - 3.16.0-73.95~14.04.1 linux-image-3.16.0-73-generic - 3.16.0-73.95~14.04.1 linux-image-3.16.0-73-powerpc64-emb - 3.16.0-73.95~14.04.1 No subscription required High CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3136 CVE-2016-3137 CVE-2016-3140 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581 Ubuntu 14.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-3001-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-61-powerpc-e500mc - 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc64-smp - 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-generic-lpae - 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc-smp - 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-lowlatency - 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-generic - 3.19.0-61.69~14.04.1 linux-image-extra-3.19.0-61-generic - 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc64-emb - 3.19.0-61.69~14.04.1 No subscription required High CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581 Ubuntu 14.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-3002-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-38-powerpc-e500mc - 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc64-emb - 4.2.0-38.45~14.04.1 linux-image-extra-4.2.0-38-generic - 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc-smp - 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc64-smp - 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-lowlatency - 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-generic-lpae - 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-generic - 4.2.0-38.45~14.04.1 No subscription required High CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581 Ubuntu 14.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Multiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-3005-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-24-generic - 4.4.0-24.43~14.04.1 linux-image-4.4.0-24-powerpc-e500mc - 4.4.0-24.43~14.04.1 linux-image-4.4.0-24-powerpc64-emb - 4.4.0-24.43~14.04.1 linux-image-extra-4.4.0-24-generic - 4.4.0-24.43~14.04.1 linux-image-4.4.0-24-generic-lpae - 4.4.0-24.43~14.04.1 linux-image-4.4.0-24-powerpc-smp - 4.4.0-24.43~14.04.1 linux-image-4.4.0-24-powerpc64-smp - 4.4.0-24.43~14.04.1 linux-image-4.4.0-24-lowlatency - 4.4.0-24.43~14.04.1 No subscription required High CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581 Ubuntu 14.04 LTS It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Update Instructions: Run `sudo pro fix USN-3010-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-4ubuntu1.3 expat - 2.1.0-4ubuntu1.3 libexpat1-dev - 2.1.0-4ubuntu1.3 lib64expat1-dev - 2.1.0-4ubuntu1.3 libexpat1-udeb - 2.1.0-4ubuntu1.3 lib64expat1 - 2.1.0-4ubuntu1.3 No subscription required Medium CVE-2012-6702 CVE-2016-5300 Ubuntu 14.04 LTS Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files. Update Instructions: Run `sudo pro fix USN-3012-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.15-1ubuntu1.14.04.2 wget-udeb - 1.15-1ubuntu1.14.04.2 No subscription required Medium CVE-2016-4971 Ubuntu 14.04 LTS Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. (CVE-2016-2150) Update Instructions: Run `sudo pro fix USN-3014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.3 libspice-server1 - 0.12.4-0nocelt2ubuntu1.3 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.3 No subscription required Medium CVE-2016-0749 CVE-2016-2150 Ubuntu 14.04 LTS Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1704) Update Instructions: Run `sudo pro fix USN-3015-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.15.8-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.15.8-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.15.8-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.15.8-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.15.8-0ubuntu0.14.04.1 oxideqmlscene - 1.15.8-0ubuntu0.14.04.1 oxideqt-codecs - 1.15.8-0ubuntu0.14.04.1 liboxideqtquick0 - 1.15.8-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.15.8-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1704 Ubuntu 14.04 LTS USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3016-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-28-powerpc64-smp - 4.4.0-28.47~14.04.1 linux-image-4.4.0-28-lowlatency - 4.4.0-28.47~14.04.1 linux-image-4.4.0-28-powerpc-smp - 4.4.0-28.47~14.04.1 linux-image-4.4.0-28-generic-lpae - 4.4.0-28.47~14.04.1 linux-image-extra-4.4.0-28-generic - 4.4.0-28.47~14.04.1 linux-image-4.4.0-28-powerpc64-emb - 4.4.0-28.47~14.04.1 linux-image-4.4.0-28-generic - 4.4.0-28.47~14.04.1 linux-image-4.4.0-28-powerpc-e500mc - 4.4.0-28.47~14.04.1 No subscription required High CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 Ubuntu 14.04 LTS USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3017-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-41-powerpc64-emb - 4.2.0-41.48~14.04.1 linux-image-4.2.0-41-lowlatency - 4.2.0-41.48~14.04.1 linux-image-extra-4.2.0-41-generic - 4.2.0-41.48~14.04.1 linux-image-4.2.0-41-generic - 4.2.0-41.48~14.04.1 linux-image-4.2.0-41-powerpc-smp - 4.2.0-41.48~14.04.1 linux-image-4.2.0-41-powerpc-e500mc - 4.2.0-41.48~14.04.1 linux-image-4.2.0-41-powerpc64-smp - 4.2.0-41.48~14.04.1 linux-image-4.2.0-41-generic-lpae - 4.2.0-41.48~14.04.1 No subscription required High CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 Ubuntu 14.04 LTS Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3018-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-91-generic - 3.13.0-91.138 linux-image-3.13.0-91-powerpc-e500mc - 3.13.0-91.138 linux-image-3.13.0-91-powerpc-smp - 3.13.0-91.138 linux-image-3.13.0-91-powerpc-e500 - 3.13.0-91.138 linux-image-3.13.0-91-powerpc64-smp - 3.13.0-91.138 linux-image-3.13.0-91-lowlatency - 3.13.0-91.138 linux-image-3.13.0-91-powerpc64-emb - 3.13.0-91.138 linux-image-3.13.0-91-generic-lpae - 3.13.0-91.138 linux-image-extra-3.13.0-91-generic - 3.13.0-91.138 No subscription required High CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 Ubuntu 14.04 LTS Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3019-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-76-generic-lpae - 3.16.0-76.98~14.04.1 linux-image-3.16.0-76-lowlatency - 3.16.0-76.98~14.04.1 linux-image-3.16.0-76-generic - 3.16.0-76.98~14.04.1 linux-image-3.16.0-76-powerpc-e500mc - 3.16.0-76.98~14.04.1 linux-image-3.16.0-76-powerpc64-smp - 3.16.0-76.98~14.04.1 linux-image-extra-3.16.0-76-generic - 3.16.0-76.98~14.04.1 linux-image-3.16.0-76-powerpc64-emb - 3.16.0-76.98~14.04.1 linux-image-3.16.0-76-powerpc-smp - 3.16.0-76.98~14.04.1 No subscription required High CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 Ubuntu 14.04 LTS Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3020-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-64-generic-lpae - 3.19.0-64.72~14.04.1 linux-image-3.19.0-64-lowlatency - 3.19.0-64.72~14.04.1 linux-image-3.19.0-64-generic - 3.19.0-64.72~14.04.1 linux-image-extra-3.19.0-64-generic - 3.19.0-64.72~14.04.1 linux-image-3.19.0-64-powerpc-e500mc - 3.19.0-64.72~14.04.1 linux-image-3.19.0-64-powerpc64-smp - 3.19.0-64.72~14.04.1 linux-image-3.19.0-64-powerpc64-emb - 3.19.0-64.72~14.04.1 linux-image-3.19.0-64-powerpc-smp - 3.19.0-64.72~14.04.1 No subscription required High CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 Ubuntu 14.04 LTS It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1951) Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2818) Update Instructions: Run `sudo pro fix USN-3023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-bn - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-fr - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-en-us - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-es-es - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-nb-no - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-br - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-dsb - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-fy - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-vi - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-mk - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-bn-bd - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-hu - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-es-ar - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-be - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-bg - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ja - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-lt - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-sl - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-en-gb - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-cy - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-si - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-gnome-support - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-hr - 1:45.2.0+build1-0ubuntu0.14.04.3 xul-ext-calendar-timezones - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-de - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-en - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-da - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-nl - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-nn - 1:45.2.0+build1-0ubuntu0.14.04.3 xul-ext-lightning - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ga-ie - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-fy-nl - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-sv - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-pa-in - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-sr - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-sq - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-he - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-hsb - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ar - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-uk - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-globalmenu - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-zh-cn - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ta-lk - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ru - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-cs - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-mozsymbols - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-fi - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-testsuite - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ro - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-af - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-pt-pt - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-sk - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-dev - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-hy - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ca - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-sv-se - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-pt-br - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-el - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-pa - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-rm - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ka - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-nn-no - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ko - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ga - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ast - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-tr - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-it - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-pl - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-gd - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-zh-tw - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-id - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-gl - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-nb - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-pt - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-eu - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-et - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-zh-hant - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-zh-hans - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-is - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-es - 1:45.2.0+build1-0ubuntu0.14.04.3 thunderbird-locale-ta - 1:45.2.0+build1-0ubuntu0.14.04.3 No subscription required Medium CVE-2016-1951 CVE-2016-2818 Ubuntu 14.04 LTS It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345) It was discovered that Tomcat incorrectly handled different session settings when multiple versions of the same web application was deployed. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346) It was discovered that the Tomcat Manager and Host Manager applications incorrectly handled new requests. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351) It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. A remote attacker could possibly use this issue to read arbitrary HTTP requests, including session ID values. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706) It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714) It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763) It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-3092) Update Instructions: Run `sudo pro fix USN-3024-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.6 libservlet3.0-java - 7.0.52-1ubuntu0.6 tomcat7-docs - 7.0.52-1ubuntu0.6 libservlet3.0-java-doc - 7.0.52-1ubuntu0.6 tomcat7 - 7.0.52-1ubuntu0.6 libtomcat7-java - 7.0.52-1ubuntu0.6 tomcat7-user - 7.0.52-1ubuntu0.6 tomcat7-admin - 7.0.52-1ubuntu0.6 tomcat7-examples - 7.0.52-1ubuntu0.6 No subscription required Medium CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 Ubuntu 14.04 LTS It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Update Instructions: Run `sudo pro fix USN-3025-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgimp2.0-doc - 2.8.10-0ubuntu1.1 libgimp2.0-dev - 2.8.10-0ubuntu1.1 libgimp2.0 - 2.8.10-0ubuntu1.1 gimp-data - 2.8.10-0ubuntu1.1 gimp - 2.8.10-0ubuntu1.1 No subscription required Medium CVE-2016-4994 Ubuntu 14.04 LTS It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3026-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libimobiledevice-utils - 1.1.5+git20140313.bafe6a9e-0ubuntu1.1 python-imobiledevice - 1.1.5+git20140313.bafe6a9e-0ubuntu1.1 libimobiledevice4 - 1.1.5+git20140313.bafe6a9e-0ubuntu1.1 libimobiledevice-dev - 1.1.5+git20140313.bafe6a9e-0ubuntu1.1 No subscription required Medium CVE-2016-5104 Ubuntu 14.04 LTS It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnspr4-dev - 2:4.12-0ubuntu0.14.04.1 libnspr4 - 2:4.12-0ubuntu0.14.04.1 libnspr4-0d - 2:4.12-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1951 Ubuntu 14.04 LTS Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA certificate bundle. As a security improvement, this update also modifies NSS behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Update Instructions: Run `sudo pro fix USN-3029-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.23-0ubuntu0.14.04.1 libnss3-dev - 2:3.23-0ubuntu0.14.04.1 libnss3 - 2:3.23-0ubuntu0.14.04.1 libnss3-1d - 2:3.23-0ubuntu0.14.04.1 libnss3-tools - 2:3.23-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-2834 Ubuntu 14.04 LTS It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116) It was discovered that the GD library incorrectly handled memory when using _gd2GetHeader(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-5766) It was discovered that the GD library incorrectly handled certain color indexes. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128) It was discovered that the GD library incorrectly handled memory when encoding a GIF image. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6161) Update Instructions: Run `sudo pro fix USN-3030-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.2 libgd2-xpm-dev - 2.1.0-3ubuntu0.2 libgd-tools - 2.1.0-3ubuntu0.2 libgd2-noxpm-dev - 2.1.0-3ubuntu0.2 libgd-dev - 2.1.0-3ubuntu0.2 No subscription required Medium CVE-2013-7456 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6161 Ubuntu 14.04 LTS Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3031-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpurple-dev - 1:2.10.9-0ubuntu3.3 pidgin - 1:2.10.9-0ubuntu3.3 pidgin-data - 1:2.10.9-0ubuntu3.3 finch-dev - 1:2.10.9-0ubuntu3.3 pidgin-dev - 1:2.10.9-0ubuntu3.3 libpurple-bin - 1:2.10.9-0ubuntu3.3 finch - 1:2.10.9-0ubuntu3.3 libpurple0 - 1:2.10.9-0ubuntu3.3 No subscription required Medium CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323 Ubuntu 14.04 LTS Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844) Marcin "Icewall" Noga discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4300, CVE-2016-4302) It was discovered that libarchive incorrectly handled memory allocation with large cpio symlinks. A remote attacker could use this issue to possibly cause libarchive to crash, resulting in a denial of service. (CVE-2016-4809) Update Instructions: Run `sudo pro fix USN-3033-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.3 libarchive13 - 3.1.2-7ubuntu2.3 bsdtar - 3.1.2-7ubuntu2.3 libarchive-dev - 3.1.2-7ubuntu2.3 No subscription required Medium CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844 Ubuntu 14.04 LTS Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-92-powerpc-e500mc - 3.13.0-92.139 linux-image-3.13.0-92-powerpc-e500 - 3.13.0-92.139 linux-image-3.13.0-92-powerpc64-smp - 3.13.0-92.139 linux-image-extra-3.13.0-92-generic - 3.13.0-92.139 linux-image-3.13.0-92-generic-lpae - 3.13.0-92.139 linux-image-3.13.0-92-powerpc-smp - 3.13.0-92.139 linux-image-3.13.0-92-lowlatency - 3.13.0-92.139 linux-image-3.13.0-92-powerpc64-emb - 3.13.0-92.139 linux-image-3.13.0-92-generic - 3.13.0-92.139 No subscription required Medium CVE-2016-3070 Ubuntu 14.04 LTS USN-3035-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3035-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.2.0-42-powerpc64-smp - 4.2.0-42.49~14.04.1 linux-image-4.2.0-42-generic - 4.2.0-42.49~14.04.1 linux-image-extra-4.2.0-42-generic - 4.2.0-42.49~14.04.1 linux-image-4.2.0-42-generic-lpae - 4.2.0-42.49~14.04.1 linux-image-4.2.0-42-powerpc64-emb - 4.2.0-42.49~14.04.1 linux-image-4.2.0-42-powerpc-e500mc - 4.2.0-42.49~14.04.1 linux-image-4.2.0-42-lowlatency - 4.2.0-42.49~14.04.1 linux-image-4.2.0-42-powerpc-smp - 4.2.0-42.49~14.04.1 No subscription required Medium CVE-2016-3070 Ubuntu 14.04 LTS Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3036-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.16.0-77-powerpc-smp - 3.16.0-77.99~14.04.1 linux-image-extra-3.16.0-77-generic - 3.16.0-77.99~14.04.1 linux-image-3.16.0-77-powerpc-e500mc - 3.16.0-77.99~14.04.1 linux-image-3.16.0-77-powerpc64-smp - 3.16.0-77.99~14.04.1 linux-image-3.16.0-77-generic - 3.16.0-77.99~14.04.1 linux-image-3.16.0-77-generic-lpae - 3.16.0-77.99~14.04.1 linux-image-3.16.0-77-powerpc64-emb - 3.16.0-77.99~14.04.1 linux-image-3.16.0-77-lowlatency - 3.16.0-77.99~14.04.1 No subscription required Medium CVE-2016-3070 Ubuntu 14.04 LTS Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3037-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-65-powerpc64-emb - 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-powerpc-smp - 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-powerpc-e500mc - 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-powerpc64-smp - 3.19.0-65.73~14.04.1 linux-image-extra-3.19.0-65-generic - 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-generic - 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-generic-lpae - 3.19.0-65.73~14.04.1 linux-image-3.19.0-65-lowlatency - 3.19.0-65.73~14.04.1 No subscription required Medium CVE-2016-3070 Ubuntu 14.04 LTS It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. Update Instructions: Run `sudo pro fix USN-3038-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.13 libapache2-mod-macro - 1:2.4.7-1ubuntu4.13 No subscription required apache2-data - 2.4.7-1ubuntu4.13 apache2.2-bin - 2.4.7-1ubuntu4.13 apache2-utils - 2.4.7-1ubuntu4.13 apache2-dev - 2.4.7-1ubuntu4.13 apache2-mpm-worker - 2.4.7-1ubuntu4.13 apache2-suexec-custom - 2.4.7-1ubuntu4.13 apache2-suexec - 2.4.7-1ubuntu4.13 apache2 - 2.4.7-1ubuntu4.13 apache2-suexec-pristine - 2.4.7-1ubuntu4.13 apache2-doc - 2.4.7-1ubuntu4.13 apache2-mpm-prefork - 2.4.7-1ubuntu4.13 apache2-mpm-itk - 2.4.7-1ubuntu4.13 apache2-mpm-event - 2.4.7-1ubuntu4.13 apache2-bin - 2.4.7-1ubuntu4.13 No subscription required Medium CVE-2016-5387 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Update Instructions: Run `sudo pro fix USN-3040-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.50-0ubuntu0.14.04.1 mysql-client - 5.5.50-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.50-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.50-0ubuntu0.14.04.1 libmysqld-pic - 5.5.50-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.50-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.50-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.50-0ubuntu0.14.04.1 mysql-common - 5.5.50-0ubuntu0.14.04.1 mysql-server - 5.5.50-0ubuntu0.14.04.1 mysql-testsuite - 5.5.50-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.50-0ubuntu0.14.04.1 libmysqld-dev - 5.5.50-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.50-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-3424 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3501 CVE-2016-3518 CVE-2016-3521 CVE-2016-3588 CVE-2016-3614 CVE-2016-3615 CVE-2016-5436 CVE-2016-5437 CVE-2016-5439 CVE-2016-5440 CVE-2016-5441 CVE-2016-5442 CVE-2016-5443 Ubuntu 14.04 LTS Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706) It was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710) It was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1711) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127) It was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128) A memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129) A security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5130) A use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131) The Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132) It was discovered that Chromium mishandles origin information during proxy authentication. A machine-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt. (CVE-2016-5133) It was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134) It was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135) It was discovered that the Content Security Policy (CSP) implementation in Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-5137) Update Instructions: Run `sudo pro fix USN-3041-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.16.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.16.5-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.16.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.16.5-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.16.5-0ubuntu0.14.04.1 oxideqmlscene - 1.16.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.16.5-0ubuntu0.14.04.1 liboxideqtquick0 - 1.16.5-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.16.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1705 CVE-2016-1706 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5137 Ubuntu 14.04 LTS Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory. Update Instructions: Run `sudo pro fix USN-3042-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libknewstuff3-4 - 4:4.13.3-0ubuntu0.3 libktexteditor4 - 4:4.13.3-0ubuntu0.3 libkde3support4 - 4:4.13.3-0ubuntu0.3 libkutils4 - 4:4.13.3-0ubuntu0.3 libkdeui5 - 4:4.13.3-0ubuntu0.3 libnepomukutils4 - 4:4.13.3-0ubuntu0.3 libkprintutils4 - 4:4.13.3-0ubuntu0.3 kdelibs5-data - 4:4.13.3-0ubuntu0.3 kdelibs-bin - 4:4.13.3-0ubuntu0.3 libsolid4 - 4:4.13.3-0ubuntu0.3 libkdeclarative5 - 4:4.13.3-0ubuntu0.3 libknotifyconfig4 - 4:4.13.3-0ubuntu0.3 kdelibs5-plugins - 4:4.13.3-0ubuntu0.3 libkdnssd4 - 4:4.13.3-0ubuntu0.3 libkhtml5 - 4:4.13.3-0ubuntu0.3 libkemoticons4 - 4:4.13.3-0ubuntu0.3 libkunitconversion4 - 4:4.13.3-0ubuntu0.3 libkidletime4 - 4:4.13.3-0ubuntu0.3 libkmediaplayer4 - 4:4.13.3-0ubuntu0.3 libplasma3 - 4:4.13.3-0ubuntu0.3 libkdecore5 - 4:4.13.3-0ubuntu0.3 libkntlm4 - 4:4.13.3-0ubuntu0.3 libnepomuk4 - 4:4.13.3-0ubuntu0.3 libkpty4 - 4:4.13.3-0ubuntu0.3 libkparts4 - 4:4.13.3-0ubuntu0.3 libkdewebkit5 - 4:4.13.3-0ubuntu0.3 libnepomukquery4a - 4:4.13.3-0ubuntu0.3 libkrosscore4 - 4:4.13.3-0ubuntu0.3 libkfile4 - 4:4.13.3-0ubuntu0.3 kdelibs5-dev - 4:4.13.3-0ubuntu0.3 libkio5 - 4:4.13.3-0ubuntu0.3 libkcmutils4 - 4:4.13.3-0ubuntu0.3 libknewstuff2-4 - 4:4.13.3-0ubuntu0.3 libkdesu5 - 4:4.13.3-0ubuntu0.3 libkrossui4 - 4:4.13.3-0ubuntu0.3 libkimproxy4 - 4:4.13.3-0ubuntu0.3 libthreadweaver4 - 4:4.13.3-0ubuntu0.3 libkjsembed4 - 4:4.13.3-0ubuntu0.3 kdoctools - 4:4.13.3-0ubuntu0.3 libkjsapi4 - 4:4.13.3-0ubuntu0.3 No subscription required Medium CVE-2016-6232 Ubuntu 14.04 LTS Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718) Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacked could potentially exploit this to track users, resulting in information disclosure. (CVE-2016-2830) Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836) A buffer overflow was discovered in the ClearKey Content Decryption Module (CDM) during video playback. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via plugin process crash, or, in combination with another vulnerability to escape the GMP sandbox, execute arbitrary code. (CVE-2016-2837) Atte Kettunen discovered a buffer overflow when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2838) Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-2839) Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Firas Salem discovered an issue with non-ASCII and emoji characters in data: URLs. An attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-5251) Georg Koppen discovered a stack buffer underflow during 2D graphics rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5252) Abhishek Arya discovered a use-after-free when the alt key is used with top-level menus. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5254) Jukka Jylänki discovered a crash during garbage collection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5255) Looben Yang discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5258) Looben Yang discovered a use-after-free when working with nested sync events in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5259) Mike Kaply discovered that plain-text passwords can be stored in session restore if an input field type is changed from "password" to "text" during a session, leading to information disclosure. (CVE-2016-5260) Samuel Groß discovered an integer overflow in WebSockets during data buffering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5261) Nikita Arykov discovered that JavaScript event handlers on a <marquee> element can execute in a sandboxed iframe without the allow-scripts flag set. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5262) A type confusion bug was discovered in display transformation during rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5263) A use-after-free was discovered when applying effects to SVG elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5264) Abdulrahman Alqabandi discovered a same-origin policy violation relating to local HTML files and saved shortcut files. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5265) Rafael Gieschke discovered an information disclosure issue related to drag and drop. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5266) A text injection issue was discovered with about: URLs. An attacker could potentially exploit this to spoof internal error pages. (CVE-2016-5268) Update Instructions: Run `sudo pro fix USN-3044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 48.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-gn - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 48.0+build2-0ubuntu0.14.04.1 firefox - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 48.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 48.0+build2-0ubuntu0.14.04.1 firefox-dev - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-cak - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 48.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 48.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 48.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. (CVE-2016-5385) Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399) It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768) It was discovered that the PHP Mcrypt extension incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773) It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772) It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-6288) It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289) It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290) It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295) It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296) It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297) Update Instructions: Run `sudo pro fix USN-3045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.19 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.19 php5-curl - 5.5.9+dfsg-1ubuntu4.19 php5-intl - 5.5.9+dfsg-1ubuntu4.19 php5-snmp - 5.5.9+dfsg-1ubuntu4.19 php5-mysql - 5.5.9+dfsg-1ubuntu4.19 php5-odbc - 5.5.9+dfsg-1ubuntu4.19 php5-xsl - 5.5.9+dfsg-1ubuntu4.19 php5-gd - 5.5.9+dfsg-1ubuntu4.19 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.19 php5-tidy - 5.5.9+dfsg-1ubuntu4.19 php5-dev - 5.5.9+dfsg-1ubuntu4.19 php5-pgsql - 5.5.9+dfsg-1ubuntu4.19 php5-enchant - 5.5.9+dfsg-1ubuntu4.19 php5-readline - 5.5.9+dfsg-1ubuntu4.19 php5-gmp - 5.5.9+dfsg-1ubuntu4.19 php5-fpm - 5.5.9+dfsg-1ubuntu4.19 php5-cgi - 5.5.9+dfsg-1ubuntu4.19 php5-sqlite - 5.5.9+dfsg-1ubuntu4.19 php5-ldap - 5.5.9+dfsg-1ubuntu4.19 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.19 php5 - 5.5.9+dfsg-1ubuntu4.19 php5-cli - 5.5.9+dfsg-1ubuntu4.19 php-pear - 5.5.9+dfsg-1ubuntu4.19 php5-sybase - 5.5.9+dfsg-1ubuntu4.19 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.19 php5-pspell - 5.5.9+dfsg-1ubuntu4.19 php5-common - 5.5.9+dfsg-1ubuntu4.19 libphp5-embed - 5.5.9+dfsg-1ubuntu4.19 No subscription required Medium CVE-2015-4116 CVE-2015-8873 CVE-2015-8876 CVE-2015-8935 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 CVE-2016-5385 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 Ubuntu 14.04 LTS Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351) Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4952) Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5337) It was discovered that QEMU incorrectly handled certain iSCSI asynchronous I/O ioctl calls. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5126) Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-5403) Update Instructions: Run `sudo pro fix USN-3047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.26 qemu-user-static - 2.0.0+dfsg-2ubuntu1.26 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.26 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.26 qemu-kvm - 2.0.0+dfsg-2ubuntu1.26 qemu-user - 2.0.0+dfsg-2ubuntu1.26 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.26 qemu-system - 2.0.0+dfsg-2ubuntu1.26 qemu-utils - 2.0.0+dfsg-2ubuntu1.26 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.26 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.26 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.26 qemu-common - 2.0.0+dfsg-2ubuntu1.26 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.26 qemu - 2.0.0+dfsg-2ubuntu1.26 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.26 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.26 No subscription required Medium CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 Ubuntu 14.04 LTS USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize for the inconvenience. Original advisory details: Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351) Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4952) Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5337) It was discovered that QEMU incorrectly handled certain iSCSI asynchronous I/O ioctl calls. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5126) Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-5403) Update Instructions: Run `sudo pro fix USN-3047-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.27 qemu-user-static - 2.0.0+dfsg-2ubuntu1.27 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.27 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.27 qemu-kvm - 2.0.0+dfsg-2ubuntu1.27 qemu-user - 2.0.0+dfsg-2ubuntu1.27 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.27 qemu-system - 2.0.0+dfsg-2ubuntu1.27 qemu-utils - 2.0.0+dfsg-2ubuntu1.27 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.27 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.27 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.27 qemu-common - 2.0.0+dfsg-2ubuntu1.27 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.27 qemu - 2.0.0+dfsg-2ubuntu1.27 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.27 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.27 No subscription required None https://launchpad.net/bugs/1612089 Ubuntu 14.04 LTS Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421) Update Instructions: Run `sudo pro fix USN-3048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.8 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.8 libcurl4-openssl-dev - 7.35.0-1ubuntu2.8 libcurl3-gnutls - 7.35.0-1ubuntu2.8 libcurl3-udeb - 7.35.0-1ubuntu2.8 libcurl4-doc - 7.35.0-1ubuntu2.8 libcurl3-nss - 7.35.0-1ubuntu2.8 libcurl4-nss-dev - 7.35.0-1ubuntu2.8 libcurl3 - 7.35.0-1ubuntu2.8 curl - 7.35.0-1ubuntu2.8 No subscription required Medium CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 Ubuntu 14.04 LTS It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243) Update Instructions: Run `sudo pro fix USN-3052-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-93-lowlatency - 3.13.0-93.140 linux-image-3.13.0-93-powerpc-e500mc - 3.13.0-93.140 linux-image-3.13.0-93-powerpc64-emb - 3.13.0-93.140 linux-image-3.13.0-93-powerpc-e500 - 3.13.0-93.140 linux-image-3.13.0-93-generic - 3.13.0-93.140 linux-image-3.13.0-93-powerpc-smp - 3.13.0-93.140 linux-image-extra-3.13.0-93-generic - 3.13.0-93.140 linux-image-3.13.0-93-generic-lpae - 3.13.0-93.140 linux-image-3.13.0-93-powerpc64-smp - 3.13.0-93.140 No subscription required Medium CVE-2016-4470 CVE-2016-5243 Ubuntu 14.04 LTS A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243) Update Instructions: Run `sudo pro fix USN-3053-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.19.0-66-powerpc64-smp - 3.19.0-66.74~14.04.1 linux-image-extra-3.19.0-66-generic - 3.19.0-66.74~14.04.1 linux-image-3.19.0-66-generic-lpae - 3.19.0-66.74~14.04.1 linux-image-3.19.0-66-powerpc-e500mc - 3.19.0-66.74~14.04.1 linux-image-3.19.0-66-lowlatency - 3.19.0-66.74~14.04.1 linux-image-3.19.0-66-powerpc64-emb - 3.19.0-66.74~14.04.1 linux-image-3.19.0-66-generic - 3.19.0-66.74~14.04.1 linux-image-3.19.0-66-powerpc-smp - 3.19.0-66.74~14.04.1 No subscription required Medium CVE-2016-1237 CVE-2016-4470 CVE-2016-4794 CVE-2016-5243 Ubuntu 14.04 LTS Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243) Update Instructions: Run `sudo pro fix USN-3054-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-34-generic-lpae - 4.4.0-34.53~14.04.1 linux-image-4.4.0-34-powerpc-e500mc - 4.4.0-34.53~14.04.1 linux-image-4.4.0-34-powerpc64-smp - 4.4.0-34.53~14.04.1 linux-image-4.4.0-34-generic - 4.4.0-34.53~14.04.1 linux-image-4.4.0-34-powerpc64-emb - 4.4.0-34.53~14.04.1 linux-image-extra-4.4.0-34-generic - 4.4.0-34.53~14.04.1 linux-image-4.4.0-34-powerpc-smp - 4.4.0-34.53~14.04.1 linux-image-4.4.0-34-lowlatency - 4.4.0-34.53~14.04.1 No subscription required Medium CVE-2016-3135 CVE-2016-4470 CVE-2016-4794 CVE-2016-5243 Ubuntu 14.04 LTS An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5141) A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5142) It was discovered that the devtools subsystem in Blink mishandles various parameters. An attacker could exploit this to bypass intended access restrictions. (CVE-2016-5143, CVE-2016-5144) It was discovered that Blink does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5145) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5146, CVE-2016-5167) It was discovered that Blink mishandles deferred page loads. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5147) An issue was discovered in Blink related to widget updates. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5148) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5150) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5153) It was discovered that Chromium does not correctly validate access to the initial document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5155) A use-after-free was discovered in the event bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5156) A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5161) An issue was discovered with the devtools implementation. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5164) An issue was discovered with the devtools implementation. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5165) Update Instructions: Run `sudo pro fix USN-3058-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.17.7-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.17.7-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.17.7-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.17.7-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.17.7-0ubuntu0.14.04.1 oxideqmlscene - 1.17.7-0ubuntu0.14.04.1 oxideqt-codecs - 1.17.7-0ubuntu0.14.04.1 liboxideqtquick0 - 1.17.7-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.17.7-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 CVE-2016-5147 CVE-2016-5148 CVE-2016-5150 CVE-2016-5153 CVE-2016-5155 CVE-2016-5156 CVE-2016-5161 CVE-2016-5164 CVE-2016-5165 CVE-2016-5167 Ubuntu 14.04 LTS It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. (CVE-2016-6132, CVE-2016-6214) It was discovered that the GD library incorrectly handled memory when using gdImageScale(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-6207) Update Instructions: Run `sudo pro fix USN-3060-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.3 libgd2-xpm-dev - 2.1.0-3ubuntu0.3 libgd-tools - 2.1.0-3ubuntu0.3 libgd2-noxpm-dev - 2.1.0-3ubuntu0.3 libgd-dev - 2.1.0-3ubuntu0.3 No subscription required Medium CVE-2016-6132 CVE-2016-6207 CVE-2016-6214 Ubuntu 14.04 LTS Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and enumerate valid users. (CVE-2016-6210) Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did not limit password lengths. A remote attacker could use this issue to cause OpenSSH to consume resources, leading to a denial of service. (CVE-2016-6515) Update Instructions: Run `sudo pro fix USN-3061-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.8 openssh-client - 1:6.6p1-2ubuntu2.8 openssh-server - 1:6.6p1-2ubuntu2.8 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.8 ssh - 1:6.6p1-2ubuntu2.8 ssh-krb5 - 1:6.6p1-2ubuntu2.8 openssh-client-udeb - 1:6.6p1-2ubuntu2.8 openssh-sftp-server - 1:6.6p1-2ubuntu2.8 No subscription required Medium CVE-2016-6210 CVE-2016-6515 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2016-3500, CVE-2016-3508) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-3550) Update Instructions: Run `sudo pro fix USN-3062-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-source - 7u111-2.6.7-0ubuntu0.14.04.3 icedtea-7-jre-jamvm - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-jre-lib - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-jdk - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-jre-headless - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-jre - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-doc - 7u111-2.6.7-0ubuntu0.14.04.3 openjdk-7-demo - 7u111-2.6.7-0ubuntu0.14.04.3 No subscription required Medium CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Ubuntu 14.04 LTS Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges. Update Instructions: Run `sudo pro fix USN-3063-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fontconfig-config - 2.11.0-0ubuntu4.2 libfontconfig1 - 2.11.0-0ubuntu4.2 fontconfig-udeb - 2.11.0-0ubuntu4.2 libfontconfig1-dev - 2.11.0-0ubuntu4.2 fontconfig - 2.11.0-0ubuntu4.2 No subscription required Medium CVE-2016-5384 Ubuntu 14.04 LTS Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Update Instructions: Run `sudo pro fix USN-3064-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.16-1ubuntu2.4 gnupg-udeb - 1.4.16-1ubuntu2.4 gpgv - 1.4.16-1ubuntu2.4 gpgv-udeb - 1.4.16-1ubuntu2.4 gnupg - 1.4.16-1ubuntu2.4 No subscription required High CVE-2016-6313 Ubuntu 14.04 LTS Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Update Instructions: Run `sudo pro fix USN-3065-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.4 libgcrypt11-udeb - 1.5.3-2ubuntu4.4 libgcrypt11-dev - 1.5.3-2ubuntu4.4 libgcrypt11 - 1.5.3-2ubuntu4.4 No subscription required High CVE-2016-6313 Ubuntu 14.04 LTS Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423) Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-5424) Update Instructions: Run `sudo pro fix USN-3066-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.14-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.14-0ubuntu0.14.04 postgresql-9.3 - 9.3.14-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.14-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.14-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.14-0ubuntu0.14.04 libecpg6 - 9.3.14-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.14-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.14-0ubuntu0.14.04 libpgtypes3 - 9.3.14-0ubuntu0.14.04 libecpg-dev - 9.3.14-0ubuntu0.14.04 libpq-dev - 9.3.14-0ubuntu0.14.04 libpq5 - 9.3.14-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.14-0ubuntu0.14.04 libecpg-compat3 - 9.3.14-0ubuntu0.14.04 No subscription required Medium CVE-2016-5423 CVE-2016-5424 Ubuntu 14.04 LTS Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947) It was discovered that HarfBuzz incorrectly handled certain length checks. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052) Update Instructions: Run `sudo pro fix USN-3067-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-harfbuzz-0.0 - 0.9.27-1ubuntu1.1 libharfbuzz-gobject0 - 0.9.27-1ubuntu1.1 libharfbuzz-dev - 0.9.27-1ubuntu1.1 libharfbuzz-icu0 - 0.9.27-1ubuntu1.1 libharfbuzz0b - 0.9.27-1ubuntu1.1 libharfbuzz-bin - 0.9.27-1ubuntu1.1 libharfbuzz0-udeb - 0.9.27-1ubuntu1.1 libharfbuzz-doc - 0.9.27-1ubuntu1.1 No subscription required Medium CVE-2015-8947 CVE-2016-2052 Ubuntu 14.04 LTS Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-2059) Hanno Böck discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262, CVE-2016-6261, CVE-2016-6263) Update Instructions: Run `sudo pro fix USN-3068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idn - 1.28-1ubuntu2.1 libidn11-dev - 1.28-1ubuntu2.1 libidn11-java - 1.28-1ubuntu2.1 libidn11 - 1.28-1ubuntu2.1 No subscription required Medium CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 Ubuntu 14.04 LTS It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3069-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: eog-dev - 3.10.2-0ubuntu5.2 eog - 3.10.2-0ubuntu5.2 No subscription required Medium CVE-2016-6855 Ubuntu 14.04 LTS USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in the Linux kernel did not properly handle certain error conditions. An attacker with physical access could use this to cause a denial of service (memory consumption). (CVE-2016-5400) Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-5728) Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled transactional memory state on exec(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5828) It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829) It was discovered that the OverlayFS implementation in the Linux kernel did not properly verify dentry state before proceeding with unlink and rename operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6197) Update Instructions: Run `sudo pro fix USN-3070-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-36-generic-lpae - 4.4.0-36.55~14.04.1 linux-image-4.4.0-36-powerpc64-smp - 4.4.0-36.55~14.04.1 linux-image-4.4.0-36-powerpc-e500mc - 4.4.0-36.55~14.04.1 linux-image-4.4.0-36-powerpc64-emb - 4.4.0-36.55~14.04.1 linux-image-4.4.0-36-lowlatency - 4.4.0-36.55~14.04.1 linux-image-extra-4.4.0-36-generic - 4.4.0-36.55~14.04.1 linux-image-4.4.0-36-generic - 4.4.0-36.55~14.04.1 linux-image-4.4.0-36-powerpc-smp - 4.4.0-36.55~14.04.1 No subscription required Medium CVE-2016-1237 CVE-2016-5244 CVE-2016-5400 CVE-2016-5696 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 Ubuntu 14.04 LTS Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-5728) Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled transactional memory state on exec(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5828) It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829) Update Instructions: Run `sudo pro fix USN-3071-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-95-powerpc64-smp - 3.13.0-95.142 linux-image-3.13.0-95-generic-lpae - 3.13.0-95.142 linux-image-3.13.0-95-powerpc-e500mc - 3.13.0-95.142 linux-image-3.13.0-95-lowlatency - 3.13.0-95.142 linux-image-3.13.0-95-powerpc64-emb - 3.13.0-95.142 linux-image-extra-3.13.0-95-generic - 3.13.0-95.142 linux-image-3.13.0-95-generic - 3.13.0-95.142 linux-image-3.13.0-95-powerpc-smp - 3.13.0-95.142 linux-image-3.13.0-95-powerpc-e500 - 3.13.0-95.142 No subscription required Medium CVE-2016-5244 CVE-2016-5696 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 Ubuntu 14.04 LTS Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2836) Update Instructions: Run `sudo pro fix USN-3073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-bn - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-fr - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-en-us - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-es-es - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-nb-no - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-br - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-dsb - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-fy - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-vi - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-mk - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-bn-bd - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-hu - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-es-ar - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-be - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-bg - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ja - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-lt - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-sl - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-en-gb - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-cy - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-si - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-gnome-support - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-hr - 1:45.3.0+build1-0ubuntu0.14.04.4 xul-ext-calendar-timezones - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-de - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-en - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-da - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-nl - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-nn - 1:45.3.0+build1-0ubuntu0.14.04.4 xul-ext-lightning - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ga-ie - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-fy-nl - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-sv - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-pa-in - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-sr - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-sq - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-he - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-hsb - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ar - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-uk - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-globalmenu - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-zh-cn - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ta-lk - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ru - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-cs - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-mozsymbols - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-fi - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-testsuite - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ro - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-af - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-pt-pt - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-sk - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-dev - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-hy - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ca - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-sv-se - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-pt-br - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-el - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-pa - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-rm - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ka - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-nn-no - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ko - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ga - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ast - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-tr - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-it - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-pl - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-gd - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-zh-tw - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-id - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-gl - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-nb - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-pt - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-eu - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-et - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-zh-hant - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-zh-hans - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-is - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-es - 1:45.3.0+build1-0ubuntu0.14.04.4 thunderbird-locale-ta - 1:45.3.0+build1-0ubuntu0.14.04.4 No subscription required Medium CVE-2016-2836 Ubuntu 14.04 LTS It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory. Update Instructions: Run `sudo pro fix USN-3074-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.10.2.1-0ubuntu4.2 No subscription required Medium CVE-2016-7162 https://launchpad.net/bugs/1171236 Ubuntu 14.04 LTS Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service (application crash) or possibly obtain sensitive information. (CVE-2016-3994) Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2. An attacker could use this to cause a denial of service (application crash). (CVE-2016-3993) Yuriy M. Kaminskiy discovered that integer overflows existed in Imlib2 when handling images with large dimensions. An attacker could use this to cause a denial of service (memory exhaustion or application crash). (CVE-2014-9771, CVE-2016-4024) Kevin Ryde discovered that the ellipse drawing code in Imlib2 would attempt to divide by zero when drawing a 2x1 ellipse. An attacker could use this to cause a denial of service (application crash). (CVE-2011-5326) It was discovered that Imlib2 did not properly handled GIF images without colormaps. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9762) It was discovered that Imlib2 did not properly handle some PNM images, leading to a division by zero. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9763) It was discovered that Imlib2 did not properly handle error conditions when loading some GIF images. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9764) Update Instructions: Run `sudo pro fix USN-3075-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libimlib2-dev - 1.4.6-2ubuntu0.1 libimlib2 - 1.4.6-2ubuntu0.1 No subscription required Medium CVE-2011-5326 CVE-2014-9762 CVE-2014-9763 CVE-2014-9764 CVE-2014-9771 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024 Ubuntu 14.04 LTS Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827) Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Rafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) Richard Newman discovered that favicons can be loaded through protocols not in the allowlist, such as jar:. (CVE-2016-5282) Gavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a machine-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284) Update Instructions: Run `sudo pro fix USN-3076-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-nn - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-nb - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-fa - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-fi - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-fr - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-fy - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-or - 49.0+build4-0ubuntu0.14.04.1 firefox-testsuite - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-oc - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-cs - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ga - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-gd - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-gn - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-gl - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-gu - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-pa - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-pl - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-cy - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-pt - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-hi - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ms - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-he - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-hy - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-hr - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-hu - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-it - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-as - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ar - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-az - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-id - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-mai - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-af - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-is - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-vi - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-an - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-bs - 49.0+build4-0ubuntu0.14.04.1 firefox - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ro - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ja - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ru - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-br - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-zh-hant - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-zh-hans - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-bn - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-be - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-bg - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-sl - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-sk - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-si - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-sw - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-sv - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-sr - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-sq - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ko - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-kn - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-km - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-kk - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ka - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-xh - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ca - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ku - 49.0+build4-0ubuntu0.14.04.1 firefox-mozsymbols - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-lv - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-lt - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-th - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-hsb - 49.0+build4-0ubuntu0.14.04.1 firefox-dev - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-te - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-cak - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ta - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-lg - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-tr - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-nso - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-de - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-da - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-uk - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-mr - 49.0+build4-0ubuntu0.14.04.1 firefox-globalmenu - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-uz - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ml - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-mn - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-mk - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-eu - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-et - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-es - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-csb - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-el - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-eo - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-en - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-zu - 49.0+build4-0ubuntu0.14.04.1 firefox-locale-ast - 49.0+build4-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-2827 CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 Ubuntu 14.04 LTS Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html Update Instructions: Run `sudo pro fix USN-3078-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.52-0ubuntu0.14.04.1 mysql-client - 5.5.52-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.52-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.52-0ubuntu0.14.04.1 libmysqld-pic - 5.5.52-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.52-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.52-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.52-0ubuntu0.14.04.1 mysql-common - 5.5.52-0ubuntu0.14.04.1 mysql-server - 5.5.52-0ubuntu0.14.04.1 mysql-testsuite - 5.5.52-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.52-0ubuntu0.14.04.1 libmysqld-dev - 5.5.52-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.52-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-6662 Ubuntu 14.04 LTS Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. (CVE-2016-1240) This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnabled to True by default. Update Instructions: Run `sudo pro fix USN-3081-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.7 libservlet3.0-java - 7.0.52-1ubuntu0.7 tomcat7-docs - 7.0.52-1ubuntu0.7 libservlet3.0-java-doc - 7.0.52-1ubuntu0.7 tomcat7 - 7.0.52-1ubuntu0.7 libtomcat7-java - 7.0.52-1ubuntu0.7 tomcat7-user - 7.0.52-1ubuntu0.7 tomcat7-admin - 7.0.52-1ubuntu0.7 tomcat7-examples - 7.0.52-1ubuntu0.7 No subscription required Medium CVE-2016-1240 https://launchpad.net/bugs/1609819 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3841) It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2015-8767) Update Instructions: Run `sudo pro fix USN-3083-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-96-powerpc-smp - 3.13.0-96.143 linux-image-3.13.0-96-powerpc64-smp - 3.13.0-96.143 linux-image-3.13.0-96-powerpc-e500mc - 3.13.0-96.143 linux-image-3.13.0-96-powerpc64-emb - 3.13.0-96.143 linux-image-3.13.0-96-generic - 3.13.0-96.143 linux-image-extra-3.13.0-96-generic - 3.13.0-96.143 linux-image-3.13.0-96-generic-lpae - 3.13.0-96.143 linux-image-3.13.0-96-powerpc-e500 - 3.13.0-96.143 linux-image-3.13.0-96-lowlatency - 3.13.0-96.143 No subscription required High CVE-2015-8767 CVE-2016-3841 Ubuntu 14.04 LTS USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service (CPU lockup) in the host OS. (CVE-2016-5412) Pengfei Wang discovered a race condition in the Chrome OS embedded controller device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6156) Update Instructions: Run `sudo pro fix USN-3084-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-38-powerpc64-emb - 4.4.0-38.57~14.04.1 linux-image-4.4.0-38-powerpc64-smp - 4.4.0-38.57~14.04.1 linux-image-4.4.0-38-generic - 4.4.0-38.57~14.04.1 linux-image-4.4.0-38-powerpc-e500mc - 4.4.0-38.57~14.04.1 linux-image-extra-4.4.0-38-generic - 4.4.0-38.57~14.04.1 linux-image-4.4.0-38-powerpc-smp - 4.4.0-38.57~14.04.1 linux-image-4.4.0-38-lowlatency - 4.4.0-38.57~14.04.1 linux-image-4.4.0-38-generic-lpae - 4.4.0-38.57~14.04.1 No subscription required Medium CVE-2016-5412 CVE-2016-6136 CVE-2016-6156 Ubuntu 14.04 LTS It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552) It was discovered that the GDK-PixBuf library contained an integer overflow when handling certain images. If a user or automated system were tricked into opening a crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8875) Franco Costantini discovered that the GDK-PixBuf library contained an out-of-bounds write error when parsing an ico file. If a user or automated system were tricked into opening a crafted ico file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6352) Update Instructions: Run `sudo pro fix USN-3085-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.30.7-0ubuntu1.6 libgdk-pixbuf2.0-common - 2.30.7-0ubuntu1.6 libgdk-pixbuf2.0-dev - 2.30.7-0ubuntu1.6 libgdk-pixbuf2.0-0-udeb - 2.30.7-0ubuntu1.6 libgdk-pixbuf2.0-doc - 2.30.7-0ubuntu1.6 gir1.2-gdkpixbuf-2.0 - 2.30.7-0ubuntu1.6 No subscription required Medium CVE-2015-7552 CVE-2015-8875 CVE-2016-6352 Ubuntu 14.04 LTS Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2177) César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. A remote attacker could use this issue to cause a denial of service. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6306) Update Instructions: Run `sudo pro fix USN-3087-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.20 libssl-dev - 1.0.1f-1ubuntu2.20 openssl - 1.0.1f-1ubuntu2.20 libssl-doc - 1.0.1f-1ubuntu2.20 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.20 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.20 No subscription required High CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Ubuntu 14.04 LTS USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2177) César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. A remote attacker could use this issue to cause a denial of service. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6306) Update Instructions: Run `sudo pro fix USN-3087-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.21 libssl-dev - 1.0.1f-1ubuntu2.21 openssl - 1.0.1f-1ubuntu2.21 libssl-doc - 1.0.1f-1ubuntu2.21 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.21 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.21 No subscription required None https://launchpad.net/bugs/1626883 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3088-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.9 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.9 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.9 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.9 bind9utils - 1:9.9.5.dfsg-3ubuntu0.9 libdns100 - 1:9.9.5.dfsg-3ubuntu0.9 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.9 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.9 host - 1:9.9.5.dfsg-3ubuntu0.9 lwresd - 1:9.9.5.dfsg-3ubuntu0.9 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.9 libisc95 - 1:9.9.5.dfsg-3ubuntu0.9 bind9 - 1:9.9.5.dfsg-3ubuntu0.9 bind9-host - 1:9.9.5.dfsg-3ubuntu0.9 No subscription required Medium CVE-2016-2776 Ubuntu 14.04 LTS Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass. Update Instructions: Run `sudo pro fix USN-3089-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.15 python-django - 1.6.1-2ubuntu0.15 No subscription required Medium CVE-2016-7401 Ubuntu 14.04 LTS It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533) Update Instructions: Run `sudo pro fix USN-3090-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-imaging-tk - 2.3.0-1ubuntu3.2 python3-pil.imagetk - 2.3.0-1ubuntu3.2 python-imaging-compat - 2.3.0-1ubuntu3.2 python3-sane - 2.3.0-1ubuntu3.2 python-imaging-doc - 2.3.0-1ubuntu3.2 python-pil-doc - 2.3.0-1ubuntu3.2 python3-pil - 2.3.0-1ubuntu3.2 python-sane - 2.3.0-1ubuntu3.2 python-pil.imagetk - 2.3.0-1ubuntu3.2 python3-imaging - 2.3.0-1ubuntu3.2 python-imaging - 2.3.0-1ubuntu3.2 python-pil - 2.3.0-1ubuntu3.2 python-imaging-tk - 2.3.0-1ubuntu3.2 python-imaging-sane - 2.3.0-1ubuntu3.2 python3-imaging-sane - 2.3.0-1ubuntu3.2 No subscription required Medium CVE-2014-3589 CVE-2014-9601 CVE-2016-0740 CVE-2016-0775 CVE-2016-2533 Ubuntu 14.04 LTS USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images. This update temporarily reverts the security fix for CVE-2014-9601 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533) Update Instructions: Run `sudo pro fix USN-3090-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-imaging-tk - 2.3.0-1ubuntu3.3 python3-pil.imagetk - 2.3.0-1ubuntu3.3 python-imaging-compat - 2.3.0-1ubuntu3.3 python3-sane - 2.3.0-1ubuntu3.3 python-imaging-doc - 2.3.0-1ubuntu3.3 python-pil-doc - 2.3.0-1ubuntu3.3 python3-pil - 2.3.0-1ubuntu3.3 python-sane - 2.3.0-1ubuntu3.3 python-pil.imagetk - 2.3.0-1ubuntu3.3 python3-imaging - 2.3.0-1ubuntu3.3 python-imaging - 2.3.0-1ubuntu3.3 python-pil - 2.3.0-1ubuntu3.3 python-imaging-tk - 2.3.0-1ubuntu3.3 python-imaging-sane - 2.3.0-1ubuntu3.3 python3-imaging-sane - 2.3.0-1ubuntu3.3 No subscription required Low CVE-2014-9601 https://launchpad.net/bugs/1628351 Ubuntu 14.04 LTS A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5170) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5171) An issue was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to ontain sensitive information from arbitrary memory locations. (CVE-2016-5172) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5175, CVE-2016-5178) A use-after-free was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5177) It was discovered that Chromium does not ensure the recipient of a certain IPC message is a valid RenderFrame or RenderWidget. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code. (CVE-2016-7549) Update Instructions: Run `sudo pro fix USN-3091-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.17.9-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.17.9-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.17.9-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.17.9-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.17.9-0ubuntu0.14.04.1 oxideqmlscene - 1.17.9-0ubuntu0.14.04.1 oxideqt-codecs - 1.17.9-0ubuntu0.14.04.1 liboxideqtquick0 - 1.17.9-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.17.9-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5175 CVE-2016-5177 CVE-2016-5178 CVE-2016-7549 Ubuntu 14.04 LTS Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a machine-in-the-middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update Instructions: Run `sudo pro fix USN-3092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.1 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.1 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.1 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.1 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.1 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.1 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-2119 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Update Instructions: Run `sudo pro fix USN-3093-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav-testfiles - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav-base - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav - 0.99.2+addedllvm-0ubuntu0.14.04.1 libclamav7 - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav-daemon - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav-milter - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav-docs - 0.99.2+addedllvm-0ubuntu0.14.04.1 clamav-freshclam - 0.99.2+addedllvm-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1371 CVE-2016-1372 CVE-2016-1405 Ubuntu 14.04 LTS Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7124) Taoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. (CVE-2016-7125) It was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7127) It was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. (CVE-2016-7128) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7413) It was discovered that PHP incorrectly handled certain memory operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133) It was discovered that PHP incorrectly handled long strings in curl_escape calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7134) Taoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7411) It was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7412) It was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7414) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7416) It was discovered that PHP incorrectly handled SplArray unserializing. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7417) Ke Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7418) Update Instructions: Run `sudo pro fix USN-3095-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.20 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.20 php5-curl - 5.5.9+dfsg-1ubuntu4.20 php5-intl - 5.5.9+dfsg-1ubuntu4.20 php5-snmp - 5.5.9+dfsg-1ubuntu4.20 php5-mysql - 5.5.9+dfsg-1ubuntu4.20 php5-odbc - 5.5.9+dfsg-1ubuntu4.20 php5-xsl - 5.5.9+dfsg-1ubuntu4.20 php5-gd - 5.5.9+dfsg-1ubuntu4.20 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.20 php5-tidy - 5.5.9+dfsg-1ubuntu4.20 php5-dev - 5.5.9+dfsg-1ubuntu4.20 php5-pgsql - 5.5.9+dfsg-1ubuntu4.20 php5-enchant - 5.5.9+dfsg-1ubuntu4.20 php5-readline - 5.5.9+dfsg-1ubuntu4.20 php5-gmp - 5.5.9+dfsg-1ubuntu4.20 php5-fpm - 5.5.9+dfsg-1ubuntu4.20 php5-cgi - 5.5.9+dfsg-1ubuntu4.20 php5-sqlite - 5.5.9+dfsg-1ubuntu4.20 php5-ldap - 5.5.9+dfsg-1ubuntu4.20 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.20 php5 - 5.5.9+dfsg-1ubuntu4.20 php5-cli - 5.5.9+dfsg-1ubuntu4.20 php-pear - 5.5.9+dfsg-1ubuntu4.20 php5-sybase - 5.5.9+dfsg-1ubuntu4.20 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.20 php5-pspell - 5.5.9+dfsg-1ubuntu4.20 php5-common - 5.5.9+dfsg-1ubuntu4.20 libphp5-embed - 5.5.9+dfsg-1ubuntu4.20 No subscription required Medium CVE-2016-7124 CVE-2016-7125 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7133 CVE-2016-7134 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Ubuntu 14.04 LTS Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976) Stephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978) Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979) Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138) Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158) It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727) Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547) Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548) Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550) Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516) Yihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518) Jakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954) Miroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update Instructions: Run `sudo pro fix USN-3096-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 No subscription required Medium CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-0727 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 Ubuntu 14.04 LTS Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480) Update Instructions: Run `sudo pro fix USN-3098-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-98-powerpc-e500 - 3.13.0-98.145 linux-image-3.13.0-98-powerpc64-smp - 3.13.0-98.145 linux-image-3.13.0-98-generic-lpae - 3.13.0-98.145 linux-image-extra-3.13.0-98-generic - 3.13.0-98.145 linux-image-3.13.0-98-powerpc64-emb - 3.13.0-98.145 linux-image-3.13.0-98-generic - 3.13.0-98.145 linux-image-3.13.0-98-powerpc-smp - 3.13.0-98.145 linux-image-3.13.0-98-powerpc-e500mc - 3.13.0-98.145 linux-image-3.13.0-98-lowlatency - 3.13.0-98.145 No subscription required High CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 Ubuntu 14.04 LTS USN-3099-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480) Update Instructions: Run `sudo pro fix USN-3099-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-42-powerpc-smp - 4.4.0-42.62~14.04.1 linux-image-4.4.0-42-generic-lpae - 4.4.0-42.62~14.04.1 linux-image-4.4.0-42-powerpc-e500mc - 4.4.0-42.62~14.04.1 linux-image-4.4.0-42-powerpc64-emb - 4.4.0-42.62~14.04.1 linux-image-extra-4.4.0-42-generic - 4.4.0-42.62~14.04.1 linux-image-4.4.0-42-generic - 4.4.0-42.62~14.04.1 linux-image-4.4.0-42-powerpc64-smp - 4.4.0-42.62~14.04.1 linux-image-4.4.0-42-lowlatency - 4.4.0-42.62~14.04.1 No subscription required High CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 Ubuntu 14.04 LTS It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. (CVE-2016-4049) It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information. (CVE-2016-4036) Update Instructions: Run `sudo pro fix USN-3102-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.22.4-3ubuntu1.2 quagga-doc - 0.99.22.4-3ubuntu1.2 No subscription required Medium CVE-2016-4036 CVE-2016-4049 Ubuntu 14.04 LTS It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9906) Hanno Böck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8949) Pali Rohár discovered that DBD::mysql incorrectly handled certain user supplied data. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1246) Update Instructions: Run `sudo pro fix USN-3103-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbd-mysql-perl - 4.025-1ubuntu0.1 No subscription required Medium CVE-2014-9906 CVE-2015-8949 CVE-2016-1246 Ubuntu 14.04 LTS It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3105-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-100-powerpc-e500 - 3.13.0-100.147 linux-image-extra-3.13.0-100-generic - 3.13.0-100.147 linux-image-3.13.0-100-generic-lpae - 3.13.0-100.147 linux-image-3.13.0-100-powerpc-smp - 3.13.0-100.147 linux-image-3.13.0-100-powerpc64-smp - 3.13.0-100.147 linux-image-3.13.0-100-generic - 3.13.0-100.147 linux-image-3.13.0-100-powerpc64-emb - 3.13.0-100.147 linux-image-3.13.0-100-powerpc-e500mc - 3.13.0-100.147 linux-image-3.13.0-100-lowlatency - 3.13.0-100.147 No subscription required High CVE-2016-5195 Ubuntu 14.04 LTS USN-3106-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3106-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-45-powerpc64-emb - 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-powerpc-smp - 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-lowlatency - 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-generic - 4.4.0-45.66~14.04.1 linux-image-extra-4.4.0-45-generic - 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-generic-lpae - 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-powerpc-e500mc - 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-powerpc64-smp - 4.4.0-45.66~14.04.1 No subscription required High CVE-2016-5195 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Update Instructions: Run `sudo pro fix USN-3109-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.53-0ubuntu0.14.04.1 mysql-client - 5.5.53-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.53-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.53-0ubuntu0.14.04.1 libmysqld-pic - 5.5.53-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.53-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.53-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.53-0ubuntu0.14.04.1 mysql-common - 5.5.53-0ubuntu0.14.04.1 mysql-server - 5.5.53-0ubuntu0.14.04.1 mysql-testsuite - 5.5.53-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.53-0ubuntu0.14.04.1 libmysqld-dev - 5.5.53-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.53-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5584 CVE-2016-7440 Ubuntu 14.04 LTS David Lamparter discovered that Quagga incorrectly handled certain IPv6 router advertisements. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.22.4-3ubuntu1.3 quagga-doc - 0.99.22.4-3ubuntu1.3 No subscription required Medium CVE-2016-1245 Ubuntu 14.04 LTS A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. (CVE-2016-5287) It was discovered that web content could access information in the HTTP cache in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5288) Update Instructions: Run `sudo pro fix USN-3111-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-nn - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-nb - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fa - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fi - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fr - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-fy - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-or - 49.0.2+build2-0ubuntu0.14.04.1 firefox-testsuite - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-oc - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-cs - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ga - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gd - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gn - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gl - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-gu - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-pa - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-pl - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-cy - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-pt - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hi - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ms - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-he - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hy - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hr - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hu - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-it - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-as - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ar - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-az - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-id - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mai - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-af - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-is - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-vi - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-an - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-bs - 49.0.2+build2-0ubuntu0.14.04.1 firefox - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ro - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ja - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ru - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-br - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-bn - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-be - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-bg - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sl - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sk - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-si - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sw - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sv - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sr - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-sq - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ko - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-kn - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-km - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-kk - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ka - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-xh - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ca - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ku - 49.0.2+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-lv - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-lt - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-th - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 49.0.2+build2-0ubuntu0.14.04.1 firefox-dev - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-te - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-cak - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ta - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-lg - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-tr - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-nso - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-de - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-da - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-uk - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mr - 49.0.2+build2-0ubuntu0.14.04.1 firefox-globalmenu - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-uz - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ml - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mn - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-mk - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-eu - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-et - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-es - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-csb - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-el - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-eo - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-en - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-zu - 49.0.2+build2-0ubuntu0.14.04.1 firefox-locale-ast - 49.0.2+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5287 CVE-2016-5288 Ubuntu 14.04 LTS Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a machine-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284) Update Instructions: Run `sudo pro fix USN-3112-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:45.4.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:45.4.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:45.4.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:45.4.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5250 CVE-2016-5257 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Ubuntu 14.04 LTS It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1586) Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, spoof an application's URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5192, CVE-2016-5194) Update Instructions: Run `sudo pro fix USN-3113-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.18.3-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.18.3-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.18.3-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.18.3-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.18.3-0ubuntu0.14.04.1 oxideqmlscene - 1.18.3-0ubuntu0.14.04.1 oxideqt-codecs - 1.18.3-0ubuntu0.14.04.1 liboxideqtquick0 - 1.18.3-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.18.3-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-1586 CVE-2016-5181 CVE-2016-5182 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5192 CVE-2016-5194 Ubuntu 14.04 LTS Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update Instructions: Run `sudo pro fix USN-3114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.6 nginx-core - 1.4.6-1ubuntu3.6 nginx-common - 1.4.6-1ubuntu3.6 nginx-full - 1.4.6-1ubuntu3.6 nginx - 1.4.6-1ubuntu3.6 nginx-doc - 1.4.6-1ubuntu3.6 nginx-naxsi - 1.4.6-1ubuntu3.6 nginx-naxsi-ui - 1.4.6-1ubuntu3.6 nginx-light - 1.4.6-1ubuntu3.6 No subscription required Medium CVE-2016-1247 Ubuntu 14.04 LTS USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update Instructions: Run `sudo pro fix USN-3114-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.7 nginx-core - 1.4.6-1ubuntu3.7 nginx-common - 1.4.6-1ubuntu3.7 nginx-full - 1.4.6-1ubuntu3.7 nginx - 1.4.6-1ubuntu3.7 nginx-doc - 1.4.6-1ubuntu3.7 nginx-naxsi - 1.4.6-1ubuntu3.7 nginx-naxsi-ui - 1.4.6-1ubuntu3.7 nginx-light - 1.4.6-1ubuntu3.7 No subscription required None https://launchpad.net/bugs/1637058 Ubuntu 14.04 LTS Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. (CVE-2016-9013) Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. (CVE-2016-9014) Update Instructions: Run `sudo pro fix USN-3115-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.1-2ubuntu0.16 python-django - 1.6.1-2ubuntu0.16 No subscription required Medium CVE-2016-9013 CVE-2016-9014 Ubuntu 14.04 LTS It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0245) It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. (No CVE number) Update Instructions: Run `sudo pro fix USN-3116-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.4 dbus-x11 - 1.6.18-0ubuntu4.4 libdbus-1-3 - 1.6.18-0ubuntu4.4 libdbus-1-dev - 1.6.18-0ubuntu4.4 dbus-1-doc - 1.6.18-0ubuntu4.4 No subscription required Medium CVE-2015-0245 Ubuntu 14.04 LTS Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. (CVE-2016-6911) Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7568) Emmanuel Law discovered that the GD library incorrectly handled certain strings when creating images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-8670) Update Instructions: Run `sudo pro fix USN-3117-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.5 libgd2-xpm-dev - 2.1.0-3ubuntu0.5 libgd-tools - 2.1.0-3ubuntu0.5 libgd2-noxpm-dev - 2.1.0-3ubuntu0.5 libgd-dev - 2.1.0-3ubuntu0.5 No subscription required Medium CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Ubuntu 14.04 LTS It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123) Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. (CVE-2016-6893) Update Instructions: Run `sudo pro fix USN-3118-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.16-2ubuntu0.2 No subscription required Medium CVE-2016-6893 CVE-2016-7123 Ubuntu 14.04 LTS Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3119-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.10 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.10 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.10 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.10 bind9utils - 1:9.9.5.dfsg-3ubuntu0.10 libdns100 - 1:9.9.5.dfsg-3ubuntu0.10 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.10 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.10 host - 1:9.9.5.dfsg-3ubuntu0.10 lwresd - 1:9.9.5.dfsg-3ubuntu0.10 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.10 libisc95 - 1:9.9.5.dfsg-3ubuntu0.10 bind9 - 1:9.9.5.dfsg-3ubuntu0.10 bind9-host - 1:9.9.5.dfsg-3ubuntu0.10 No subscription required Medium CVE-2016-8864 Ubuntu 14.04 LTS Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3120-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.14-0ubuntu9.1 No subscription required High CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges. Update Instructions: Run `sudo pro fix USN-3122-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.132-0ubuntu0.14.04.2 libcuda1-304 - 304.132-0ubuntu0.14.04.2 nvidia-libopencl1-304-updates - 304.132-0ubuntu0.14.04.2 nvidia-304-updates - 304.132-0ubuntu0.14.04.2 nvidia-304 - 304.132-0ubuntu0.14.04.2 nvidia-current - 304.132-0ubuntu0.14.04.2 nvidia-304-updates-dev - 304.132-0ubuntu0.14.04.2 nvidia-304-dev - 304.132-0ubuntu0.14.04.2 libcuda1-304-updates - 304.132-0ubuntu0.14.04.2 nvidia-libopencl1-304 - 304.132-0ubuntu0.14.04.2 nvidia-opencl-icd-304-updates - 304.132-0ubuntu0.14.04.2 nvidia-opencl-icd-304 - 304.132-0ubuntu0.14.04.2 No subscription required nvidia-331 - 340.98-0ubuntu0.14.04.1 nvidia-opencl-icd-331 - 340.98-0ubuntu0.14.04.1 nvidia-libopencl1-331-updates - 340.98-0ubuntu0.14.04.1 libcuda1-340 - 340.98-0ubuntu0.14.04.1 nvidia-340-updates - 340.98-0ubuntu0.14.04.1 nvidia-331-updates - 340.98-0ubuntu0.14.04.1 nvidia-opencl-icd-340-updates - 340.98-0ubuntu0.14.04.1 nvidia-340-updates-dev - 340.98-0ubuntu0.14.04.1 nvidia-opencl-icd-331-updates - 340.98-0ubuntu0.14.04.1 nvidia-340-dev - 340.98-0ubuntu0.14.04.1 libcuda1-331-updates - 340.98-0ubuntu0.14.04.1 nvidia-libopencl1-331 - 340.98-0ubuntu0.14.04.1 nvidia-340 - 340.98-0ubuntu0.14.04.1 nvidia-opencl-icd-340 - 340.98-0ubuntu0.14.04.1 libcuda1-340-updates - 340.98-0ubuntu0.14.04.1 libcuda1-331 - 340.98-0ubuntu0.14.04.1 nvidia-331-updates-dev - 340.98-0ubuntu0.14.04.1 nvidia-331-dev - 340.98-0ubuntu0.14.04.1 nvidia-331-updates-uvm - 340.98-0ubuntu0.14.04.1 nvidia-libopencl1-340 - 340.98-0ubuntu0.14.04.1 nvidia-libopencl1-340-updates - 340.98-0ubuntu0.14.04.1 nvidia-340-uvm - 340.98-0ubuntu0.14.04.1 nvidia-331-uvm - 340.98-0ubuntu0.14.04.1 No subscription required nvidia-opencl-icd-352 - 367.57-0ubuntu0.14.04.1 nvidia-opencl-icd-352-updates - 367.57-0ubuntu0.14.04.1 libcuda1-367 - 367.57-0ubuntu0.14.04.1 nvidia-352-updates-dev - 367.57-0ubuntu0.14.04.1 nvidia-libopencl1-352 - 367.57-0ubuntu0.14.04.1 nvidia-367-dev - 367.57-0ubuntu0.14.04.1 nvidia-opencl-icd-367 - 367.57-0ubuntu0.14.04.1 nvidia-367 - 367.57-0ubuntu0.14.04.1 nvidia-352-dev - 367.57-0ubuntu0.14.04.1 libcuda1-352 - 367.57-0ubuntu0.14.04.1 nvidia-libopencl1-367 - 367.57-0ubuntu0.14.04.1 nvidia-352 - 367.57-0ubuntu0.14.04.1 nvidia-libopencl1-352-updates - 367.57-0ubuntu0.14.04.1 nvidia-352-updates - 367.57-0ubuntu0.14.04.1 libcuda1-352-updates - 367.57-0ubuntu0.14.04.1 No subscription required High CVE-2016-7382 CVE-2016-7389 Ubuntu 14.04 LTS It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and passwords. A remote attacker with knowledge of a case-insensitive version of the correct password could possibly use this issue to cause a connection to be reused. (CVE-2016-8616) It was discovered that curl incorrect handled memory when encoding to base64. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8617) It was discovered that curl incorrect handled memory when preparing formatted output. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8618) It was discovered that curl incorrect handled memory when performing Kerberos authentication. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8619) Luật Nguyễn discovered that curl incorrectly handled parsing globs. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8620) Luật Nguyễn discovered that curl incorrectly handled converting dates. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2016-8621) It was discovered that curl incorrectly handled URL percent-encoding decoding. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8622) It was discovered that curl incorrectly handled shared cookies. A remote server could possibly obtain incorrect cookies or other sensitive information. (CVE-2016-8623) Fernando Muñoz discovered that curl incorrect parsed certain URLs. A remote attacker could possibly use this issue to trick curl into connecting to a different host. (CVE-2016-8624) Update Instructions: Run `sudo pro fix USN-3123-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.10 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.10 libcurl4-openssl-dev - 7.35.0-1ubuntu2.10 libcurl3-gnutls - 7.35.0-1ubuntu2.10 libcurl3-udeb - 7.35.0-1ubuntu2.10 libcurl4-doc - 7.35.0-1ubuntu2.10 libcurl3-nss - 7.35.0-1ubuntu2.10 libcurl4-nss-dev - 7.35.0-1ubuntu2.10 libcurl3 - 7.35.0-1ubuntu2.10 curl - 7.35.0-1ubuntu2.10 No subscription required Medium CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 Ubuntu 14.04 LTS Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291) A crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5292) A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296) An error was discovered in argument length checking in Javascript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297) An integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063) It was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a machine-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064) A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066) 2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9067, CVE-2016-9069) A heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9068) It was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-9070) An issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071) An issue was discovered with the windows.create() WebExtensions API. If a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073) It was discovered that WebExtensions can use the mozAddonManager API. An attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075) It was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks. (CVE-2016-9076) It was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077) Update Instructions: Run `sudo pro fix USN-3124-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-nn - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-nb - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-fa - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-fi - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-fr - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-fy - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-or - 50.0+build2-0ubuntu0.14.04.2 firefox-testsuite - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-oc - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-cs - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ga - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-gd - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-gn - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-gl - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-gu - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-pa - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-pl - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-cy - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-pt - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-hi - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ms - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-he - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-hy - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-hr - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-hu - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-it - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-as - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ar - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-az - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-id - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-mai - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-af - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-is - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-vi - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-an - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-bs - 50.0+build2-0ubuntu0.14.04.2 firefox - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ro - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ja - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ru - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-br - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-zh-hant - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-zh-hans - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-bn - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-be - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-bg - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-sl - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-sk - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-si - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-sw - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-sv - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-sr - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-sq - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ko - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-kn - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-km - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-kk - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ka - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-xh - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ca - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ku - 50.0+build2-0ubuntu0.14.04.2 firefox-mozsymbols - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-lv - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-lt - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-th - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-hsb - 50.0+build2-0ubuntu0.14.04.2 firefox-dev - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-te - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-cak - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ta - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-lg - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-tr - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-nso - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-de - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-da - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-uk - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-mr - 50.0+build2-0ubuntu0.14.04.2 firefox-globalmenu - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-uz - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ml - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-mn - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-mk - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-eu - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-et - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-es - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-csb - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-el - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-eo - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-en - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-zu - 50.0+build2-0ubuntu0.14.04.2 firefox-locale-ast - 50.0+build2-0ubuntu0.14.04.2 No subscription required Medium CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 Ubuntu 14.04 LTS Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-5403) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6833, CVE-2016-6834, CVE-2016-6888) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6835) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host memory. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6836) Felix Wilhelm discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host files. (CVE-2016-7116) Li Qiang and Tom Victor discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7155) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7156, CVE-2016-7421) Tom Victor discovered that QEMU incorrectly handled LSI SAS1068 host bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7157) Hu Chaojian discovered that QEMU incorrectly handled xlnx.xps-ethernetlite emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-7161) Qinghao Tang and Li Qiang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7170) Qinghao Tang and Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7422) Li Qiang discovered that QEMU incorrectly handled LSI SAS1068 host bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7423) Li Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7466) Li Qiang discovered that QEMU incorrectly handled ColdFire Fast Ethernet Controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7908) Li Qiang discovered that QEMU incorrectly handled AMD PC-Net II emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7909) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7994) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7995) Li Qiang discovered that QEMU incorrectly handled USB xHCI controller support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8576) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8577, CVE-2016-8578) It was discovered that QEMU incorrectly handled Rocker switch emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8668) It was discovered that QEMU incorrectly handled Intel HDA controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-8909) Andrew Henderson discovered that QEMU incorrectly handled RTL8139 ethernet controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-8910) Li Qiang discovered that QEMU incorrectly handled Intel i8255x ethernet controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-9101) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-9102, CVE-2016-9104, CVE-2016-9105) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host memory. (CVE-2016-9103) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9106) Update Instructions: Run `sudo pro fix USN-3125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.30 qemu-user-static - 2.0.0+dfsg-2ubuntu1.30 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.30 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.30 qemu-kvm - 2.0.0+dfsg-2ubuntu1.30 qemu-user - 2.0.0+dfsg-2ubuntu1.30 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.30 qemu-system - 2.0.0+dfsg-2ubuntu1.30 qemu-utils - 2.0.0+dfsg-2ubuntu1.30 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.30 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.30 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.30 qemu-common - 2.0.0+dfsg-2ubuntu1.30 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.30 qemu - 2.0.0+dfsg-2ubuntu1.30 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.30 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.30 No subscription required Medium CVE-2016-5403 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8668 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Ubuntu 14.04 LTS It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service (system crash). (CVE-2014-9904) Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2015-3288) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042) Update Instructions: Run `sudo pro fix USN-3127-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-101-powerpc-e500 - 3.13.0-101.148 linux-image-3.13.0-101-powerpc-smp - 3.13.0-101.148 linux-image-3.13.0-101-powerpc-e500mc - 3.13.0-101.148 linux-image-3.13.0-101-generic-lpae - 3.13.0-101.148 linux-image-extra-3.13.0-101-generic - 3.13.0-101.148 linux-image-3.13.0-101-lowlatency - 3.13.0-101.148 linux-image-3.13.0-101-powerpc64-smp - 3.13.0-101.148 linux-image-3.13.0-101-powerpc64-emb - 3.13.0-101.148 linux-image-3.13.0-101-generic - 3.13.0-101.148 No subscription required Medium CVE-2014-9904 CVE-2015-3288 CVE-2016-3961 CVE-2016-7042 Ubuntu 14.04 LTS USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3128-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-47-powerpc64-emb - 4.4.0-47.68~14.04.1 linux-image-extra-4.4.0-47-generic - 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-lowlatency - 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-powerpc64-smp - 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-generic - 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-powerpc-smp - 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-generic-lpae - 4.4.0-47.68~14.04.1 linux-image-4.4.0-47-powerpc-e500mc - 4.4.0-47.68~14.04.1 No subscription required Medium CVE-2016-7042 Ubuntu 14.04 LTS It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597) Update Instructions: Run `sudo pro fix USN-3130-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-source - 7u121-2.6.8-1ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-jre-lib - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-jdk - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-jre-headless - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-jre - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-doc - 7u121-2.6.8-1ubuntu0.14.04.1 openjdk-7-demo - 7u121-2.6.8-1ubuntu0.14.04.1 No subscription required Medium CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3131-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.2 libmagickcore5 - 8:6.7.7.10-6ubuntu3.2 imagemagick - 8:6.7.7.10-6ubuntu3.2 imagemagick-doc - 8:6.7.7.10-6ubuntu3.2 libmagickwand5 - 8:6.7.7.10-6ubuntu3.2 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.2 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.2 libmagick++-dev - 8:6.7.7.10-6ubuntu3.2 libmagick++5 - 8:6.7.7.10-6ubuntu3.2 perlmagick - 8:6.7.7.10-6ubuntu3.2 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.2 No subscription required Medium CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 Ubuntu 14.04 LTS Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-3132-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.27.1-1ubuntu0.1 tar - 1.27.1-1ubuntu0.1 No subscription required Medium CVE-2016-6321 Ubuntu 14.04 LTS Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5198, CVE-2016-5200, CVE-2016-5202) A heap-corruption issue was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5199) Update Instructions: Run `sudo pro fix USN-3133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.18.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.18.5-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.18.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.18.5-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.18.5-0ubuntu0.14.04.1 oxideqmlscene - 1.18.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.18.5-0ubuntu0.14.04.1 liboxideqtquick0 - 1.18.5-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.18.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5202 Ubuntu 14.04 LTS It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699) Update Instructions: Run `sudo pro fix USN-3134-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.3 python2.7-doc - 2.7.6-8ubuntu0.3 libpython2.7-stdlib - 2.7.6-8ubuntu0.3 libpython2.7-minimal - 2.7.6-8ubuntu0.3 libpython2.7-testsuite - 2.7.6-8ubuntu0.3 python2.7 - 2.7.6-8ubuntu0.3 idle-python2.7 - 2.7.6-8ubuntu0.3 python2.7-examples - 2.7.6-8ubuntu0.3 libpython2.7 - 2.7.6-8ubuntu0.3 libpython2.7-dev - 2.7.6-8ubuntu0.3 python2.7-minimal - 2.7.6-8ubuntu0.3 No subscription required python3.4-examples - 3.4.3-1ubuntu1~14.04.5 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.5 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.5 python3.4-minimal - 3.4.3-1ubuntu1~14.04.5 python3.4-venv - 3.4.3-1ubuntu1~14.04.5 python3.4-doc - 3.4.3-1ubuntu1~14.04.5 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.5 python3.4-dev - 3.4.3-1ubuntu1~14.04.5 idle-python3.4 - 3.4.3-1ubuntu1~14.04.5 python3.4 - 3.4.3-1ubuntu1~14.04.5 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.5 libpython3.4 - 3.4.3-1ubuntu1~14.04.5 No subscription required Medium CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Ubuntu 14.04 LTS Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3135-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer0.10-plugins-good - 0.10.31-3+nmu1ubuntu5.1 gstreamer0.10-plugins-good-doc - 0.10.31-3+nmu1ubuntu5.1 gstreamer0.10-gconf - 0.10.31-3+nmu1ubuntu5.1 gstreamer0.10-pulseaudio - 0.10.31-3+nmu1ubuntu5.1 No subscription required gstreamer1.0-pulseaudio - 1.2.4-1~ubuntu1.1 gstreamer1.0-plugins-good-doc - 1.2.4-1~ubuntu1.1 libgstreamer-plugins-good1.0-dev - 1.2.4-1~ubuntu1.1 libgstreamer-plugins-good1.0-0 - 1.2.4-1~ubuntu1.1 gstreamer1.0-plugins-good - 1.2.4-1~ubuntu1.1 No subscription required None https://launchpad.net/bugs/1643901 Ubuntu 14.04 LTS USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory details: Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3135-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer0.10-plugins-good - 0.10.31-3+nmu1ubuntu5.2 gstreamer0.10-plugins-good-doc - 0.10.31-3+nmu1ubuntu5.2 gstreamer0.10-gconf - 0.10.31-3+nmu1ubuntu5.2 gstreamer0.10-pulseaudio - 0.10.31-3+nmu1ubuntu5.2 No subscription required gstreamer1.0-pulseaudio - 1.2.4-1~ubuntu1.3 gstreamer1.0-plugins-good-doc - 1.2.4-1~ubuntu1.3 libgstreamer-plugins-good1.0-dev - 1.2.4-1~ubuntu1.3 libgstreamer-plugins-good1.0-0 - 1.2.4-1~ubuntu1.3 gstreamer1.0-plugins-good - 1.2.4-1~ubuntu1.3 No subscription required None https://launchpad.net/bugs/1643901 Ubuntu 14.04 LTS Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container. Update Instructions: Run `sudo pro fix USN-3136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.8-0ubuntu0.4 liblxc1 - 1.0.8-0ubuntu0.4 lxc-templates - 1.0.8-0ubuntu0.4 python3-lxc - 1.0.8-0ubuntu0.4 lxc - 1.0.8-0ubuntu0.4 lxc-tests - 1.0.8-0ubuntu0.4 No subscription required Medium CVE-2016-8649 Ubuntu 14.04 LTS It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Update Instructions: Run `sudo pro fix USN-3137-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.7-1ubuntu2.1 No subscription required Medium CVE-2016-7146 CVE-2016-7148 CVE-2016-9119 Ubuntu 14.04 LTS Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges. Update Instructions: Run `sudo pro fix USN-3139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1 vim-gnome - 2:7.4.052-1ubuntu3.1 vim-lesstif - 2:7.4.052-1ubuntu3.1 vim-athena - 2:7.4.052-1ubuntu3.1 vim-gtk - 2:7.4.052-1ubuntu3.1 vim-gui-common - 2:7.4.052-1ubuntu3.1 vim - 2:7.4.052-1ubuntu3.1 vim-doc - 2:7.4.052-1ubuntu3.1 vim-tiny - 2:7.4.052-1ubuntu3.1 vim-runtime - 2:7.4.052-1ubuntu3.1 vim-nox - 2:7.4.052-1ubuntu3.1 No subscription required Medium CVE-2016-1248 Ubuntu 14.04 LTS It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079) Update Instructions: Run `sudo pro fix USN-3140-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 50.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 50.0.2+build1-0ubuntu0.14.04.1 firefox - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 50.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 50.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 50.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 50.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 50.0.2+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-9078 CVE-2016-9079 Ubuntu 14.04 LTS Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291) A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296) An error was discovered in argument length checking in Javascript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297) A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079) Update Instructions: Run `sudo pro fix USN-3141-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:45.5.1+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:45.5.1+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:45.5.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:45.5.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066 CVE-2016-9079 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3142-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.3 libmagickcore5 - 8:6.7.7.10-6ubuntu3.3 imagemagick - 8:6.7.7.10-6ubuntu3.3 imagemagick-doc - 8:6.7.7.10-6ubuntu3.3 libmagickwand5 - 8:6.7.7.10-6ubuntu3.3 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.3 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.3 libmagick++-dev - 8:6.7.7.10-6ubuntu3.3 libmagick++5 - 8:6.7.7.10-6ubuntu3.3 perlmagick - 8:6.7.7.10-6ubuntu3.3 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.3 No subscription required Medium CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556 Ubuntu 14.04 LTS USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3142-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.4 libmagickcore5 - 8:6.7.7.10-6ubuntu3.4 imagemagick - 8:6.7.7.10-6ubuntu3.4 imagemagick-doc - 8:6.7.7.10-6ubuntu3.4 libmagickwand5 - 8:6.7.7.10-6ubuntu3.4 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.4 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.4 libmagick++-dev - 8:6.7.7.10-6ubuntu3.4 libmagick++5 - 8:6.7.7.10-6ubuntu3.4 perlmagick - 8:6.7.7.10-6ubuntu3.4 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.4 No subscription required None https://launchpad.net/bugs/1589580 https://launchpad.net/bugs/1646485 Ubuntu 14.04 LTS Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3143-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.10.0-2ubuntu0.1 libc-ares-dev - 1.10.0-2ubuntu0.1 No subscription required Medium CVE-2016-5180 Ubuntu 14.04 LTS Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425) Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658) Update Instructions: Run `sudo pro fix USN-3145-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-103-powerpc-e500 - 3.13.0-103.150 linux-image-3.13.0-103-powerpc64-smp - 3.13.0-103.150 linux-image-3.13.0-103-lowlatency - 3.13.0-103.150 linux-image-3.13.0-103-powerpc-e500mc - 3.13.0-103.150 linux-image-3.13.0-103-powerpc-smp - 3.13.0-103.150 linux-image-3.13.0-103-generic - 3.13.0-103.150 linux-image-extra-3.13.0-103-generic - 3.13.0-103.150 linux-image-3.13.0-103-generic-lpae - 3.13.0-103.150 linux-image-3.13.0-103-powerpc64-emb - 3.13.0-103.150 No subscription required Medium CVE-2016-7425 CVE-2016-8658 Ubuntu 14.04 LTS USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425) Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658) Update Instructions: Run `sudo pro fix USN-3146-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-51-powerpc64-smp - 4.4.0-51.72~14.04.1 linux-image-4.4.0-51-lowlatency - 4.4.0-51.72~14.04.1 linux-image-4.4.0-51-generic - 4.4.0-51.72~14.04.1 linux-image-4.4.0-51-powerpc-e500mc - 4.4.0-51.72~14.04.1 linux-image-4.4.0-51-powerpc64-emb - 4.4.0-51.72~14.04.1 linux-image-4.4.0-51-powerpc-smp - 4.4.0-51.72~14.04.1 linux-image-extra-4.4.0-51-generic - 4.4.0-51.72~14.04.1 linux-image-4.4.0-51-generic-lpae - 4.4.0-51.72~14.04.1 No subscription required Medium CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 CVE-2016-9644 Ubuntu 14.04 LTS Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in Ghostscript related to information disclosure. If a user or automated system were tricked into opening a specially crafted file, an attacker could expose sensitive data. (CVE-2013-5653, CVE-2016-7977) Update Instructions: Run `sudo pro fix USN-3148-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.5 ghostscript-x - 9.10~dfsg-0ubuntu10.5 libgs-dev - 9.10~dfsg-0ubuntu10.5 ghostscript-doc - 9.10~dfsg-0ubuntu10.5 libgs9 - 9.10~dfsg-0ubuntu10.5 libgs9-common - 9.10~dfsg-0ubuntu10.5 No subscription required Medium CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 Ubuntu 14.04 LTS Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3149-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-105-powerpc64-smp - 3.13.0-105.152 linux-image-3.13.0-105-powerpc-e500mc - 3.13.0-105.152 linux-image-3.13.0-105-lowlatency - 3.13.0-105.152 linux-image-3.13.0-105-powerpc-e500 - 3.13.0-105.152 linux-image-3.13.0-105-powerpc-smp - 3.13.0-105.152 linux-image-3.13.0-105-generic-lpae - 3.13.0-105.152 linux-image-extra-3.13.0-105-generic - 3.13.0-105.152 linux-image-3.13.0-105-powerpc64-emb - 3.13.0-105.152 linux-image-3.13.0-105-generic - 3.13.0-105.152 No subscription required High CVE-2016-8655 Ubuntu 14.04 LTS USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3151-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-53-generic - 4.4.0-53.74~14.04.1 linux-image-4.4.0-53-generic-lpae - 4.4.0-53.74~14.04.1 linux-image-extra-4.4.0-53-generic - 4.4.0-53.74~14.04.1 linux-image-4.4.0-53-lowlatency - 4.4.0-53.74~14.04.1 linux-image-4.4.0-53-powerpc-smp - 4.4.0-53.74~14.04.1 linux-image-4.4.0-53-powerpc64-emb - 4.4.0-53.74~14.04.1 linux-image-4.4.0-53-powerpc64-smp - 4.4.0-53.74~14.04.1 linux-image-4.4.0-53-powerpc-e500mc - 4.4.0-53.74~14.04.1 No subscription required High CVE-2016-8655 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9652) Multiple vulnerabilities were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5213, CVE-2016-5219, CVE-2016-9651) An integer overflow was discovered in ANGLE. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5221) Update Instructions: Run `sudo pro fix USN-3153-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.19.4-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.19.4-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.19.4-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.19.4-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.19.4-0ubuntu0.14.04.1 oxideqmlscene - 1.19.4-0ubuntu0.14.04.1 oxideqt-codecs - 1.19.4-0ubuntu0.14.04.1 liboxideqtquick0 - 1.19.4-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.19.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5204 CVE-2016-5205 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5212 CVE-2016-5213 CVE-2016-5215 CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 Ubuntu 14.04 LTS Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904) Update Instructions: Run `sudo pro fix USN-3155-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 50.1.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-gn - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 50.1.0+build2-0ubuntu0.14.04.1 firefox - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 50.1.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 50.1.0+build2-0ubuntu0.14.04.1 firefox-dev - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-cak - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 50.1.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 50.1.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 50.1.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 Ubuntu 14.04 LTS Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. Update Instructions: Run `sudo pro fix USN-3156-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.17 apt-doc - 1.0.1ubuntu2.17 apt-transport-https - 1.0.1ubuntu2.17 libapt-pkg-doc - 1.0.1ubuntu2.17 apt - 1.0.1ubuntu2.17 apt-utils - 1.0.1ubuntu2.17 libapt-pkg-dev - 1.0.1ubuntu2.17 libapt-pkg4.12 - 1.0.1ubuntu2.17 No subscription required High CVE-2016-1252 Ubuntu 14.04 LTS Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949) Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. (CVE-2016-9950) Donncha O Cearbhaill discovered that Apport would offer to restart an application based on the contents of the RespawnCommand or ProcCmdline fields in a crash file. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. (CVE-2016-9951) Update Instructions: Run `sudo pro fix USN-3157-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.23 python3-problem-report - 2.14.1-0ubuntu3.23 apport-kde - 2.14.1-0ubuntu3.23 apport-retrace - 2.14.1-0ubuntu3.23 apport-valgrind - 2.14.1-0ubuntu3.23 python3-apport - 2.14.1-0ubuntu3.23 dh-apport - 2.14.1-0ubuntu3.23 apport-gtk - 2.14.1-0ubuntu3.23 apport - 2.14.1-0ubuntu3.23 python-problem-report - 2.14.1-0ubuntu3.23 apport-noui - 2.14.1-0ubuntu3.23 No subscription required Medium CVE-2016-9949 CVE-2016-9950 CVE-2016-9951 Ubuntu 14.04 LTS Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123) Simo Sorce discovered that that Samba clients always requested a forwardable ticket when using Kerberos authentication. An attacker could use this to impersonate an authenticated user or service. (CVE-2016-2125) Volker Lendecke discovered that Kerberos PAC validation implementation in Samba contained multiple vulnerabilities. An authenticated attacker could use this to cause a denial of service or gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2126) Update Instructions: Run `sudo pro fix USN-3158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.4 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.4 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.4 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.4 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.4 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.4 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.4 No subscription required High CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Ubuntu 14.04 LTS CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-7916) Update Instructions: Run `sudo pro fix USN-3160-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-106-powerpc64-emb - 3.13.0-106.153 linux-image-3.13.0-106-lowlatency - 3.13.0-106.153 linux-image-extra-3.13.0-106-generic - 3.13.0-106.153 linux-image-3.13.0-106-generic - 3.13.0-106.153 linux-image-3.13.0-106-generic-lpae - 3.13.0-106.153 linux-image-3.13.0-106-powerpc-e500mc - 3.13.0-106.153 linux-image-3.13.0-106-powerpc-e500 - 3.13.0-106.153 linux-image-3.13.0-106-powerpc-smp - 3.13.0-106.153 linux-image-3.13.0-106-powerpc64-smp - 3.13.0-106.153 No subscription required Medium CVE-2016-6213 CVE-2016-7916 Ubuntu 14.04 LTS USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645) Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) Update Instructions: Run `sudo pro fix USN-3161-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-57-powerpc64-emb - 4.4.0-57.78~14.04.1 linux-image-4.4.0-57-powerpc-e500mc - 4.4.0-57.78~14.04.1 linux-image-4.4.0-57-generic - 4.4.0-57.78~14.04.1 linux-image-4.4.0-57-powerpc64-smp - 4.4.0-57.78~14.04.1 linux-image-4.4.0-57-generic-lpae - 4.4.0-57.78~14.04.1 linux-image-extra-4.4.0-57-generic - 4.4.0-57.78~14.04.1 linux-image-4.4.0-57-lowlatency - 4.4.0-57.78~14.04.1 linux-image-4.4.0-57-powerpc-smp - 4.4.0-57.78~14.04.1 No subscription required Medium CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-3163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.26.2-0ubuntu0.14.04.3 libnss3-dev - 2:3.26.2-0ubuntu0.14.04.3 libnss3 - 2:3.26.2-0ubuntu0.14.04.3 libnss3-1d - 2:3.26.2-0ubuntu0.14.04.3 libnss3-tools - 2:3.26.2-0ubuntu0.14.04.3 No subscription required Medium CVE-2016-5285 CVE-2016-8635 CVE-2016-9074 Ubuntu 14.04 LTS Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files. Update Instructions: Run `sudo pro fix USN-3164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.82-3ubuntu2.2 eximon4 - 4.82-3ubuntu2.2 exim4 - 4.82-3ubuntu2.2 exim4-daemon-light - 4.82-3ubuntu2.2 exim4-config - 4.82-3ubuntu2.2 exim4-daemon-heavy - 4.82-3ubuntu2.2 exim4-base - 4.82-3ubuntu2.2 No subscription required Medium CVE-2016-9963 Ubuntu 14.04 LTS Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on <marquee> elements were executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-9895) A memory corruption issue was discovered in WebGL in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9897) A use-after-free was discovered when manipulating DOM subtrees in the Editor. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9898) A use-after-free was discovered when manipulating DOM events and audio elements. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9899) It was discovered that external resources that should be blocked when loading SVG images can bypass security restrictions using data: URLs. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-9900) Jann Horn discovered that JavaScript Map/Set were vulnerable to timing attacks. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information across domains. (CVE-2016-9904) A crash was discovered in EnumerateSubDocuments while adding or removing sub-documents. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-9905) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396) Update Instructions: Run `sudo pro fix USN-3165-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:45.7.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:45.7.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:45.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:45.7.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793) Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Baozeng Ding discovered a double free in the netlink_dump() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9806) Update Instructions: Run `sudo pro fix USN-3168-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-107-powerpc64-smp - 3.13.0-107.154 linux-image-extra-3.13.0-107-generic - 3.13.0-107.154 linux-image-3.13.0-107-powerpc64-emb - 3.13.0-107.154 linux-image-3.13.0-107-powerpc-smp - 3.13.0-107.154 linux-image-3.13.0-107-powerpc-e500mc - 3.13.0-107.154 linux-image-3.13.0-107-lowlatency - 3.13.0-107.154 linux-image-3.13.0-107-powerpc-e500 - 3.13.0-107.154 linux-image-3.13.0-107-generic-lpae - 3.13.0-107.154 linux-image-3.13.0-107-generic - 3.13.0-107.154 No subscription required Medium CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806 Ubuntu 14.04 LTS USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793) Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Update Instructions: Run `sudo pro fix USN-3169-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-59-powerpc64-smp - 4.4.0-59.80~14.04.1 linux-image-extra-4.4.0-59-generic - 4.4.0-59.80~14.04.1 linux-image-4.4.0-59-lowlatency - 4.4.0-59.80~14.04.1 linux-image-4.4.0-59-generic - 4.4.0-59.80~14.04.1 linux-image-4.4.0-59-powerpc-smp - 4.4.0-59.80~14.04.1 linux-image-4.4.0-59-powerpc64-emb - 4.4.0-59.80~14.04.1 linux-image-4.4.0-59-generic-lpae - 4.4.0-59.80~14.04.1 linux-image-4.4.0-59-powerpc-e500mc - 4.4.0-59.80~14.04.1 No subscription required Medium CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 Ubuntu 14.04 LTS Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942) Update Instructions: Run `sudo pro fix USN-3171-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linuxvnc - 0.9.9+dfsg-1ubuntu1.2 libvncserver0 - 0.9.9+dfsg-1ubuntu1.2 libvncserver-config - 0.9.9+dfsg-1ubuntu1.2 libvncserver-dev - 0.9.9+dfsg-1ubuntu1.2 No subscription required Medium CVE-2016-9941 CVE-2016-9942 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9147) It was discovered that Bind incorrectly handled certain malformed DS record responses. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9444) Update Instructions: Run `sudo pro fix USN-3172-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.11 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.11 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.11 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.11 bind9utils - 1:9.9.5.dfsg-3ubuntu0.11 libdns100 - 1:9.9.5.dfsg-3ubuntu0.11 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.11 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.11 host - 1:9.9.5.dfsg-3ubuntu0.11 lwresd - 1:9.9.5.dfsg-3ubuntu0.11 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.11 libisc95 - 1:9.9.5.dfsg-3ubuntu0.11 bind9 - 1:9.9.5.dfsg-3ubuntu0.11 bind9-host - 1:9.9.5.dfsg-3ubuntu0.11 No subscription required Medium CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3173-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.134-0ubuntu0.14.04.1 libcuda1-304 - 304.134-0ubuntu0.14.04.1 nvidia-libopencl1-304-updates - 304.134-0ubuntu0.14.04.1 nvidia-304-updates - 304.134-0ubuntu0.14.04.1 nvidia-304 - 304.134-0ubuntu0.14.04.1 nvidia-current - 304.134-0ubuntu0.14.04.1 nvidia-304-updates-dev - 304.134-0ubuntu0.14.04.1 nvidia-304-dev - 304.134-0ubuntu0.14.04.1 libcuda1-304-updates - 304.134-0ubuntu0.14.04.1 nvidia-libopencl1-304 - 304.134-0ubuntu0.14.04.1 nvidia-opencl-icd-304-updates - 304.134-0ubuntu0.14.04.1 nvidia-opencl-icd-304 - 304.134-0ubuntu0.14.04.1 No subscription required nvidia-331 - 340.101-0ubuntu0.14.04.1 nvidia-opencl-icd-331 - 340.101-0ubuntu0.14.04.1 nvidia-libopencl1-331-updates - 340.101-0ubuntu0.14.04.1 libcuda1-340 - 340.101-0ubuntu0.14.04.1 nvidia-340-updates - 340.101-0ubuntu0.14.04.1 nvidia-331-updates - 340.101-0ubuntu0.14.04.1 nvidia-opencl-icd-340-updates - 340.101-0ubuntu0.14.04.1 libcuda1-331-updates - 340.101-0ubuntu0.14.04.1 nvidia-opencl-icd-331-updates - 340.101-0ubuntu0.14.04.1 nvidia-340-dev - 340.101-0ubuntu0.14.04.1 nvidia-340-updates-dev - 340.101-0ubuntu0.14.04.1 nvidia-libopencl1-331 - 340.101-0ubuntu0.14.04.1 nvidia-340 - 340.101-0ubuntu0.14.04.1 nvidia-opencl-icd-340 - 340.101-0ubuntu0.14.04.1 libcuda1-340-updates - 340.101-0ubuntu0.14.04.1 libcuda1-331 - 340.101-0ubuntu0.14.04.1 nvidia-331-updates-dev - 340.101-0ubuntu0.14.04.1 nvidia-331-dev - 340.101-0ubuntu0.14.04.1 nvidia-331-updates-uvm - 340.101-0ubuntu0.14.04.1 nvidia-libopencl1-340 - 340.101-0ubuntu0.14.04.1 nvidia-libopencl1-340-updates - 340.101-0ubuntu0.14.04.1 nvidia-340-uvm - 340.101-0ubuntu0.14.04.1 nvidia-331-uvm - 340.101-0ubuntu0.14.04.1 No subscription required Low CVE-2016-8826 Ubuntu 14.04 LTS USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340. This update provides the corresponding update for nvidia-graphics-drivers-375. Original advisory details: It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3173-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-375-dev - 375.39-0ubuntu0.14.04.1 nvidia-libopencl1-375 - 375.39-0ubuntu0.14.04.1 nvidia-opencl-icd-367 - 375.39-0ubuntu0.14.04.1 nvidia-libopencl1-367 - 375.39-0ubuntu0.14.04.1 nvidia-367-dev - 375.39-0ubuntu0.14.04.1 nvidia-opencl-icd-375 - 375.39-0ubuntu0.14.04.1 libcuda1-367 - 375.39-0ubuntu0.14.04.1 libcuda1-375 - 375.39-0ubuntu0.14.04.1 nvidia-367 - 375.39-0ubuntu0.14.04.1 nvidia-375 - 375.39-0ubuntu0.14.04.1 No subscription required Low CVE-2016-8826 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html Update Instructions: Run `sudo pro fix USN-3174-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.54-0ubuntu0.14.04.1 mysql-client - 5.5.54-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.54-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.54-0ubuntu0.14.04.1 libmysqld-pic - 5.5.54-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.54-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.54-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.54-0ubuntu0.14.04.1 mysql-common - 5.5.54-0ubuntu0.14.04.1 mysql-server - 5.5.54-0ubuntu0.14.04.1 mysql-testsuite - 5.5.54-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.54-0ubuntu0.14.04.1 libmysqld-dev - 5.5.54-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.54-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3251 CVE-2017-3256 CVE-2017-3258 CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3319 CVE-2017-3320 Ubuntu 14.04 LTS Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the "export" function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396) Update Instructions: Run `sudo pro fix USN-3175-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kab - 51.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gn - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 51.0.1+build2-0ubuntu0.14.04.1 firefox - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 51.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 51.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cak - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 51.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 51.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 51.0.1+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5393 CVE-2017-5396 Ubuntu 14.04 LTS USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the "export" function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396) Update Instructions: Run `sudo pro fix USN-3175-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-nn - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-nb - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fa - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fi - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fr - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fy - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-or - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-kab - 51.0.1+build2-0ubuntu0.14.04.2 firefox-testsuite - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-oc - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-cs - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ga - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gd - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gn - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gl - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gu - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-pa - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-pl - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-cy - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-pt - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hi - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ms - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-he - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hy - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hr - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hu - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-it - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-as - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ar - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-az - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-id - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mai - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-af - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-is - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-vi - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-an - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-bs - 51.0.1+build2-0ubuntu0.14.04.2 firefox - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ro - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ja - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ru - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-br - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-zh-hant - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-zh-hans - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-bn - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-be - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-bg - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sl - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sk - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-si - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sw - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sv - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sr - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sq - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ko - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-kn - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-km - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-kk - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ka - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-xh - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ca - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ku - 51.0.1+build2-0ubuntu0.14.04.2 firefox-mozsymbols - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-lv - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-lt - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-th - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hsb - 51.0.1+build2-0ubuntu0.14.04.2 firefox-dev - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-te - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-cak - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ta - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-lg - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-tr - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-nso - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-de - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-da - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-uk - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mr - 51.0.1+build2-0ubuntu0.14.04.2 firefox-globalmenu - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-uz - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ml - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mn - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mk - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-eu - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-et - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-es - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-csb - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-el - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-eo - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-en - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-zu - 51.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ast - 51.0.1+build2-0ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1659922 Ubuntu 14.04 LTS Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges. Update Instructions: Run `sudo pro fix USN-3176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpcsclite-dev - 1.8.10-1ubuntu1.1 pcscd - 1.8.10-1ubuntu1.1 libpcsclite1 - 1.8.10-1ubuntu1.1 No subscription required Medium CVE-2016-10109 Ubuntu 14.04 LTS It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794) It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796) It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797) Regis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735) It was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775) Update Instructions: Run `sudo pro fix USN-3177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.8 libservlet3.0-java - 7.0.52-1ubuntu0.8 tomcat7-docs - 7.0.52-1ubuntu0.8 libservlet3.0-java-doc - 7.0.52-1ubuntu0.8 tomcat7 - 7.0.52-1ubuntu0.8 libtomcat7-java - 7.0.52-1ubuntu0.8 tomcat7-user - 7.0.52-1ubuntu0.8 tomcat7-admin - 7.0.52-1ubuntu0.8 tomcat7-examples - 7.0.52-1ubuntu0.8 No subscription required Medium CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2016-9774 CVE-2016-9775 Ubuntu 14.04 LTS USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794) It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796) It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797) Regis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735) It was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775) Update Instructions: Run `sudo pro fix USN-3177-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.9 libservlet3.0-java - 7.0.52-1ubuntu0.9 tomcat7-docs - 7.0.52-1ubuntu0.9 libservlet3.0-java-doc - 7.0.52-1ubuntu0.9 tomcat7 - 7.0.52-1ubuntu0.9 libtomcat7-java - 7.0.52-1ubuntu0.9 tomcat7-user - 7.0.52-1ubuntu0.9 tomcat7-admin - 7.0.52-1ubuntu0.9 tomcat7-examples - 7.0.52-1ubuntu0.9 No subscription required None https://launchpad.net/bugs/1659589 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026) Update Instructions: Run `sudo pro fix USN-3180-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.20.4-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.20.4-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.20.4-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.20.4-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.20.4-0ubuntu0.14.04.1 oxideqmlscene - 1.20.4-0ubuntu0.14.04.1 oxideqt-codecs - 1.20.4-0ubuntu0.14.04.1 liboxideqtquick0 - 1.20.4-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.20.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5014 CVE-2017-5017 CVE-2017-5019 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 Ubuntu 14.04 LTS Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert Święcki discovered that OpenSSL incorrectly handled certain truncated packets. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2017-3731) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732) Update Instructions: Run `sudo pro fix USN-3181-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.22 libssl-dev - 1.0.1f-1ubuntu2.22 openssl - 1.0.1f-1ubuntu2.22 libssl-doc - 1.0.1f-1ubuntu2.22 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.22 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.22 No subscription required Medium CVE-2016-2177 CVE-2016-7055 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 CVE-2017-3732 Ubuntu 14.04 LTS Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Update Instructions: Run `sudo pro fix USN-3183-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.6 gnutls26-doc - 2.12.23-12ubuntu2.6 libgnutls26 - 2.12.23-12ubuntu2.6 libgnutls-dev - 2.12.23-12ubuntu2.6 libgnutls-openssl27 - 2.12.23-12ubuntu2.6 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.6 No subscription required Medium CVE-2016-7444 CVE-2016-8610 CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 Ubuntu 14.04 LTS USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Update Instructions: Run `sudo pro fix USN-3183-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.7 gnutls26-doc - 2.12.23-12ubuntu2.7 libgnutls26 - 2.12.23-12ubuntu2.7 libgnutls-dev - 2.12.23-12ubuntu2.7 libgnutls-openssl27 - 2.12.23-12ubuntu2.7 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.7 No subscription required Low CVE-2016-8610 Ubuntu 14.04 LTS It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5193) It was discovered that Irssi incorrectly handled invalid nick messages. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5194) Joseph Bisch discovered that Irssi incorrectly handled certain incomplete control codes. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5195) Hanno Böck and Joseph Bisch discovered that Irssi incorrectly handled certain incomplete character sequences. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5196) Hanno Böck discovered that Irssi incorrectly handled certain format strings. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-5356) Update Instructions: Run `sudo pro fix USN-3184-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.15-5ubuntu3.1 irssi - 0.8.15-5ubuntu3.1 No subscription required Medium CVE-2016-7553 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 CVE-2017-5356 Ubuntu 14.04 LTS It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xpmutils - 1:3.5.10-1ubuntu0.1 libxpm-dev - 1:3.5.10-1ubuntu0.1 libxpm4 - 1:3.5.10-1ubuntu0.1 No subscription required Medium CVE-2016-10164 Ubuntu 14.04 LTS Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3188-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-108-powerpc64-smp - 3.13.0-108.155 linux-image-3.13.0-108-powerpc-e500 - 3.13.0-108.155 linux-image-extra-3.13.0-108-generic - 3.13.0-108.155 linux-image-3.13.0-108-generic-lpae - 3.13.0-108.155 linux-image-3.13.0-108-powerpc-smp - 3.13.0-108.155 linux-image-3.13.0-108-powerpc-e500mc - 3.13.0-108.155 linux-image-3.13.0-108-lowlatency - 3.13.0-108.155 linux-image-3.13.0-108-powerpc64-emb - 3.13.0-108.155 linux-image-3.13.0-108-generic - 3.13.0-108.155 No subscription required Medium CVE-2016-9555 Ubuntu 14.04 LTS USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-10147) Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. (CVE-2016-8399) Update Instructions: Run `sudo pro fix USN-3189-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-62-powerpc-e500mc - 4.4.0-62.83~14.04.1 linux-image-4.4.0-62-lowlatency - 4.4.0-62.83~14.04.1 linux-image-4.4.0-62-powerpc-smp - 4.4.0-62.83~14.04.1 linux-image-4.4.0-62-powerpc64-smp - 4.4.0-62.83~14.04.1 linux-image-4.4.0-62-powerpc64-emb - 4.4.0-62.83~14.04.1 linux-image-4.4.0-62-generic - 4.4.0-62.83~14.04.1 linux-image-extra-4.4.0-62-generic - 4.4.0-62.83~14.04.1 linux-image-4.4.0-62-generic-lpae - 4.4.0-62.83~14.04.1 No subscription required Medium CVE-2016-10147 CVE-2016-8399 Ubuntu 14.04 LTS Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. (CVE-2016-10002) Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003) Update Instructions: Run `sudo pro fix USN-3192-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.3.8-1ubuntu6.9 squid-cgi - 3.3.8-1ubuntu6.9 squid3-common - 3.3.8-1ubuntu6.9 squid-purge - 3.3.8-1ubuntu6.9 squidclient - 3.3.8-1ubuntu6.9 squid3 - 3.3.8-1ubuntu6.9 No subscription required Medium CVE-2016-10002 CVE-2016-10003 Ubuntu 14.04 LTS It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. Update Instructions: Run `sudo pro fix USN-3193-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nettle-bin - 2.7.1-1ubuntu0.2 libhogweed2 - 2.7.1-1ubuntu0.2 nettle-dev - 2.7.1-1ubuntu0.2 libnettle4 - 2.7.1-1ubuntu0.2 No subscription required Medium CVE-2016-6489 Ubuntu 14.04 LTS Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify object identifier (OID) length when reading Distinguished Encoding Rules (DER) records, as used in x.509 certificates and elsewhere. An attacker could use this to cause a denial of service (memory consumption). (CVE-2016-5547) It was discovered that covert timing channel vulnerabilities existed in the DSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272) It was discovered that a vulnerability existed in the class construction implementation in OpenJDK. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3289) Update Instructions: Run `sudo pro fix USN-3194-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-source - 7u121-2.6.8-1ubuntu0.14.04.3 icedtea-7-jre-jamvm - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jre-lib - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jdk - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jre-headless - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jre - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-doc - 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-demo - 7u121-2.6.8-1ubuntu0.14.04.3 No subscription required Medium CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) Update Instructions: Run `sudo pro fix USN-3196-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.21 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.21 php5-curl - 5.5.9+dfsg-1ubuntu4.21 php5-intl - 5.5.9+dfsg-1ubuntu4.21 php5-snmp - 5.5.9+dfsg-1ubuntu4.21 php5-mysql - 5.5.9+dfsg-1ubuntu4.21 php5-odbc - 5.5.9+dfsg-1ubuntu4.21 php5-xsl - 5.5.9+dfsg-1ubuntu4.21 php5-gd - 5.5.9+dfsg-1ubuntu4.21 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.21 php5-tidy - 5.5.9+dfsg-1ubuntu4.21 php5-dev - 5.5.9+dfsg-1ubuntu4.21 php5-pgsql - 5.5.9+dfsg-1ubuntu4.21 php5-enchant - 5.5.9+dfsg-1ubuntu4.21 php5-readline - 5.5.9+dfsg-1ubuntu4.21 php5-gmp - 5.5.9+dfsg-1ubuntu4.21 php5-fpm - 5.5.9+dfsg-1ubuntu4.21 php5-cgi - 5.5.9+dfsg-1ubuntu4.21 php5-sqlite - 5.5.9+dfsg-1ubuntu4.21 php5-ldap - 5.5.9+dfsg-1ubuntu4.21 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.21 php5 - 5.5.9+dfsg-1ubuntu4.21 php5-cli - 5.5.9+dfsg-1ubuntu4.21 php-pear - 5.5.9+dfsg-1ubuntu4.21 php5-sybase - 5.5.9+dfsg-1ubuntu4.21 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.21 php5-pspell - 5.5.9+dfsg-1ubuntu4.21 php5-common - 5.5.9+dfsg-1ubuntu4.21 libphp5-embed - 5.5.9+dfsg-1ubuntu4.21 No subscription required Medium CVE-2014-9912 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-7478 CVE-2016-7479 CVE-2016-9137 CVE-2016-9934 CVE-2016-9935 Ubuntu 14.04 LTS Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service (application crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3197-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgc-dev - 1:7.2d-5ubuntu2.1 libgc1c2 - 1:7.2d-5ubuntu2.1 No subscription required Medium CVE-2016-9427 Ubuntu 14.04 LTS It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter. Update Instructions: Run `sudo pro fix USN-3199-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-crypto-doc - 2.6.1-4ubuntu0.1 python3-crypto - 2.6.1-4ubuntu0.1 python-crypto - 2.6.1-4ubuntu0.1 No subscription required Medium CVE-2013-7459 Ubuntu 14.04 LTS USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. We apologize for the inconvenience. Original advisory details: It was discovered that the ALGnew function in block_template.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter. Update Instructions: Run `sudo pro fix USN-3199-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-crypto-doc - 2.6.1-4ubuntu0.2 python3-crypto - 2.6.1-4ubuntu0.2 python-crypto - 2.6.1-4ubuntu0.2 No subscription required Medium CVE-2013-7459 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3201-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.13 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.13 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.13 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.13 bind9utils - 1:9.9.5.dfsg-3ubuntu0.13 libdns100 - 1:9.9.5.dfsg-3ubuntu0.13 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.13 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.13 host - 1:9.9.5.dfsg-3ubuntu0.13 lwresd - 1:9.9.5.dfsg-3ubuntu0.13 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.13 libisc95 - 1:9.9.5.dfsg-3ubuntu0.13 bind9 - 1:9.9.5.dfsg-3ubuntu0.13 bind9-host - 1:9.9.5.dfsg-3ubuntu0.13 No subscription required Medium CVE-2017-3135 Ubuntu 14.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain client messages. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.4 libspice-server1 - 0.12.4-0nocelt2ubuntu1.4 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.4 No subscription required Medium CVE-2016-9577 CVE-2016-9578 Ubuntu 14.04 LTS It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3203-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgtk-vnc-2.0-dev - 0.5.3-0ubuntu2.1 gir1.2-gtk-vnc-2.0 - 0.5.3-0ubuntu2.1 libgtk-vnc-1.0-dev - 0.5.3-0ubuntu2.1 libgtk-vnc-1.0-0 - 0.5.3-0ubuntu2.1 gvncviewer - 0.5.3-0ubuntu2.1 libgvnc-1.0-0 - 0.5.3-0ubuntu2.1 libgtk-vnc-2.0-0 - 0.5.3-0ubuntu2.1 libgvnc-1.0-dev - 0.5.3-0ubuntu2.1 python-gtk-vnc - 0.5.3-0ubuntu2.1 No subscription required Medium CVE-2017-5884 CVE-2017-5885 Ubuntu 14.04 LTS It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3204-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.10 libservlet3.0-java - 7.0.52-1ubuntu0.10 tomcat7-docs - 7.0.52-1ubuntu0.10 libservlet3.0-java-doc - 7.0.52-1ubuntu0.10 tomcat7 - 7.0.52-1ubuntu0.10 libtomcat7-java - 7.0.52-1ubuntu0.10 tomcat7-user - 7.0.52-1ubuntu0.10 tomcat7-admin - 7.0.52-1ubuntu0.10 tomcat7-examples - 7.0.52-1ubuntu0.10 No subscription required Medium CVE-2017-6056 Ubuntu 14.04 LTS It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile. Update Instructions: Run `sudo pro fix USN-3205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.0-1ubuntu1~ubuntu14.04.1 No subscription required Medium CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Ubuntu 14.04 LTS It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074) Update Instructions: Run `sudo pro fix USN-3207-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-110-powerpc-e500 - 3.13.0-110.157 linux-image-3.13.0-110-powerpc64-smp - 3.13.0-110.157 linux-image-3.13.0-110-generic - 3.13.0-110.157 linux-image-3.13.0-110-lowlatency - 3.13.0-110.157 linux-image-3.13.0-110-powerpc-e500mc - 3.13.0-110.157 linux-image-3.13.0-110-powerpc-smp - 3.13.0-110.157 linux-image-extra-3.13.0-110-generic - 3.13.0-110.157 linux-image-3.13.0-110-generic-lpae - 3.13.0-110.157 linux-image-3.13.0-110-powerpc64-emb - 3.13.0-110.157 No subscription required High CVE-2016-7910 CVE-2016-7911 CVE-2017-6074 Ubuntu 14.04 LTS USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074) Update Instructions: Run `sudo pro fix USN-3208-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-64-powerpc64-emb - 4.4.0-64.85~14.04.1 linux-image-4.4.0-64-powerpc64-smp - 4.4.0-64.85~14.04.1 linux-image-4.4.0-64-generic - 4.4.0-64.85~14.04.1 linux-image-4.4.0-64-powerpc-e500mc - 4.4.0-64.85~14.04.1 linux-image-4.4.0-64-lowlatency - 4.4.0-64.85~14.04.1 linux-image-4.4.0-64-powerpc-smp - 4.4.0-64.85~14.04.1 linux-image-4.4.0-64-generic-lpae - 4.4.0-64.85~14.04.1 linux-image-extra-4.4.0-64-generic - 4.4.0-64.85~14.04.1 No subscription required High CVE-2016-10088 CVE-2016-9191 CVE-2016-9588 CVE-2017-2583 CVE-2017-2584 CVE-2017-5549 CVE-2017-6074 Ubuntu 14.04 LTS Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links. Update Instructions: Run `sudo pro fix USN-3210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu5 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu5 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu5 libreoffice-impress - 1:4.2.8-0ubuntu5 libreoffice-officebean - 1:4.2.8-0ubuntu5 libreoffice-base - 1:4.2.8-0ubuntu5 libreoffice-librelogo - 1:4.2.8-0ubuntu5 libreoffice-java-common - 1:4.2.8-0ubuntu5 browser-plugin-libreoffice - 1:4.2.8-0ubuntu5 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu5 libreoffice-style-tango - 1:4.2.8-0ubuntu5 libreoffice-style-crystal - 1:4.2.8-0ubuntu5 libreoffice-kde - 1:4.2.8-0ubuntu5 libreoffice-l10n-ku - 1:4.2.8-0ubuntu5 libreoffice-style-galaxy - 1:4.2.8-0ubuntu5 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu5 libreoffice-core - 1:4.2.8-0ubuntu5 libreoffice-presenter-console - 1:4.2.8-0ubuntu5 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu5 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu5 libreoffice-script-provider-python - 1:4.2.8-0ubuntu5 libreoffice-common - 1:4.2.8-0ubuntu5 libreoffice-gnome - 1:4.2.8-0ubuntu5 libreoffice-dev - 1:4.2.8-0ubuntu5 libreoffice-gtk3 - 1:4.2.8-0ubuntu5 libreoffice-report-builder - 1:4.2.8-0ubuntu5 libreoffice-pdfimport - 1:4.2.8-0ubuntu5 libreoffice-base-core - 1:4.2.8-0ubuntu5 libreoffice-ogltrans - 1:4.2.8-0ubuntu5 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu5 libreoffice-gtk - 1:4.2.8-0ubuntu5 libreoffice-calc - 1:4.2.8-0ubuntu5 libreoffice-base-drivers - 1:4.2.8-0ubuntu5 libreoffice-style-oxygen - 1:4.2.8-0ubuntu5 libreoffice-emailmerge - 1:4.2.8-0ubuntu5 libreoffice-style-human - 1:4.2.8-0ubuntu5 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu5 python3-uno - 1:4.2.8-0ubuntu5 libreoffice-math - 1:4.2.8-0ubuntu5 libreoffice-writer - 1:4.2.8-0ubuntu5 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu5 libreoffice-script-provider-js - 1:4.2.8-0ubuntu5 libreoffice - 1:4.2.8-0ubuntu5 libreoffice-draw - 1:4.2.8-0ubuntu5 libreoffice-style-sifr - 1:4.2.8-0ubuntu5 libreoffice-dev-doc - 1:4.2.8-0ubuntu5 libreoffice-l10n-in - 1:4.2.8-0ubuntu5 libreoffice-l10n-za - 1:4.2.8-0ubuntu5 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu5 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu5 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu5 No subscription required uno-libs3 - 4.2.8-0ubuntu5 ure - 4.2.8-0ubuntu5 No subscription required Medium CVE-2017-3157 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3212-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.6 libtiffxx5 - 4.0.3-7ubuntu0.6 libtiff5-dev - 4.0.3-7ubuntu0.6 libtiff4-dev - 4.0.3-7ubuntu0.6 libtiff5-alt-dev - 4.0.3-7ubuntu0.6 libtiff5 - 4.0.3-7ubuntu0.6 libtiff-tools - 4.0.3-7ubuntu0.6 libtiff-doc - 4.0.3-7ubuntu0.6 No subscription required Medium CVE-2015-7554 CVE-2015-8668 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3632 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-6223 CVE-2016-8331 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540 CVE-2017-5225 Ubuntu 14.04 LTS USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3212-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.7 libtiffxx5 - 4.0.3-7ubuntu0.7 libtiff5-dev - 4.0.3-7ubuntu0.7 libtiff4-dev - 4.0.3-7ubuntu0.7 libtiff5-alt-dev - 4.0.3-7ubuntu0.7 libtiff5 - 4.0.3-7ubuntu0.7 libtiff-tools - 4.0.3-7ubuntu0.7 libtiff-doc - 4.0.3-7ubuntu0.7 No subscription required None https://launchpad.net/bugs/1670036 Ubuntu 14.04 LTS Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166) It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service. (CVE-2016-10167) It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10168) Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6906) Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6912) It was discovered that the GD library incorrectly handled creating oversized images. If a user or automated system were tricked into creating a specially crafted image, an attacker could cause a denial of service. (CVE-2016-9317) It was discovered that the GD library incorrectly handled filling certain images. If a user or automated system were tricked into filling an image, an attacker could cause a denial of service. (CVE-2016-9933) Update Instructions: Run `sudo pro fix USN-3213-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.6 libgd2-xpm-dev - 2.1.0-3ubuntu0.6 libgd-tools - 2.1.0-3ubuntu0.6 libgd2-noxpm-dev - 2.1.0-3ubuntu0.6 libgd-dev - 2.1.0-3ubuntu0.6 No subscription required Medium CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 CVE-2016-9933 Ubuntu 14.04 LTS A large number of security issues were discovered in the w3m browser. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3214-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m-img - 0.5.3-15ubuntu0.1 w3m - 0.5.3-15ubuntu0.1 No subscription required Medium CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425 CVE-2016-9426 CVE-2016-9428 CVE-2016-9429 CVE-2016-9430 CVE-2016-9431 CVE-2016-9432 CVE-2016-9433 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 Ubuntu 14.04 LTS It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user. Update Instructions: Run `sudo pro fix USN-3215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: munin-node - 2.0.19-3ubuntu0.2 munin - 2.0.19-3ubuntu0.2 munin-doc - 2.0.19-3ubuntu0.2 munin-plugins-core - 2.0.19-3ubuntu0.2 munin-async - 2.0.19-3ubuntu0.2 munin-plugins-extra - 2.0.19-3ubuntu0.2 munin-plugins-java - 2.0.19-3ubuntu0.2 munin-common - 2.0.19-3ubuntu0.2 No subscription required Medium CVE-2017-6188 Ubuntu 14.04 LTS USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. Original advisory details: It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user. Update Instructions: Run `sudo pro fix USN-3215-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: munin-node - 2.0.19-3ubuntu0.3 munin - 2.0.19-3ubuntu0.3 munin-doc - 2.0.19-3ubuntu0.3 munin-plugins-core - 2.0.19-3ubuntu0.3 munin-async - 2.0.19-3ubuntu0.3 munin-plugins-extra - 2.0.19-3ubuntu0.3 munin-plugins-java - 2.0.19-3ubuntu0.3 munin-common - 2.0.19-3ubuntu0.3 No subscription required None https://launchpad.net/bugs/1669764 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427) Update Instructions: Run `sudo pro fix USN-3216-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-kab - 52.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-gn - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 52.0+build2-0ubuntu0.14.04.1 firefox - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 52.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 52.0+build2-0ubuntu0.14.04.1 firefox-dev - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-cak - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 52.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 52.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 52.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 Ubuntu 14.04 LTS USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427) Update Instructions: Run `sudo pro fix USN-3216-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kab - 52.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 52.0.2+build1-0ubuntu0.14.04.1 firefox - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 52.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 52.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 52.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 52.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 52.0.2+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1671079 Ubuntu 14.04 LTS Frederic Bardy and Quentin Biguenet discovered that network-manager-applet incorrectly checked permissions when connecting to certain wireless networks. A local attacker could use this issue at the login screen to access local files. Update Instructions: Run `sudo pro fix USN-3217-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-nmgtk-1.0 - 0.9.8.8-0ubuntu4.5 libnm-gtk-dev - 0.9.8.8-0ubuntu4.5 libnm-gtk-common - 0.9.8.8-0ubuntu4.5 network-manager-gnome - 0.9.8.8-0ubuntu4.5 libnm-gtk0 - 0.9.8.8-0ubuntu4.5 No subscription required None https://launchpad.net/bugs/1668321 Ubuntu 14.04 LTS Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3219-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-112-powerpc-e500 - 3.13.0-112.159 linux-image-3.13.0-112-powerpc-smp - 3.13.0-112.159 linux-image-3.13.0-112-powerpc-e500mc - 3.13.0-112.159 linux-image-3.13.0-112-powerpc64-smp - 3.13.0-112.159 linux-image-3.13.0-112-generic-lpae - 3.13.0-112.159 linux-image-extra-3.13.0-112-generic - 3.13.0-112.159 linux-image-3.13.0-112-lowlatency - 3.13.0-112.159 linux-image-3.13.0-112-powerpc64-emb - 3.13.0-112.159 linux-image-3.13.0-112-generic - 3.13.0-112.159 No subscription required High CVE-2017-2636 Ubuntu 14.04 LTS USN-3220-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3220-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-66-generic - 4.4.0-66.87~14.04.1 linux-image-4.4.0-66-powerpc64-emb - 4.4.0-66.87~14.04.1 linux-image-extra-4.4.0-66-generic - 4.4.0-66.87~14.04.1 linux-image-4.4.0-66-powerpc64-smp - 4.4.0-66.87~14.04.1 linux-image-4.4.0-66-generic-lpae - 4.4.0-66.87~14.04.1 linux-image-4.4.0-66-lowlatency - 4.4.0-66.87~14.04.1 linux-image-4.4.0-66-powerpc-smp - 4.4.0-66.87~14.04.1 linux-image-4.4.0-66-powerpc-e500mc - 4.4.0-66.87~14.04.1 No subscription required High CVE-2017-2636 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3222-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.5 libmagickcore5 - 8:6.7.7.10-6ubuntu3.5 imagemagick - 8:6.7.7.10-6ubuntu3.5 imagemagick-doc - 8:6.7.7.10-6ubuntu3.5 libmagickwand5 - 8:6.7.7.10-6ubuntu3.5 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.5 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.5 libmagick++-dev - 8:6.7.7.10-6ubuntu3.5 libmagick++5 - 8:6.7.7.10-6ubuntu3.5 perlmagick - 8:6.7.7.10-6ubuntu3.5 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.5 No subscription required Medium CVE-2016-10062 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-8707 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Ubuntu 14.04 LTS Itzik Kotler, Yonatan Fridburg, and Amit Klein discovered that KDE-Libs incorrectly handled certain PAC files. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-3223-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libknewstuff3-4 - 4:4.13.3-0ubuntu0.4 libktexteditor4 - 4:4.13.3-0ubuntu0.4 libkde3support4 - 4:4.13.3-0ubuntu0.4 libkutils4 - 4:4.13.3-0ubuntu0.4 libkdeui5 - 4:4.13.3-0ubuntu0.4 libnepomukutils4 - 4:4.13.3-0ubuntu0.4 libkprintutils4 - 4:4.13.3-0ubuntu0.4 kdelibs5-data - 4:4.13.3-0ubuntu0.4 kdelibs-bin - 4:4.13.3-0ubuntu0.4 libsolid4 - 4:4.13.3-0ubuntu0.4 libkdeclarative5 - 4:4.13.3-0ubuntu0.4 libknotifyconfig4 - 4:4.13.3-0ubuntu0.4 kdelibs5-plugins - 4:4.13.3-0ubuntu0.4 libkdnssd4 - 4:4.13.3-0ubuntu0.4 libkhtml5 - 4:4.13.3-0ubuntu0.4 libkemoticons4 - 4:4.13.3-0ubuntu0.4 libkunitconversion4 - 4:4.13.3-0ubuntu0.4 libkidletime4 - 4:4.13.3-0ubuntu0.4 libkmediaplayer4 - 4:4.13.3-0ubuntu0.4 libplasma3 - 4:4.13.3-0ubuntu0.4 libkdecore5 - 4:4.13.3-0ubuntu0.4 libkntlm4 - 4:4.13.3-0ubuntu0.4 libnepomuk4 - 4:4.13.3-0ubuntu0.4 libkpty4 - 4:4.13.3-0ubuntu0.4 libkparts4 - 4:4.13.3-0ubuntu0.4 libkdewebkit5 - 4:4.13.3-0ubuntu0.4 libnepomukquery4a - 4:4.13.3-0ubuntu0.4 libkrosscore4 - 4:4.13.3-0ubuntu0.4 libkfile4 - 4:4.13.3-0ubuntu0.4 kdelibs5-dev - 4:4.13.3-0ubuntu0.4 libkio5 - 4:4.13.3-0ubuntu0.4 libkcmutils4 - 4:4.13.3-0ubuntu0.4 libknewstuff2-4 - 4:4.13.3-0ubuntu0.4 libkdesu5 - 4:4.13.3-0ubuntu0.4 libkrossui4 - 4:4.13.3-0ubuntu0.4 libkimproxy4 - 4:4.13.3-0ubuntu0.4 libthreadweaver4 - 4:4.13.3-0ubuntu0.4 libkjsembed4 - 4:4.13.3-0ubuntu0.4 kdoctools - 4:4.13.3-0ubuntu0.4 libkjsapi4 - 4:4.13.3-0ubuntu0.4 No subscription required Medium CVE-2017-6410 Ubuntu 14.04 LTS Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issue to create virtual network interfaces in network namespaces that they do not own. Update Instructions: Run `sudo pro fix USN-3224-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.9-0ubuntu3 liblxc1 - 1.0.9-0ubuntu3 lxc-templates - 1.0.9-0ubuntu3 python3-lxc - 1.0.9-0ubuntu3 lxc - 1.0.9-0ubuntu3 lxc-tests - 1.0.9-0ubuntu3 No subscription required Medium CVE-2017-5985 Ubuntu 14.04 LTS It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6250) Alexander Cherepanov discovered that libarchive incorrectly handled recursive decompressions. A remote attacker could possibly use this issue to cause libarchive to hang, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7166) It was discovered that libarchive incorrectly handled non-printable multibyte characters in filenames. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8687) It was discovered that libarchive incorrectly handled line sizes when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8688) It was discovered that libarchive incorrectly handled multiple EmptyStream attributes when extracting certain 7zip archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8689) Jakub Jirasek discovered that libarchive incorrectly handled memory when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2017-5601) Update Instructions: Run `sudo pro fix USN-3225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.4 libarchive13 - 3.1.2-7ubuntu2.4 bsdtar - 3.1.2-7ubuntu2.4 libarchive-dev - 3.1.2-7ubuntu2.4 No subscription required Medium CVE-2016-5418 CVE-2016-6250 CVE-2016-7166 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2017-5601 Ubuntu 14.04 LTS It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3227-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.5 libicu52 - 52.1-3ubuntu0.5 libicu-dev - 52.1-3ubuntu0.5 icu-doc - 52.1-3ubuntu0.5 No subscription required Medium CVE-2014-9911 CVE-2015-4844 CVE-2016-0494 CVE-2016-6293 CVE-2016-7415 Ubuntu 14.04 LTS Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3228-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libevent-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.2 libevent-extra-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.2 libevent-pthreads-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.2 libevent-core-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.2 libevent-dev - 2.0.21-stable-1ubuntu1.14.04.2 libevent-openssl-2.0-5 - 2.0.21-stable-1ubuntu1.14.04.2 No subscription required Medium CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Ubuntu 14.04 LTS It was discovered that Pillow incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-9189) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9190) Update Instructions: Run `sudo pro fix USN-3230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-imaging-tk - 2.3.0-1ubuntu3.4 python3-pil.imagetk - 2.3.0-1ubuntu3.4 python-imaging-compat - 2.3.0-1ubuntu3.4 python3-sane - 2.3.0-1ubuntu3.4 python-imaging-doc - 2.3.0-1ubuntu3.4 python-pil-doc - 2.3.0-1ubuntu3.4 python3-pil - 2.3.0-1ubuntu3.4 python-sane - 2.3.0-1ubuntu3.4 python-pil.imagetk - 2.3.0-1ubuntu3.4 python3-imaging - 2.3.0-1ubuntu3.4 python-imaging - 2.3.0-1ubuntu3.4 python-pil - 2.3.0-1ubuntu3.4 python-imaging-tk - 2.3.0-1ubuntu3.4 python-imaging-sane - 2.3.0-1ubuntu3.4 python3-imaging-sane - 2.3.0-1ubuntu3.4 No subscription required Medium CVE-2014-9601 CVE-2016-9189 CVE-2016-9190 Ubuntu 14.04 LTS Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpurple-dev - 1:2.10.9-0ubuntu3.4 pidgin - 1:2.10.9-0ubuntu3.4 pidgin-data - 1:2.10.9-0ubuntu3.4 finch-dev - 1:2.10.9-0ubuntu3.4 pidgin-dev - 1:2.10.9-0ubuntu3.4 libpurple-bin - 1:2.10.9-0ubuntu3.4 finch - 1:2.10.9-0ubuntu3.4 libpurple0 - 1:2.10.9-0ubuntu3.4 No subscription required Medium CVE-2017-2640 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.6 libmagickcore5 - 8:6.7.7.10-6ubuntu3.6 imagemagick - 8:6.7.7.10-6ubuntu3.6 imagemagick-doc - 8:6.7.7.10-6ubuntu3.6 libmagickwand5 - 8:6.7.7.10-6ubuntu3.6 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.6 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.6 libmagick++-dev - 8:6.7.7.10-6ubuntu3.6 libmagick++5 - 8:6.7.7.10-6ubuntu3.6 perlmagick - 8:6.7.7.10-6ubuntu3.6 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.6 No subscription required Medium CVE-2017-6498 CVE-2017-6499 CVE-2017-6500 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410) Update Instructions: Run `sudo pro fix USN-3233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:45.8.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:45.8.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:45.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:45.8.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Ubuntu 14.04 LTS USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551) Update Instructions: Run `sudo pro fix USN-3234-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-67-lowlatency - 4.4.0-67.88~14.04.1 linux-image-4.4.0-67-generic-lpae - 4.4.0-67.88~14.04.1 linux-image-4.4.0-67-powerpc64-emb - 4.4.0-67.88~14.04.1 linux-image-4.4.0-67-powerpc64-smp - 4.4.0-67.88~14.04.1 linux-image-4.4.0-67-generic - 4.4.0-67.88~14.04.1 linux-image-4.4.0-67-powerpc-e500mc - 4.4.0-67.88~14.04.1 linux-image-extra-4.4.0-67-generic - 4.4.0-67.88~14.04.1 linux-image-4.4.0-67-powerpc-smp - 4.4.0-67.88~14.04.1 No subscription required Medium CVE-2016-10208 CVE-2017-5551 Ubuntu 14.04 LTS It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4658) Nick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5131) Update Instructions: Run `sudo pro fix USN-3235-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.9 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.9 libxml2 - 2.9.1+dfsg1-3ubuntu4.9 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.9 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.9 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.9 No subscription required Medium CVE-2016-4448 CVE-2016-4658 CVE-2016-5131 Ubuntu 14.04 LTS Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033, CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046) Update Instructions: Run `sudo pro fix USN-3236-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.21.5-0ubuntu0.14.04.1 liboxideqt-qmlplugin - 1.21.5-0ubuntu0.14.04.1 liboxideqtquick-dev - 1.21.5-0ubuntu0.14.04.1 oxideqt-codecs-extra - 1.21.5-0ubuntu0.14.04.1 liboxideqtcore-dev - 1.21.5-0ubuntu0.14.04.1 oxideqmlscene - 1.21.5-0ubuntu0.14.04.1 oxideqt-codecs - 1.21.5-0ubuntu0.14.04.1 liboxideqtquick0 - 1.21.5-0ubuntu0.14.04.1 oxideqt-chromedriver - 1.21.5-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5033 CVE-2017-5035 CVE-2017-5037 CVE-2017-5040 CVE-2017-5041 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 Ubuntu 14.04 LTS It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.6 libfreetype6-udeb - 2.5.2-1ubuntu2.6 freetype2-demos - 2.5.2-1ubuntu2.6 libfreetype6 - 2.5.2-1ubuntu2.6 No subscription required Medium CVE-2016-10244 Ubuntu 14.04 LTS An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code. (CVE-2017-5428) Update Instructions: Run `sudo pro fix USN-3238-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kab - 52.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gn - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 52.0.1+build2-0ubuntu0.14.04.1 firefox - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 52.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 52.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cak - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 52.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 52.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 52.0.1+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5428 Ubuntu 14.04 LTS It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323) Update Instructions: Run `sudo pro fix USN-3239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.10 libnss-dns-udeb - 2.19-0ubuntu6.10 libc6-ppc64 - 2.19-0ubuntu6.10 libc-bin - 2.19-0ubuntu6.10 libc6-x32 - 2.19-0ubuntu6.10 libc6-armel - 2.19-0ubuntu6.10 eglibc-source - 2.19-0ubuntu6.10 libc6-pic - 2.19-0ubuntu6.10 libc6-dev-ppc64 - 2.19-0ubuntu6.10 libc6-dev-armel - 2.19-0ubuntu6.10 libnss-files-udeb - 2.19-0ubuntu6.10 glibc-doc - 2.19-0ubuntu6.10 nscd - 2.19-0ubuntu6.10 multiarch-support - 2.19-0ubuntu6.10 libc6-dev - 2.19-0ubuntu6.10 libc6-amd64 - 2.19-0ubuntu6.10 libc6-dev-amd64 - 2.19-0ubuntu6.10 libc6 - 2.19-0ubuntu6.10 libc6-dev-x32 - 2.19-0ubuntu6.10 libc6-udeb - 2.19-0ubuntu6.10 libc6-dev-i386 - 2.19-0ubuntu6.10 libc-dev-bin - 2.19-0ubuntu6.10 libc6-prof - 2.19-0ubuntu6.10 No subscription required Medium CVE-2015-5180 CVE-2015-8982 CVE-2015-8983 CVE-2015-8984 CVE-2016-1234 CVE-2016-3706 CVE-2016-4429 CVE-2016-5417 CVE-2016-6323 Ubuntu 14.04 LTS USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again. Original advisory details: It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323) Update Instructions: Run `sudo pro fix USN-3239-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.11 libnss-dns-udeb - 2.19-0ubuntu6.11 libc6-ppc64 - 2.19-0ubuntu6.11 libc-bin - 2.19-0ubuntu6.11 libc6-x32 - 2.19-0ubuntu6.11 libc6-armel - 2.19-0ubuntu6.11 eglibc-source - 2.19-0ubuntu6.11 libc6-pic - 2.19-0ubuntu6.11 libc6-dev-ppc64 - 2.19-0ubuntu6.11 libc6-dev-armel - 2.19-0ubuntu6.11 libnss-files-udeb - 2.19-0ubuntu6.11 glibc-doc - 2.19-0ubuntu6.11 nscd - 2.19-0ubuntu6.11 multiarch-support - 2.19-0ubuntu6.11 libc6-dev - 2.19-0ubuntu6.11 libc6-amd64 - 2.19-0ubuntu6.11 libc6-dev-amd64 - 2.19-0ubuntu6.11 libc6 - 2.19-0ubuntu6.11 libc6-dev-x32 - 2.19-0ubuntu6.11 libc6-udeb - 2.19-0ubuntu6.11 libc6-dev-i386 - 2.19-0ubuntu6.11 libc-dev-bin - 2.19-0ubuntu6.11 libc6-prof - 2.19-0ubuntu6.11 No subscription required None https://bugs.launchpad.net/bugs/1674532 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3240-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.135-0ubuntu0.14.04.1 libcuda1-304 - 304.135-0ubuntu0.14.04.1 nvidia-libopencl1-304-updates - 304.135-0ubuntu0.14.04.1 nvidia-304-updates - 304.135-0ubuntu0.14.04.1 nvidia-304 - 304.135-0ubuntu0.14.04.1 nvidia-current - 304.135-0ubuntu0.14.04.1 nvidia-304-updates-dev - 304.135-0ubuntu0.14.04.1 nvidia-304-dev - 304.135-0ubuntu0.14.04.1 libcuda1-304-updates - 304.135-0ubuntu0.14.04.1 nvidia-libopencl1-304 - 304.135-0ubuntu0.14.04.1 nvidia-opencl-icd-304-updates - 304.135-0ubuntu0.14.04.1 nvidia-opencl-icd-304 - 304.135-0ubuntu0.14.04.1 No subscription required nvidia-331 - 340.102-0ubuntu0.14.04.1 nvidia-opencl-icd-331 - 340.102-0ubuntu0.14.04.1 nvidia-libopencl1-331-updates - 340.102-0ubuntu0.14.04.1 libcuda1-340 - 340.102-0ubuntu0.14.04.1 nvidia-340-updates - 340.102-0ubuntu0.14.04.1 nvidia-331-updates - 340.102-0ubuntu0.14.04.1 nvidia-opencl-icd-340-updates - 340.102-0ubuntu0.14.04.1 libcuda1-331-updates - 340.102-0ubuntu0.14.04.1 nvidia-opencl-icd-331-updates - 340.102-0ubuntu0.14.04.1 nvidia-340-dev - 340.102-0ubuntu0.14.04.1 nvidia-340-updates-dev - 340.102-0ubuntu0.14.04.1 nvidia-libopencl1-331 - 340.102-0ubuntu0.14.04.1 nvidia-340 - 340.102-0ubuntu0.14.04.1 nvidia-opencl-icd-340 - 340.102-0ubuntu0.14.04.1 libcuda1-340-updates - 340.102-0ubuntu0.14.04.1 libcuda1-331 - 340.102-0ubuntu0.14.04.1 nvidia-331-updates-dev - 340.102-0ubuntu0.14.04.1 nvidia-331-dev - 340.102-0ubuntu0.14.04.1 nvidia-331-updates-uvm - 340.102-0ubuntu0.14.04.1 nvidia-libopencl1-340 - 340.102-0ubuntu0.14.04.1 nvidia-libopencl1-340-updates - 340.102-0ubuntu0.14.04.1 nvidia-340-uvm - 340.102-0ubuntu0.14.04.1 nvidia-331-uvm - 340.102-0ubuntu0.14.04.1 No subscription required libcuda1-367 - 375.39-0ubuntu0.14.04.1 nvidia-libopencl1-375 - 375.39-0ubuntu0.14.04.1 nvidia-367-dev - 375.39-0ubuntu0.14.04.1 nvidia-opencl-icd-367 - 375.39-0ubuntu0.14.04.1 nvidia-367 - 375.39-0ubuntu0.14.04.1 nvidia-375-dev - 375.39-0ubuntu0.14.04.1 nvidia-opencl-icd-375 - 375.39-0ubuntu0.14.04.1 libcuda1-375 - 375.39-0ubuntu0.14.04.1 nvidia-libopencl1-367 - 375.39-0ubuntu0.14.04.1 nvidia-375 - 375.39-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-0318 Ubuntu 14.04 LTS Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3241-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools - 0.3.6-2ubuntu0.14.04.2 libaudiofile-dev - 0.3.6-2ubuntu0.14.04.2 libaudiofile1 - 0.3.6-2ubuntu0.14.04.2 No subscription required Medium CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Ubuntu 14.04 LTS Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Update Instructions: Run `sudo pro fix USN-3242-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.6 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.6 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.6 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.6 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.6 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.6 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.6 No subscription required Medium CVE-2017-2619 Ubuntu 14.04 LTS USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory details: Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Update Instructions: Run `sudo pro fix USN-3242-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.7 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.7 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.7 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.7 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.7 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.7 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.7 No subscription required None https://launchpad.net/bugs/1675698 Ubuntu 14.04 LTS It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.4 gitweb - 1:1.9.1-1ubuntu0.4 git-gui - 1:1.9.1-1ubuntu0.4 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.4 git-arch - 1:1.9.1-1ubuntu0.4 git-bzr - 1:1.9.1-1ubuntu0.4 git-el - 1:1.9.1-1ubuntu0.4 gitk - 1:1.9.1-1ubuntu0.4 git-all - 1:1.9.1-1ubuntu0.4 git-mediawiki - 1:1.9.1-1ubuntu0.4 git-daemon-run - 1:1.9.1-1ubuntu0.4 git-man - 1:1.9.1-1ubuntu0.4 git-doc - 1:1.9.1-1ubuntu0.4 git-svn - 1:1.9.1-1ubuntu0.4 git-cvs - 1:1.9.1-1ubuntu0.4 git-core - 1:1.9.1-1ubuntu0.4 git-email - 1:1.9.1-1ubuntu0.4 No subscription required Medium CVE-2014-9938 Ubuntu 14.04 LTS Hanno Böck discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-3244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer0.10-plugins-base-apps - 0.10.36-1.1ubuntu2.1 libgstreamer-plugins-base0.10-0 - 0.10.36-1.1ubuntu2.1 gir1.2-gst-plugins-base-0.10 - 0.10.36-1.1ubuntu2.1 gstreamer0.10-plugins-base - 0.10.36-1.1ubuntu2.1 libgstreamer-plugins-base0.10-dev - 0.10.36-1.1ubuntu2.1 gstreamer0.10-alsa - 0.10.36-1.1ubuntu2.1 gstreamer0.10-x - 0.10.36-1.1ubuntu2.1 gstreamer0.10-gnomevfs - 0.10.36-1.1ubuntu2.1 gstreamer0.10-plugins-base-doc - 0.10.36-1.1ubuntu2.1 No subscription required libgstreamer-plugins-base1.0-dev - 1.2.4-1~ubuntu2.1 libgstreamer-plugins-base1.0-0 - 1.2.4-1~ubuntu2.1 gstreamer1.0-x - 1.2.4-1~ubuntu2.1 gstreamer1.0-plugins-base-doc - 1.2.4-1~ubuntu2.1 gstreamer1.0-plugins-base - 1.2.4-1~ubuntu2.1 gir1.2-gst-plugins-base-1.0 - 1.2.4-1~ubuntu2.1 gstreamer1.0-alsa - 1.2.4-1~ubuntu2.1 gstreamer1.0-plugins-base-apps - 1.2.4-1~ubuntu2.1 No subscription required Medium CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Ubuntu 14.04 LTS Hanno Böck discovered that GStreamer Good Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-3245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer0.10-plugins-good - 0.10.31-3+nmu1ubuntu5.3 gstreamer0.10-plugins-good-doc - 0.10.31-3+nmu1ubuntu5.3 gstreamer0.10-gconf - 0.10.31-3+nmu1ubuntu5.3 gstreamer0.10-pulseaudio - 0.10.31-3+nmu1ubuntu5.3 No subscription required gstreamer1.0-pulseaudio - 1.2.4-1~ubuntu1.4 gstreamer1.0-plugins-good-doc - 1.2.4-1~ubuntu1.4 libgstreamer-plugins-good1.0-dev - 1.2.4-1~ubuntu1.4 libgstreamer-plugins-good1.0-0 - 1.2.4-1~ubuntu1.4 gstreamer1.0-plugins-good - 1.2.4-1~ubuntu1.4 No subscription required Medium CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 Ubuntu 14.04 LTS Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator. Update Instructions: Run `sudo pro fix USN-3246-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: eject-udeb - 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 eject - 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 No subscription required Medium CVE-2017-6964 Ubuntu 14.04 LTS Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior. Update Instructions: Run `sudo pro fix USN-3247-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apparmor-docs - 2.10.95-0ubuntu2.6~14.04.1 python-apparmor - 2.10.95-0ubuntu2.6~14.04.1 libapparmor-dev - 2.10.95-0ubuntu2.6~14.04.1 libapparmor-perl - 2.10.95-0ubuntu2.6~14.04.1 libapparmor1 - 2.10.95-0ubuntu2.6~14.04.1 apparmor-notify - 2.10.95-0ubuntu2.6~14.04.1 apparmor-profiles - 2.10.95-0ubuntu2.6~14.04.1 python3-libapparmor - 2.10.95-0ubuntu2.6~14.04.1 python-libapparmor - 2.10.95-0ubuntu2.6~14.04.1 libpam-apparmor - 2.10.95-0ubuntu2.6~14.04.1 apparmor-easyprof - 2.10.95-0ubuntu2.6~14.04.1 apparmor - 2.10.95-0ubuntu2.6~14.04.1 python3-apparmor - 2.10.95-0ubuntu2.6~14.04.1 apparmor-utils - 2.10.95-0ubuntu2.6~14.04.1 libapache2-mod-apparmor - 2.10.95-0ubuntu2.6~14.04.1 dh-apparmor - 2.10.95-0ubuntu2.6~14.04.1 No subscription required Medium CVE-2017-6507 Ubuntu 14.04 LTS USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3249-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-71-powerpc-e500mc - 4.4.0-71.92~14.04.1 linux-image-4.4.0-71-lowlatency - 4.4.0-71.92~14.04.1 linux-image-4.4.0-71-powerpc-smp - 4.4.0-71.92~14.04.1 linux-image-4.4.0-71-powerpc64-smp - 4.4.0-71.92~14.04.1 linux-image-4.4.0-71-powerpc64-emb - 4.4.0-71.92~14.04.1 linux-image-4.4.0-71-generic - 4.4.0-71.92~14.04.1 linux-image-extra-4.4.0-71-generic - 4.4.0-71.92~14.04.1 linux-image-4.4.0-71-generic-lpae - 4.4.0-71.92~14.04.1 No subscription required High CVE-2017-7184 Ubuntu 14.04 LTS It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3250-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-115-powerpc64-emb - 3.13.0-115.162 linux-image-3.13.0-115-lowlatency - 3.13.0-115.162 linux-image-extra-3.13.0-115-generic - 3.13.0-115.162 linux-image-3.13.0-115-generic - 3.13.0-115.162 linux-image-3.13.0-115-generic-lpae - 3.13.0-115.162 linux-image-3.13.0-115-powerpc-e500mc - 3.13.0-115.162 linux-image-3.13.0-115-powerpc-e500 - 3.13.0-115.162 linux-image-3.13.0-115-powerpc-smp - 3.13.0-115.162 linux-image-3.13.0-115-powerpc64-smp - 3.13.0-115.162 No subscription required High CVE-2017-7184 Ubuntu 14.04 LTS It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2016-9566) Update Instructions: Run `sudo pro fix USN-3253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nagios3-core - 3.5.1-1ubuntu1.1 nagios3-doc - 3.5.1-1ubuntu1.1 nagios3-cgi - 3.5.1-1ubuntu1.1 nagios3-common - 3.5.1-1ubuntu1.1 nagios3 - 3.5.1-1ubuntu1.1 No subscription required Medium CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 Ubuntu 14.04 LTS USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2016-9566) Update Instructions: Run `sudo pro fix USN-3253-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nagios3-core - 3.5.1-1ubuntu1.3 nagios3-doc - 3.5.1-1ubuntu1.3 nagios3-cgi - 3.5.1-1ubuntu1.3 nagios3-common - 3.5.1-1ubuntu1.3 nagios3 - 3.5.1-1ubuntu1.3 No subscription required None https://launchpad.net/bugs/1690380 Ubuntu 14.04 LTS It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A remote attacker could possibly use a Django server as an open redirect. (CVE-2017-7234) Update Instructions: Run `sudo pro fix USN-3254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.1 python-django - 1.6.11-0ubuntu1.1 No subscription required Medium CVE-2017-7233 CVE-2017-7234 Ubuntu 14.04 LTS Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-116-powerpc64-emb - 3.13.0-116.163 linux-image-3.13.0-116-powerpc-e500mc - 3.13.0-116.163 linux-image-3.13.0-116-lowlatency - 3.13.0-116.163 linux-image-3.13.0-116-generic - 3.13.0-116.163 linux-image-3.13.0-116-powerpc-e500 - 3.13.0-116.163 linux-image-3.13.0-116-powerpc-smp - 3.13.0-116.163 linux-image-extra-3.13.0-116-generic - 3.13.0-116.163 linux-image-3.13.0-116-powerpc64-smp - 3.13.0-116.163 linux-image-3.13.0-116-generic-lpae - 3.13.0-116.163 No subscription required High CVE-2017-7308 Ubuntu 14.04 LTS USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3256-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-72-generic - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-generic - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-powerpc-smp - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-powerpc-e500mc - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-generic-lpae - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-powerpc64-smp - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-powerpc64-emb - 4.4.0-72.93~14.04.1 linux-image-4.4.0-72-lowlatency - 4.4.0-72.93~14.04.1 No subscription required High CVE-2017-7308 Ubuntu 14.04 LTS It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. (CVE-2017-3136) Mike Lalumiere discovered that in some situations, Bind did not properly handle invalid operations requested via its control channel. An attacker with access to the control channel could cause a denial of service. (CVE-2017-3138) Update Instructions: Run `sudo pro fix USN-3259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.14 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.14 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.14 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.14 bind9utils - 1:9.9.5.dfsg-3ubuntu0.14 libdns100 - 1:9.9.5.dfsg-3ubuntu0.14 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.14 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.14 host - 1:9.9.5.dfsg-3ubuntu0.14 lwresd - 1:9.9.5.dfsg-3ubuntu0.14 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.14 libisc95 - 1:9.9.5.dfsg-3ubuntu0.14 bind9 - 1:9.9.5.dfsg-3ubuntu0.14 bind9-host - 1:9.9.5.dfsg-3ubuntu0.14 No subscription required Medium CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462) Update Instructions: Run `sudo pro fix USN-3260-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-nn - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-nb - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-fa - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-fi - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-fr - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-fy - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-or - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-kab - 53.0+build6-0ubuntu0.14.04.1 firefox-testsuite - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-oc - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-cs - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ga - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-gd - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-gn - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-gl - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-gu - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-pa - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-pl - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-cy - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-pt - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-hi - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ms - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-he - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-hy - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-hr - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-hu - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-it - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-as - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ar - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-az - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-id - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-mai - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-af - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-is - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-vi - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-an - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-bs - 53.0+build6-0ubuntu0.14.04.1 firefox - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ro - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ja - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ru - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-br - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-zh-hant - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-zh-hans - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-bn - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-be - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-bg - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-sl - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-sk - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-si - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-sw - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-sv - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-sr - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-sq - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ko - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-kn - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-km - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-kk - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ka - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-xh - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ca - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ku - 53.0+build6-0ubuntu0.14.04.1 firefox-mozsymbols - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-lv - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-lt - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-th - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-hsb - 53.0+build6-0ubuntu0.14.04.1 firefox-dev - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-te - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-cak - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ta - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-lg - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-tr - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-nso - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-de - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-da - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-uk - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-mr - 53.0+build6-0ubuntu0.14.04.1 firefox-globalmenu - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-uz - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ml - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-mn - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-mk - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ur - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-eu - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-et - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-es - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-csb - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-el - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-eo - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-en - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-zu - 53.0+build6-0ubuntu0.14.04.1 firefox-locale-ast - 53.0+build6-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5468 CVE-2017-5469 Ubuntu 14.04 LTS USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462) Update Instructions: Run `sudo pro fix USN-3260-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-nn - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-nb - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-fa - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-fi - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-fr - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-fy - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-or - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-kab - 53.0.2+build1-0ubuntu0.14.04.2 firefox-testsuite - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-oc - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-cs - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ga - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-gd - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-gn - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-gl - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-gu - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-pa - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-pl - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-cy - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-pt - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-hi - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ms - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-he - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-hy - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-hr - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-hu - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-it - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-as - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ar - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-az - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-id - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-mai - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-af - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-is - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-vi - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-an - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-bs - 53.0.2+build1-0ubuntu0.14.04.2 firefox - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ro - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ja - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ru - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-br - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-zh-hant - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-zh-hans - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-bn - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-be - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-bg - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-sl - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-sk - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-si - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-sw - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-sv - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-sr - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-sq - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ko - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-kn - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-km - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-kk - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ka - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-xh - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ca - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ku - 53.0.2+build1-0ubuntu0.14.04.2 firefox-mozsymbols - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-lv - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-lt - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-th - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-hsb - 53.0.2+build1-0ubuntu0.14.04.2 firefox-dev - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-te - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-cak - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ta - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-lg - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-tr - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-nso - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-de - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-da - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-uk - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-mr - 53.0.2+build1-0ubuntu0.14.04.2 firefox-globalmenu - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-uz - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ml - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-mn - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-mk - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ur - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-eu - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-et - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-es - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-csb - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-el - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-eo - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-en - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-zu - 53.0.2+build1-0ubuntu0.14.04.2 firefox-locale-ast - 53.0.2+build1-0ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1690195 Ubuntu 14.04 LTS Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029) Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-10155) Li Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907) It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8667) It was discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8669) It was discovered that QEMU incorrectly handled the shared rings when used with Xen. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. (CVE-2016-9381) Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9602) Gerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9603) It was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9776) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9845, CVE-2016-9908) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, CVE-2017-5578, CVE-2017-5857) Li Qiang discovered that QEMU incorrectly handled the USB redirector. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9907) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9911) Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916) Qinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9921, CVE-2016-9922) Wjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2615) It was discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2620) It was discovered that QEMU incorrectly handled VNC connections. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-2633) Li Qiang discovered that QEMU incorrectly handled the ac97 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5525) Li Qiang discovered that QEMU incorrectly handled the es1370 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5526) Li Qiang discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5579) Jiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-5667) Li Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5856) Li Qiang discovered that QEMU incorrectly handled the CCID Card device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5898) Li Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5973) Jiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5987) Li Qiang discovered that QEMU incorrectly handled USB OHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-6505) Update Instructions: Run `sudo pro fix USN-3261-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.33 qemu-user-static - 2.0.0+dfsg-2ubuntu1.33 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.33 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.33 qemu-kvm - 2.0.0+dfsg-2ubuntu1.33 qemu-user - 2.0.0+dfsg-2ubuntu1.33 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.33 qemu-system - 2.0.0+dfsg-2ubuntu1.33 qemu-utils - 2.0.0+dfsg-2ubuntu1.33 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.33 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.33 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.33 qemu-common - 2.0.0+dfsg-2ubuntu1.33 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.33 qemu - 2.0.0+dfsg-2ubuntu1.33 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.33 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.33 No subscription required Medium CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-7907 CVE-2016-8667 CVE-2016-8669 CVE-2016-9381 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 Ubuntu 14.04 LTS It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3263-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.7 libfreetype6-udeb - 2.5.2-1ubuntu2.7 freetype2-demos - 2.5.2-1ubuntu2.7 libfreetype6 - 2.5.2-1ubuntu2.7 No subscription required Medium CVE-2016-10328 Ubuntu 14.04 LTS Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3264-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-117-generic-lpae - 3.13.0-117.164 linux-image-3.13.0-117-lowlatency - 3.13.0-117.164 linux-image-extra-3.13.0-117-generic - 3.13.0-117.164 linux-image-3.13.0-117-powerpc-e500mc - 3.13.0-117.164 linux-image-3.13.0-117-powerpc64-smp - 3.13.0-117.164 linux-image-3.13.0-117-powerpc-e500 - 3.13.0-117.164 linux-image-3.13.0-117-generic - 3.13.0-117.164 linux-image-3.13.0-117-powerpc64-emb - 3.13.0-117.164 linux-image-3.13.0-117-powerpc-smp - 3.13.0-117.164 No subscription required Medium CVE-2017-5986 Ubuntu 14.04 LTS USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669) Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986) Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346) Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Update Instructions: Run `sudo pro fix USN-3265-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-75-generic - 4.4.0-75.96~14.04.1 linux-image-4.4.0-75-powerpc64-emb - 4.4.0-75.96~14.04.1 linux-image-extra-4.4.0-75-generic - 4.4.0-75.96~14.04.1 linux-image-4.4.0-75-powerpc64-smp - 4.4.0-75.96~14.04.1 linux-image-4.4.0-75-generic-lpae - 4.4.0-75.96~14.04.1 linux-image-4.4.0-75-lowlatency - 4.4.0-75.96~14.04.1 linux-image-4.4.0-75-powerpc-smp - 4.4.0-75.96~14.04.1 linux-image-4.4.0-75-powerpc-e500mc - 4.4.0-75.96~14.04.1 No subscription required High CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7374 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Update Instructions: Run `sudo pro fix USN-3269-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.55-0ubuntu0.14.04.1 mysql-client - 5.5.55-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.55-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.55-0ubuntu0.14.04.1 libmysqld-pic - 5.5.55-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.55-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.55-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.55-0ubuntu0.14.04.1 mysql-common - 5.5.55-0ubuntu0.14.04.1 mysql-server - 5.5.55-0ubuntu0.14.04.1 mysql-testsuite - 5.5.55-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.55-0ubuntu0.14.04.1 libmysqld-dev - 5.5.55-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.55-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3331 CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455 CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459 CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468 CVE-2017-3599 CVE-2017-3600 Ubuntu 14.04 LTS Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. (CVE-2016-2183) It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5461) This update refreshes the NSS package to version 3.28.4 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-3270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.1 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.1 libnss3 - 2:3.28.4-0ubuntu0.14.04.1 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.1 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-2183 CVE-2017-5461 Ubuntu 14.04 LTS Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841) It was discovered that a type confusion error existed in the xsltStylePreCompute() function in Libxslt. An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995) Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a' format tokens for xsl:number data. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684) It was discovered that the xsltFormatNumberConversion() function in Libxslt did not properly handle empty decimal separators. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-4738) Update Instructions: Run `sudo pro fix USN-3271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2ubuntu0.1 libxslt1-dev - 1.1.28-2ubuntu0.1 libxslt1.1 - 1.1.28-2ubuntu0.1 xsltproc - 1.1.28-2ubuntu0.1 No subscription required Medium CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 CVE-2016-1841 CVE-2016-4738 CVE-2017-5029 Ubuntu 14.04 LTS It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207) Update Instructions: Run `sudo pro fix USN-3272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.7 ghostscript-x - 9.10~dfsg-0ubuntu10.7 libgs-dev - 9.10~dfsg-0ubuntu10.7 ghostscript-doc - 9.10~dfsg-0ubuntu10.7 libgs9 - 9.10~dfsg-0ubuntu10.7 libgs9-common - 9.10~dfsg-0ubuntu10.7 No subscription required High CVE-2016-10217 CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Ubuntu 14.04 LTS USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207) Update Instructions: Run `sudo pro fix USN-3272-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.9 ghostscript-x - 9.10~dfsg-0ubuntu10.9 libgs-dev - 9.10~dfsg-0ubuntu10.9 ghostscript-doc - 9.10~dfsg-0ubuntu10.9 libgs9 - 9.10~dfsg-0ubuntu10.9 libgs9-common - 9.10~dfsg-0ubuntu10.9 No subscription required None https://launchpad.net/bugs/1687614 Ubuntu 14.04 LTS It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3273-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu5.1 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu5.1 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu5.1 libreoffice-impress - 1:4.2.8-0ubuntu5.1 libreoffice-officebean - 1:4.2.8-0ubuntu5.1 libreoffice-base - 1:4.2.8-0ubuntu5.1 libreoffice-librelogo - 1:4.2.8-0ubuntu5.1 libreoffice-java-common - 1:4.2.8-0ubuntu5.1 browser-plugin-libreoffice - 1:4.2.8-0ubuntu5.1 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu5.1 libreoffice-style-tango - 1:4.2.8-0ubuntu5.1 libreoffice-style-crystal - 1:4.2.8-0ubuntu5.1 libreoffice-kde - 1:4.2.8-0ubuntu5.1 libreoffice-l10n-ku - 1:4.2.8-0ubuntu5.1 libreoffice-style-galaxy - 1:4.2.8-0ubuntu5.1 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu5.1 libreoffice-core - 1:4.2.8-0ubuntu5.1 libreoffice-presenter-console - 1:4.2.8-0ubuntu5.1 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu5.1 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu5.1 libreoffice-script-provider-python - 1:4.2.8-0ubuntu5.1 libreoffice-common - 1:4.2.8-0ubuntu5.1 libreoffice-gnome - 1:4.2.8-0ubuntu5.1 libreoffice-dev - 1:4.2.8-0ubuntu5.1 libreoffice-gtk3 - 1:4.2.8-0ubuntu5.1 libreoffice-report-builder - 1:4.2.8-0ubuntu5.1 libreoffice-pdfimport - 1:4.2.8-0ubuntu5.1 libreoffice-base-core - 1:4.2.8-0ubuntu5.1 libreoffice-ogltrans - 1:4.2.8-0ubuntu5.1 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu5.1 libreoffice-gtk - 1:4.2.8-0ubuntu5.1 libreoffice-calc - 1:4.2.8-0ubuntu5.1 libreoffice-base-drivers - 1:4.2.8-0ubuntu5.1 libreoffice-style-oxygen - 1:4.2.8-0ubuntu5.1 libreoffice-emailmerge - 1:4.2.8-0ubuntu5.1 libreoffice-style-human - 1:4.2.8-0ubuntu5.1 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu5.1 python3-uno - 1:4.2.8-0ubuntu5.1 libreoffice-math - 1:4.2.8-0ubuntu5.1 libreoffice-writer - 1:4.2.8-0ubuntu5.1 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu5.1 libreoffice-script-provider-js - 1:4.2.8-0ubuntu5.1 libreoffice - 1:4.2.8-0ubuntu5.1 libreoffice-draw - 1:4.2.8-0ubuntu5.1 libreoffice-style-sifr - 1:4.2.8-0ubuntu5.1 libreoffice-dev-doc - 1:4.2.8-0ubuntu5.1 libreoffice-l10n-in - 1:4.2.8-0ubuntu5.1 libreoffice-l10n-za - 1:4.2.8-0ubuntu5.1 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu5.1 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu5.1 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu5.1 No subscription required uno-libs3 - 4.2.8-0ubuntu5.1 ure - 4.2.8-0ubuntu5.1 No subscription required Medium CVE-2016-10327 CVE-2017-7870 Ubuntu 14.04 LTS It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.6 libicu52 - 52.1-3ubuntu0.6 libicu-dev - 52.1-3ubuntu0.6 icu-doc - 52.1-3ubuntu0.6 No subscription required Medium CVE-2017-7867 CVE-2017-7868 Ubuntu 14.04 LTS USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension (JCE) component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. (CVE-2017-3511) It was discovered that the Java API for XML Processing (JAXP) component in OpenJDK did not properly enforce size limits when parsing XML documents. An attacker could use this to cause a denial of service (processor and memory consumption). (CVE-2017-3526) It was discovered that the FTP client implementation in OpenJDK did not properly sanitize user inputs. If a user was tricked into opening a specially crafted FTP URL, a remote attacker could use this to manipulate the FTP connection. (CVE-2017-3533) It was discovered that OpenJDK allowed MD5 to be used as an algorithm for JAR integrity verification. An attacker could possibly use this to modify the contents of a JAR file without detection. (CVE-2017-3539) It was discovered that the SMTP client implementation in OpenJDK did not properly sanitize sender and recipient addresses. A remote attacker could use this to specially craft email addresses and gain control of a Java application's SMTP connections. (CVE-2017-3544) Update Instructions: Run `sudo pro fix USN-3275-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-source - 7u131-2.6.9-0ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-tests - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-jre-lib - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-jdk - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-jre-headless - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-jre - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-doc - 7u131-2.6.9-0ubuntu0.14.04.1 openjdk-7-demo - 7u131-2.6.9-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Ubuntu 14.04 LTS USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension (JCE) component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. (CVE-2017-3511) It was discovered that the Java API for XML Processing (JAXP) component in OpenJDK did not properly enforce size limits when parsing XML documents. An attacker could use this to cause a denial of service (processor and memory consumption). (CVE-2017-3526) It was discovered that the FTP client implementation in OpenJDK did not properly sanitize user inputs. If a user was tricked into opening a specially crafted FTP URL, a remote attacker could use this to manipulate the FTP connection. (CVE-2017-3533) It was discovered that OpenJDK allowed MD5 to be used as an algorithm for JAR integrity verification. An attacker could possibly use this to modify the contents of a JAR file without detection. (CVE-2017-3539) It was discovered that the SMTP client implementation in OpenJDK did not properly sanitize sender and recipient addresses. A remote attacker could use this to specially craft email addresses and gain control of a Java application's SMTP connections. (CVE-2017-3544) Update Instructions: Run `sudo pro fix USN-3275-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-source - 7u131-2.6.9-0ubuntu0.14.04.2 icedtea-7-jre-jamvm - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-tests - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre-lib - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jdk - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre-headless - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-doc - 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-demo - 7u131-2.6.9-0ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1691126 https://www.ubuntu.com/usn/usn-3275-2 Ubuntu 14.04 LTS Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616) Update Instructions: Run `sudo pro fix USN-3276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.1.5.1-1ubuntu9.4 login - 1:4.1.5.1-1ubuntu9.4 uidmap - 1:4.1.5.1-1ubuntu9.4 No subscription required Medium CVE-2016-6252 CVE-2017-2616 Ubuntu 14.04 LTS USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616) Update Instructions: Run `sudo pro fix USN-3276-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.1.5.1-1ubuntu9.5 login - 1:4.1.5.1-1ubuntu9.5 uidmap - 1:4.1.5.1-1ubuntu9.5 No subscription required None https://launchpad.net/bugs/1690820 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462) Update Instructions: Run `sudo pro fix USN-3278-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.1.1+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.1.1+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.1.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.1.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Ubuntu 14.04 LTS It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2016-2161) David Dennerline and Régis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. When being used in combination with a proxy or backend server, a remote attacker could possibly use this issue to perform an injection attack and pollute cache. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update Instructions: Run `sudo pro fix USN-3279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.15 libapache2-mod-macro - 1:2.4.7-1ubuntu4.15 No subscription required apache2-data - 2.4.7-1ubuntu4.15 apache2.2-bin - 2.4.7-1ubuntu4.15 apache2-utils - 2.4.7-1ubuntu4.15 apache2-dev - 2.4.7-1ubuntu4.15 apache2-mpm-worker - 2.4.7-1ubuntu4.15 apache2-suexec-custom - 2.4.7-1ubuntu4.15 apache2-suexec - 2.4.7-1ubuntu4.15 apache2 - 2.4.7-1ubuntu4.15 apache2-suexec-pristine - 2.4.7-1ubuntu4.15 apache2-doc - 2.4.7-1ubuntu4.15 apache2-mpm-prefork - 2.4.7-1ubuntu4.15 apache2-mpm-itk - 2.4.7-1ubuntu4.15 apache2-mpm-event - 2.4.7-1ubuntu4.15 apache2-bin - 2.4.7-1ubuntu4.15 No subscription required Medium CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Ubuntu 14.04 LTS Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbatik-java - 1.7.ubuntu-8ubuntu2.14.04.2 No subscription required Medium CVE-2017-5662 Ubuntu 14.04 LTS Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3281-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfop-java - 1:1.1.dfsg-2ubuntu1.1 fop - 1:1.1.dfsg-2ubuntu1.1 fop-doc - 1:1.1.dfsg-2ubuntu1.1 No subscription required Medium CVE-2017-5661 Ubuntu 14.04 LTS It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.8 libfreetype6-udeb - 2.5.2-1ubuntu2.8 freetype2-demos - 2.5.2-1ubuntu2.8 libfreetype6 - 2.5.2-1ubuntu2.8 No subscription required Medium CVE-2017-8105 CVE-2017-8287 Ubuntu 14.04 LTS Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3283-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librtmp0 - 2.4+20121230.gitdf6c518-1ubuntu0.1 librtmp-dev - 2.4+20121230.gitdf6c518-1ubuntu0.1 rtmpdump - 2.4+20121230.gitdf6c518-1ubuntu0.1 No subscription required Medium CVE-2015-8270 CVE-2015-8271 CVE-2015-8272 Ubuntu 14.04 LTS Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. A local attacker could use this issue to gain root privileges. Update Instructions: Run `sudo pro fix USN-3286-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libknewstuff3-4 - 4:4.13.3-0ubuntu0.5 libktexteditor4 - 4:4.13.3-0ubuntu0.5 libkde3support4 - 4:4.13.3-0ubuntu0.5 libkutils4 - 4:4.13.3-0ubuntu0.5 libkdeui5 - 4:4.13.3-0ubuntu0.5 libnepomukutils4 - 4:4.13.3-0ubuntu0.5 libkprintutils4 - 4:4.13.3-0ubuntu0.5 kdelibs5-data - 4:4.13.3-0ubuntu0.5 kdelibs-bin - 4:4.13.3-0ubuntu0.5 libsolid4 - 4:4.13.3-0ubuntu0.5 libkdeclarative5 - 4:4.13.3-0ubuntu0.5 libknotifyconfig4 - 4:4.13.3-0ubuntu0.5 kdelibs5-plugins - 4:4.13.3-0ubuntu0.5 libkdnssd4 - 4:4.13.3-0ubuntu0.5 libkhtml5 - 4:4.13.3-0ubuntu0.5 libkemoticons4 - 4:4.13.3-0ubuntu0.5 libkunitconversion4 - 4:4.13.3-0ubuntu0.5 libkidletime4 - 4:4.13.3-0ubuntu0.5 libkmediaplayer4 - 4:4.13.3-0ubuntu0.5 libplasma3 - 4:4.13.3-0ubuntu0.5 libkdecore5 - 4:4.13.3-0ubuntu0.5 libkntlm4 - 4:4.13.3-0ubuntu0.5 libnepomuk4 - 4:4.13.3-0ubuntu0.5 libkpty4 - 4:4.13.3-0ubuntu0.5 libkparts4 - 4:4.13.3-0ubuntu0.5 libkdewebkit5 - 4:4.13.3-0ubuntu0.5 libnepomukquery4a - 4:4.13.3-0ubuntu0.5 libkrosscore4 - 4:4.13.3-0ubuntu0.5 libkfile4 - 4:4.13.3-0ubuntu0.5 kdelibs5-dev - 4:4.13.3-0ubuntu0.5 libkio5 - 4:4.13.3-0ubuntu0.5 libkcmutils4 - 4:4.13.3-0ubuntu0.5 libknewstuff2-4 - 4:4.13.3-0ubuntu0.5 libkdesu5 - 4:4.13.3-0ubuntu0.5 libkrossui4 - 4:4.13.3-0ubuntu0.5 libkimproxy4 - 4:4.13.3-0ubuntu0.5 libthreadweaver4 - 4:4.13.3-0ubuntu0.5 libkjsembed4 - 4:4.13.3-0ubuntu0.5 kdoctools - 4:4.13.3-0ubuntu0.5 libkjsapi4 - 4:4.13.3-0ubuntu0.5 No subscription required High CVE-2017-8422 Ubuntu 14.04 LTS Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information. Update Instructions: Run `sudo pro fix USN-3287-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.5 gitweb - 1:1.9.1-1ubuntu0.5 git-gui - 1:1.9.1-1ubuntu0.5 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.5 git-arch - 1:1.9.1-1ubuntu0.5 git-bzr - 1:1.9.1-1ubuntu0.5 git-el - 1:1.9.1-1ubuntu0.5 gitk - 1:1.9.1-1ubuntu0.5 git-all - 1:1.9.1-1ubuntu0.5 git-mediawiki - 1:1.9.1-1ubuntu0.5 git-daemon-run - 1:1.9.1-1ubuntu0.5 git-man - 1:1.9.1-1ubuntu0.5 git-doc - 1:1.9.1-1ubuntu0.5 git-svn - 1:1.9.1-1ubuntu0.5 git-cvs - 1:1.9.1-1ubuntu0.5 git-core - 1:1.9.1-1ubuntu0.5 git-email - 1:1.9.1-1ubuntu0.5 No subscription required Medium CVE-2017-8386 Ubuntu 14.04 LTS It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libytnef0-dev - 1.5-6ubuntu0.1 libytnef0 - 1.5-6ubuntu0.1 No subscription required Medium CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 Ubuntu 14.04 LTS Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7377, CVE-2017-8086) Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7718) Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-7980) Jiang Xin discovered that QEMU incorrectly handled the audio subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-8309) Jiang Xin discovered that QEMU incorrectly handled the input subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-8379) Update Instructions: Run `sudo pro fix USN-3289-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.34 qemu-user-static - 2.0.0+dfsg-2ubuntu1.34 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.34 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.34 qemu-kvm - 2.0.0+dfsg-2ubuntu1.34 qemu-user - 2.0.0+dfsg-2ubuntu1.34 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.34 qemu-system - 2.0.0+dfsg-2ubuntu1.34 qemu-utils - 2.0.0+dfsg-2ubuntu1.34 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.34 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.34 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.34 qemu-common - 2.0.0+dfsg-2ubuntu1.34 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.34 qemu - 2.0.0+dfsg-2ubuntu1.34 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.34 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.34 No subscription required Medium CVE-2017-7377 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-8379 Ubuntu 14.04 LTS Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-119-powerpc64-smp - 3.13.0-119.166 linux-image-3.13.0-119-powerpc-e500mc - 3.13.0-119.166 linux-image-3.13.0-119-powerpc-e500 - 3.13.0-119.166 linux-image-3.13.0-119-generic-lpae - 3.13.0-119.166 linux-image-3.13.0-119-powerpc-smp - 3.13.0-119.166 linux-image-3.13.0-119-lowlatency - 3.13.0-119.166 linux-image-extra-3.13.0-119-generic - 3.13.0-119.166 linux-image-3.13.0-119-powerpc64-emb - 3.13.0-119.166 linux-image-3.13.0-119-generic - 3.13.0-119.166 No subscription required Medium CVE-2016-8645 Ubuntu 14.04 LTS USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261) Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294) It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616) Update Instructions: Run `sudo pro fix USN-3291-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-78-powerpc64-emb - 4.4.0-78.99~14.04.2 linux-image-extra-4.4.0-78-generic - 4.4.0-78.99~14.04.2 linux-image-4.4.0-78-powerpc-smp - 4.4.0-78.99~14.04.2 linux-image-4.4.0-78-generic - 4.4.0-78.99~14.04.2 linux-image-4.4.0-78-lowlatency - 4.4.0-78.99~14.04.2 linux-image-4.4.0-78-generic-lpae - 4.4.0-78.99~14.04.2 linux-image-4.4.0-78-powerpc-e500mc - 4.4.0-78.99~14.04.2 linux-image-4.4.0-78-powerpc64-smp - 4.4.0-78.99~14.04.2 No subscription required Medium CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616 Ubuntu 14.04 LTS Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634) It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543) It was discovered that Bash incorrectly handled the popd command. A remote attacker could possibly use this issue to bypass restricted shells. (CVE-2016-9401) It was discovered that Bash incorrectly handled path autocompletion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 17.04. (CVE-2017-5932) Update Instructions: Run `sudo pro fix USN-3294-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.7 bash-doc - 4.3-7ubuntu1.7 bash-static - 4.3-7ubuntu1.7 bash - 4.3-7ubuntu1.7 No subscription required Medium CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 CVE-2017-5932 Ubuntu 14.04 LTS It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3295-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-14ubuntu3.4 libjasper-dev - 1.900.1-14ubuntu3.4 libjasper1 - 1.900.1-14ubuntu3.4 No subscription required Medium CVE-2016-10249 CVE-2016-10251 CVE-2016-1867 CVE-2016-2089 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 CVE-2016-9591 Ubuntu 14.04 LTS It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3296-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.8 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.8 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.8 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.8 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.8 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.8 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.8 No subscription required High CVE-2017-7494 Ubuntu 14.04 LTS Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601) It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7885) Jiaqi Peng discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7975) Dai Ge discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7976) Update Instructions: Run `sudo pro fix USN-3297-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjbig2dec0 - 0.11+20120125-1ubuntu1.1 jbig2dec - 0.11+20120125-1ubuntu1.1 libjbig2dec0-dev - 0.11+20120125-1ubuntu1.1 No subscription required Medium CVE-2016-9601 CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 Ubuntu 14.04 LTS It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Update Instructions: Run `sudo pro fix USN-3298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libminiupnpc-dev - 1.6-3ubuntu2.14.04.3 libminiupnpc8 - 1.6-3ubuntu2.14.04.3 miniupnpc - 1.6-3ubuntu2.14.04.3 No subscription required Medium CVE-2017-8798 Ubuntu 14.04 LTS Some security information preloaded in Firefox was due to expire before the next scheduled release. This update bumps the expiration times. Update Instructions: Run `sudo pro fix USN-3299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-nn - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-nb - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fa - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fi - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fr - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fy - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-or - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-kab - 53.0.3+build1-0ubuntu0.14.04.2 firefox-testsuite - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-oc - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-cs - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ga - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gd - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gn - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gl - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gu - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-pa - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-pl - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-cy - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-pt - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hi - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ms - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-he - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hy - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hr - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hu - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-it - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-as - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ar - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-az - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-id - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mai - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-af - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-is - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-vi - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-an - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-bs - 53.0.3+build1-0ubuntu0.14.04.2 firefox - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ro - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ja - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ru - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-br - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-zh-hant - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-zh-hans - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-bn - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-be - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-bg - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sl - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sk - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-si - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sw - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sv - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sr - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sq - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ko - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-kn - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-km - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-kk - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ka - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-xh - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ca - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ku - 53.0.3+build1-0ubuntu0.14.04.2 firefox-mozsymbols - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-lv - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-lt - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-th - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hsb - 53.0.3+build1-0ubuntu0.14.04.2 firefox-dev - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-te - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-cak - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ta - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-lg - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-tr - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-nso - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-de - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-da - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-uk - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mr - 53.0.3+build1-0ubuntu0.14.04.2 firefox-globalmenu - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-uz - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ml - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mn - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mk - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ur - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-eu - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-et - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-es - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-csb - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-el - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-eo - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-en - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-zu - 53.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ast - 53.0.3+build1-0ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1693502 Ubuntu 14.04 LTS Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3300-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: juju - 1.25.6-0ubuntu1.14.04.2 juju-core - 1.25.6-0ubuntu1.14.04.2 juju-local - 1.25.6-0ubuntu1.14.04.2 juju-local-kvm - 1.25.6-0ubuntu1.14.04.2 No subscription required High CVE-2017-9232 Ubuntu 14.04 LTS It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2017-9022) It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service. (CVE-2017-9023) Update Instructions: Run `sudo pro fix USN-3301-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.6 strongswan-plugin-unbound - 5.1.2-0ubuntu2.6 strongswan-plugin-farp - 5.1.2-0ubuntu2.6 strongswan-ikev1 - 5.1.2-0ubuntu2.6 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.6 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.6 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.6 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.6 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.6 strongswan-plugin-sql - 5.1.2-0ubuntu2.6 strongswan-plugin-coupling - 5.1.2-0ubuntu2.6 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.6 strongswan-plugin-lookip - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.6 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.6 strongswan-ike - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.6 libstrongswan - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.6 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.6 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.6 strongswan - 5.1.2-0ubuntu2.6 strongswan-tnc-server - 5.1.2-0ubuntu2.6 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.6 strongswan-tnc-base - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.6 strongswan-starter - 5.1.2-0ubuntu2.6 strongswan-plugin-curl - 5.1.2-0ubuntu2.6 strongswan-plugin-radattr - 5.1.2-0ubuntu2.6 strongswan-plugin-soup - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.6 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.6 strongswan-ikev2 - 5.1.2-0ubuntu2.6 strongswan-plugin-mysql - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.6 strongswan-plugin-openssl - 5.1.2-0ubuntu2.6 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.6 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.6 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.6 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.6 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.6 strongswan-pt-tls-client - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.6 strongswan-nm - 5.1.2-0ubuntu2.6 strongswan-plugin-ldap - 5.1.2-0ubuntu2.6 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.6 strongswan-tnc-pdp - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.6 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.6 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.6 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.6 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.6 strongswan-plugin-ntru - 5.1.2-0ubuntu2.6 strongswan-plugin-gmp - 5.1.2-0ubuntu2.6 strongswan-plugin-agent - 5.1.2-0ubuntu2.6 strongswan-plugin-pgp - 5.1.2-0ubuntu2.6 strongswan-tnc-client - 5.1.2-0ubuntu2.6 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.6 strongswan-plugin-unity - 5.1.2-0ubuntu2.6 strongswan-plugin-led - 5.1.2-0ubuntu2.6 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.6 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.6 No subscription required Medium CVE-2017-9022 CVE-2017-9023 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.7 libmagickcore5 - 8:6.7.7.10-6ubuntu3.7 imagemagick - 8:6.7.7.10-6ubuntu3.7 imagemagick-doc - 8:6.7.7.10-6ubuntu3.7 libmagickwand5 - 8:6.7.7.10-6ubuntu3.7 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.7 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.7 libmagick++-dev - 8:6.7.7.10-6ubuntu3.7 libmagick++5 - 8:6.7.7.10-6ubuntu3.7 perlmagick - 8:6.7.7.10-6ubuntu3.7 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.7 No subscription required Medium CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Ubuntu 14.04 LTS It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. Update Instructions: Run `sudo pro fix USN-3304-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.4 sudo - 1.8.9p5-1ubuntu1.4 No subscription required High CVE-2017-1000367 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Update Instructions: Run `sudo pro fix USN-3305-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-375-dev - 375.66-0ubuntu0.14.04.1 nvidia-libopencl1-375 - 375.66-0ubuntu0.14.04.1 nvidia-opencl-icd-367 - 375.66-0ubuntu0.14.04.1 nvidia-libopencl1-367 - 375.66-0ubuntu0.14.04.1 nvidia-367-dev - 375.66-0ubuntu0.14.04.1 nvidia-opencl-icd-375 - 375.66-0ubuntu0.14.04.1 libcuda1-367 - 375.66-0ubuntu0.14.04.1 libcuda1-375 - 375.66-0ubuntu0.14.04.1 nvidia-367 - 375.66-0ubuntu0.14.04.1 nvidia-375 - 375.66-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-0350 CVE-2017-0351 CVE-2017-0352 Ubuntu 14.04 LTS Agostino Sarubbo and Jakub Jirasek discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3306-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-7ubuntu2.2 libsndfile1-dev - 1.0.25-7ubuntu2.2 sndfile-programs - 1.0.25-7ubuntu2.2 No subscription required Medium CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 Ubuntu 14.04 LTS Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3307-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.4 libldap2-dev - 2.4.31-1+nmu2ubuntu8.4 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.4 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.4 slapd - 2.4.31-1+nmu2ubuntu8.4 No subscription required Medium CVE-2017-9287 Ubuntu 14.04 LTS Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. (CVE-2014-3248) It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute arbitrary code on the master. This update is incompatible with agents older than 3.2.2. (CVE-2017-2295) Update Instructions: Run `sudo pro fix USN-3308-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: puppetmaster-common - 3.4.3-1ubuntu1.2 puppetmaster - 3.4.3-1ubuntu1.2 puppet-testsuite - 3.4.3-1ubuntu1.2 puppet - 3.4.3-1ubuntu1.2 puppet-common - 3.4.3-1ubuntu1.2 puppet-el - 3.4.3-1ubuntu1.2 puppetmaster-passenger - 3.4.3-1ubuntu1.2 vim-puppet - 3.4.3-1ubuntu1.2 No subscription required Medium CVE-2014-3248 CVE-2017-2295 Ubuntu 14.04 LTS Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code. Update Instructions: Run `sudo pro fix USN-3309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 3.4-3ubuntu0.5 libtasn1-3-bin - 3.4-3ubuntu0.5 libtasn1-bin - 3.4-3ubuntu0.5 libtasn1-3-dev - 3.4-3ubuntu0.5 libtasn1-6 - 3.4-3ubuntu0.5 No subscription required Medium CVE-2017-6891 Ubuntu 14.04 LTS It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3311-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnl-route-3-dev - 3.2.21-1ubuntu4.1 libnl-nf-3-200 - 3.2.21-1ubuntu4.1 libnl-utils - 3.2.21-1ubuntu4.1 libnl-nf-3-dev - 3.2.21-1ubuntu4.1 libnl-genl-3-200-udeb - 3.2.21-1ubuntu4.1 libnl-route-3-200 - 3.2.21-1ubuntu4.1 libnl-cli-3-200 - 3.2.21-1ubuntu4.1 libnl-genl-3-dev - 3.2.21-1ubuntu4.1 libnl-3-200 - 3.2.21-1ubuntu4.1 libnl-3-200-udeb - 3.2.21-1ubuntu4.1 libnl-3-dev - 3.2.21-1ubuntu4.1 libnl-cli-3-dev - 3.2.21-1ubuntu4.1 libnl-genl-3-200 - 3.2.21-1ubuntu4.1 No subscription required Medium CVE-2017-0553 Ubuntu 14.04 LTS USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code. (CVE-2017-0605) Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) Di Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913) Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084) Update Instructions: Run `sudo pro fix USN-3312-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-79-generic - 4.4.0-79.100~14.04.1 linux-image-extra-4.4.0-79-generic - 4.4.0-79.100~14.04.1 linux-image-4.4.0-79-generic-lpae - 4.4.0-79.100~14.04.1 linux-image-4.4.0-79-lowlatency - 4.4.0-79.100~14.04.1 linux-image-4.4.0-79-powerpc-smp - 4.4.0-79.100~14.04.1 linux-image-4.4.0-79-powerpc64-emb - 4.4.0-79.100~14.04.1 linux-image-4.4.0-79-powerpc64-smp - 4.4.0-79.100~14.04.1 linux-image-4.4.0-79-powerpc-e500mc - 4.4.0-79.100~14.04.1 No subscription required Medium CVE-2016-7913 CVE-2016-7917 CVE-2016-8632 CVE-2016-9083 CVE-2016-9084 CVE-2016-9604 CVE-2017-2596 CVE-2017-2671 CVE-2017-6001 CVE-2017-7472 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7762, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used by Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) Update Instructions: Run `sudo pro fix USN-3315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-nn - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-nb - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-fa - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-fi - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-fr - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-fy - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-or - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-kab - 54.0+build3-0ubuntu0.14.04.1 firefox-testsuite - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-oc - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-cs - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ga - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-gd - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-gn - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-gl - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-gu - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-pa - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-pl - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-cy - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-pt - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-hi - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ms - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-he - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-hy - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-hr - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-hu - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-it - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-as - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ar - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-az - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-id - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-mai - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-af - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-is - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-vi - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-an - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-bs - 54.0+build3-0ubuntu0.14.04.1 firefox - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ro - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ja - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ru - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-br - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-bn - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-be - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-bg - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-sl - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-sk - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-si - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-sw - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-sv - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-sr - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-sq - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ko - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-kn - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-km - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-kk - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ka - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-xh - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ca - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ku - 54.0+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-lv - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-lt - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-th - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 54.0+build3-0ubuntu0.14.04.1 firefox-dev - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-te - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-cak - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ta - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-lg - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-tr - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-nso - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-de - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-da - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-uk - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-mr - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-my - 54.0+build3-0ubuntu0.14.04.1 firefox-globalmenu - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-uz - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ml - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-mn - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-mk - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ur - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-eu - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-et - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-es - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-csb - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-el - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-eo - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-en - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-zu - 54.0+build3-0ubuntu0.14.04.1 firefox-locale-ast - 54.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7762 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Ubuntu 14.04 LTS It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-9468) Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote attacker could possibly use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-9469) Update Instructions: Run `sudo pro fix USN-3317-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.15-5ubuntu3.2 irssi - 0.8.15-5ubuntu3.2 No subscription required Medium CVE-2017-9468 CVE-2017-9469 Ubuntu 14.04 LTS Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869) Update Instructions: Run `sudo pro fix USN-3318-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutlsxx27 - 2.12.23-12ubuntu2.8 gnutls26-doc - 2.12.23-12ubuntu2.8 libgnutls26 - 2.12.23-12ubuntu2.8 libgnutls-dev - 2.12.23-12ubuntu2.8 libgnutls-openssl27 - 2.12.23-12ubuntu2.8 No subscription required gnutls-bin - 3.0.11+really2.12.23-12ubuntu2.8 No subscription required Medium CVE-2017-7507 CVE-2017-7869 Ubuntu 14.04 LTS It was discovered that libmwaw incorrectly handled certain malformed document files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause libmwaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmwaw-dev - 0.1.11-1ubuntu1.1 libmwaw-tools - 0.1.11-1ubuntu1.1 libmwaw-0.1-1 - 0.1.11-1ubuntu1.1 libmwaw-doc - 0.1.11-1ubuntu1.1 No subscription required Medium CVE-2017-9433 Ubuntu 14.04 LTS Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zziplib-bin - 0.13.62-2ubuntu0.1 libzzip-dev - 0.13.62-2ubuntu0.1 libzzip-0-13 - 0.13.62-2ubuntu0.1 No subscription required Medium CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used by Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) Update Instructions: Run `sudo pro fix USN-3321-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.2.1+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.2.1+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.2.1+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.2.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Ubuntu 14.04 LTS It was discovered that Exim did not properly deallocate memory when processing certain command line arguments. A local attacker could use this in conjunction with a vulnerability in the underlying kernel to possibly execute arbitrary code and gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.82-3ubuntu2.3 eximon4 - 4.82-3ubuntu2.3 exim4 - 4.82-3ubuntu2.3 exim4-daemon-light - 4.82-3ubuntu2.3 exim4-config - 4.82-3ubuntu2.3 exim4-daemon-heavy - 4.82-3ubuntu2.3 exim4-base - 4.82-3ubuntu2.3 No subscription required Medium CVE-2017-1000369 Ubuntu 14.04 LTS It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3323-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.13 libnss-dns-udeb - 2.19-0ubuntu6.13 libc6-ppc64 - 2.19-0ubuntu6.13 libc-bin - 2.19-0ubuntu6.13 libc6-x32 - 2.19-0ubuntu6.13 libc6-armel - 2.19-0ubuntu6.13 eglibc-source - 2.19-0ubuntu6.13 libc6-pic - 2.19-0ubuntu6.13 libc6-dev-ppc64 - 2.19-0ubuntu6.13 libc6-dev-armel - 2.19-0ubuntu6.13 libnss-files-udeb - 2.19-0ubuntu6.13 glibc-doc - 2.19-0ubuntu6.13 nscd - 2.19-0ubuntu6.13 multiarch-support - 2.19-0ubuntu6.13 libc6-dev - 2.19-0ubuntu6.13 libc6-amd64 - 2.19-0ubuntu6.13 libc6-dev-amd64 - 2.19-0ubuntu6.13 libc6 - 2.19-0ubuntu6.13 libc6-dev-x32 - 2.19-0ubuntu6.13 libc6-udeb - 2.19-0ubuntu6.13 libc6-dev-i386 - 2.19-0ubuntu6.13 libc-dev-bin - 2.19-0ubuntu6.13 libc6-prof - 2.19-0ubuntu6.13 No subscription required Medium CVE-2017-1000366 Ubuntu 14.04 LTS USN-3328-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3334-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-81-powerpc-smp - 4.4.0-81.104~14.04.1 linux-image-4.4.0-81-generic - 4.4.0-81.104~14.04.1 linux-image-extra-4.4.0-81-generic - 4.4.0-81.104~14.04.1 linux-image-4.4.0-81-lowlatency - 4.4.0-81.104~14.04.1 linux-image-4.4.0-81-generic-lpae - 4.4.0-81.104~14.04.1 linux-image-4.4.0-81-powerpc64-smp - 4.4.0-81.104~14.04.1 linux-image-4.4.0-81-powerpc-e500mc - 4.4.0-81.104~14.04.1 linux-image-4.4.0-81-powerpc64-emb - 4.4.0-81.104~14.04.1 No subscription required High CVE-2017-1000364 Ubuntu 14.04 LTS It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3335-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-121-powerpc64-smp - 3.13.0-121.170 linux-image-3.13.0-121-lowlatency - 3.13.0-121.170 linux-image-extra-3.13.0-121-generic - 3.13.0-121.170 linux-image-3.13.0-121-powerpc-smp - 3.13.0-121.170 linux-image-3.13.0-121-powerpc-e500mc - 3.13.0-121.170 linux-image-3.13.0-121-generic-lpae - 3.13.0-121.170 linux-image-3.13.0-121-powerpc64-emb - 3.13.0-121.170 linux-image-3.13.0-121-powerpc-e500 - 3.13.0-121.170 linux-image-3.13.0-121-generic - 3.13.0-121.170 No subscription required High CVE-2017-1000364 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3336-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.2 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.2 libnss3 - 2:3.28.4-0ubuntu0.14.04.2 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.2 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.2 No subscription required Medium CVE-2017-7502 Ubuntu 14.04 LTS It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-2226) It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131) Update Instructions: Run `sudo pro fix USN-3337-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: valgrind - 1:3.10.1-1ubuntu3~14.5 No subscription required Medium CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 Ubuntu 14.04 LTS Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6329) It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-7479) Guido Vranken discovered that OpenVPN incorrectly handled certain malformed IPv6 packets. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7508) Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or possibly expose sensitive memory contents. (CVE-2017-7520) Guido Vranken discovered that OpenVPN incorrectly handled certain x509 extensions. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7521) Update Instructions: Run `sudo pro fix USN-3339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvpn - 2.3.2-7ubuntu3.2 No subscription required Medium CVE-2016-6329 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Ubuntu 14.04 LTS Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169) Javier Jiménez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7668) ChenQin and Hanno Böck discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7679) Update Instructions: Run `sudo pro fix USN-3340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.16 libapache2-mod-macro - 1:2.4.7-1ubuntu4.16 No subscription required apache2-data - 2.4.7-1ubuntu4.16 apache2.2-bin - 2.4.7-1ubuntu4.16 apache2-utils - 2.4.7-1ubuntu4.16 apache2-dev - 2.4.7-1ubuntu4.16 apache2-mpm-worker - 2.4.7-1ubuntu4.16 apache2-suexec-custom - 2.4.7-1ubuntu4.16 apache2-suexec - 2.4.7-1ubuntu4.16 apache2 - 2.4.7-1ubuntu4.16 apache2-suexec-pristine - 2.4.7-1ubuntu4.16 apache2-doc - 2.4.7-1ubuntu4.16 apache2-mpm-prefork - 2.4.7-1ubuntu4.16 apache2-mpm-itk - 2.4.7-1ubuntu4.16 apache2-mpm-event - 2.4.7-1ubuntu4.16 apache2-bin - 2.4.7-1ubuntu4.16 No subscription required Medium CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 Ubuntu 14.04 LTS USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940) It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code. (CVE-2017-0605) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294) It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076) It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077) It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242) Update Instructions: Run `sudo pro fix USN-3343-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-123-powerpc-e500 - 3.13.0-123.172 linux-image-extra-3.13.0-123-generic - 3.13.0-123.172 linux-image-3.13.0-123-powerpc64-emb - 3.13.0-123.172 linux-image-3.13.0-123-powerpc-e500mc - 3.13.0-123.172 linux-image-3.13.0-123-generic - 3.13.0-123.172 linux-image-3.13.0-123-lowlatency - 3.13.0-123.172 linux-image-3.13.0-123-powerpc-smp - 3.13.0-123.172 linux-image-3.13.0-123-powerpc64-smp - 3.13.0-123.172 linux-image-3.13.0-123-generic-lpae - 3.13.0-123.172 No subscription required Medium CVE-2014-9940 CVE-2017-1000363 CVE-2017-7294 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 https://launchpad.net/bugs/1699772 https://www.ubuntu.com/usn/usn-3335-1 Ubuntu 14.04 LTS USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076) It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077) It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242) Update Instructions: Run `sudo pro fix USN-3344-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-83-generic - 4.4.0-83.106~14.04.1 linux-image-4.4.0-83-powerpc-smp - 4.4.0-83.106~14.04.1 linux-image-4.4.0-83-powerpc-e500mc - 4.4.0-83.106~14.04.1 linux-image-4.4.0-83-generic-lpae - 4.4.0-83.106~14.04.1 linux-image-extra-4.4.0-83-generic - 4.4.0-83.106~14.04.1 linux-image-4.4.0-83-powerpc64-smp - 4.4.0-83.106~14.04.1 linux-image-4.4.0-83-powerpc64-emb - 4.4.0-83.106~14.04.1 linux-image-4.4.0-83-lowlatency - 4.4.0-83.106~14.04.1 No subscription required Medium CVE-2017-1000363 CVE-2017-7487 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 https://launchpad.net/bugs/1699772 https://www.ubuntu.com/usn/usn-3334-1 Ubuntu 14.04 LTS Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142) Update Instructions: Run `sudo pro fix USN-3346-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.15 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.15 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.15 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.15 bind9utils - 1:9.9.5.dfsg-3ubuntu0.15 libdns100 - 1:9.9.5.dfsg-3ubuntu0.15 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.15 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.15 host - 1:9.9.5.dfsg-3ubuntu0.15 lwresd - 1:9.9.5.dfsg-3ubuntu0.15 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.15 libisc95 - 1:9.9.5.dfsg-3ubuntu0.15 bind9 - 1:9.9.5.dfsg-3ubuntu0.15 bind9-host - 1:9.9.5.dfsg-3ubuntu0.15 No subscription required Medium CVE-2017-3142 CVE-2017-3143 Ubuntu 14.04 LTS USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key (KSK). Original advisory details: Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142) Update Instructions: Run `sudo pro fix USN-3346-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.16 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.16 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.16 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.16 bind9utils - 1:9.9.5.dfsg-3ubuntu0.16 libdns100 - 1:9.9.5.dfsg-3ubuntu0.16 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.16 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.16 host - 1:9.9.5.dfsg-3ubuntu0.16 lwresd - 1:9.9.5.dfsg-3ubuntu0.16 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.16 libisc95 - 1:9.9.5.dfsg-3ubuntu0.16 bind9 - 1:9.9.5.dfsg-3ubuntu0.16 bind9-host - 1:9.9.5.dfsg-3ubuntu0.16 No subscription required None https://launchpad.net/bugs/1717981 Ubuntu 14.04 LTS Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-9526) Update Instructions: Run `sudo pro fix USN-3347-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.5 libgcrypt11-udeb - 1.5.3-2ubuntu4.5 libgcrypt11-dev - 1.5.3-2ubuntu4.5 libgcrypt11 - 1.5.3-2ubuntu4.5 No subscription required Medium CVE-2017-7526 CVE-2017-9526 Ubuntu 14.04 LTS It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by USN-3267-1 that caused Samba to incorrectly handle non-wide symlinks to directories. Update Instructions: Run `sudo pro fix USN-3348-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.9 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.9 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.9 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.9 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.9 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.9 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.9 No subscription required Medium CVE-2017-9461 Ubuntu 14.04 LTS Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428) Miroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429) Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. (CVE-2016-7431) Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433) Magnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434) Matthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310) Matthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311) It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6458) It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460) It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. (CVE-2017-6462) It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463) It was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6464) Update Instructions: Run `sudo pro fix USN-3349-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 No subscription required Medium CVE-2016-2519 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Ubuntu 14.04 LTS Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2017-2820) Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-7511) It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service. (CVE-2017-7515) It was discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause cause poppler to crash, resulting in a denial of service. (CVE-2017-9083) It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service. (CVE-2017-9406, CVE-2017-9408) Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-9775) Update Instructions: Run `sudo pro fix USN-3350-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.5 libpoppler-qt5-1 - 0.24.5-2ubuntu4.5 libpoppler-cpp-dev - 0.24.5-2ubuntu4.5 libpoppler-cpp0 - 0.24.5-2ubuntu4.5 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.5 libpoppler-dev - 0.24.5-2ubuntu4.5 libpoppler-glib8 - 0.24.5-2ubuntu4.5 libpoppler-private-dev - 0.24.5-2ubuntu4.5 libpoppler-qt4-dev - 0.24.5-2ubuntu4.5 libpoppler-glib-dev - 0.24.5-2ubuntu4.5 libpoppler-qt4-4 - 0.24.5-2ubuntu4.5 libpoppler44 - 0.24.5-2ubuntu4.5 libpoppler-qt5-dev - 0.24.5-2ubuntu4.5 libpoppler-glib-doc - 0.24.5-2ubuntu4.5 No subscription required Medium CVE-2017-2820 CVE-2017-7511 CVE-2017-7515 CVE-2017-9083 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 Ubuntu 14.04 LTS Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince. Update Instructions: Run `sudo pro fix USN-3351-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.10.3-0ubuntu10.3 libevview3-3 - 3.10.3-0ubuntu10.3 evince-common - 3.10.3-0ubuntu10.3 libevince-dev - 3.10.3-0ubuntu10.3 evince - 3.10.3-0ubuntu10.3 libevdocument3-4 - 3.10.3-0ubuntu10.3 evince-gtk - 3.10.3-0ubuntu10.3 No subscription required Medium CVE-2017-1000083 Ubuntu 14.04 LTS It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-3352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.8 nginx-core - 1.4.6-1ubuntu3.8 nginx-common - 1.4.6-1ubuntu3.8 nginx-full - 1.4.6-1ubuntu3.8 nginx - 1.4.6-1ubuntu3.8 nginx-doc - 1.4.6-1ubuntu3.8 nginx-naxsi - 1.4.6-1ubuntu3.8 nginx-naxsi-ui - 1.4.6-1ubuntu3.8 nginx-light - 1.4.6-1ubuntu3.8 No subscription required Medium CVE-2017-7529 Ubuntu 14.04 LTS Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Update Instructions: Run `sudo pro fix USN-3353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heimdal-servers-x - 1.6~git20131207+dfsg-1ubuntu1.2 libhcrypto4-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libwind0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libroken18-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libgssapi3-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-kcm - 1.6~git20131207+dfsg-1ubuntu1.2 libhdb9-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libasn1-8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libsl0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libkadm5clnt7-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-kdc - 1.6~git20131207+dfsg-1ubuntu1.2 libkdc2-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-servers - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-clients-x - 1.6~git20131207+dfsg-1ubuntu1.2 libheimntlm0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-docs - 1.6~git20131207+dfsg-1ubuntu1.2 libheimbase1-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libkrb5-26-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libotp0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-dev - 1.6~git20131207+dfsg-1ubuntu1.2 libkafs0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 libhx509-5-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-multidev - 1.6~git20131207+dfsg-1ubuntu1.2 libkadm5srv8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2 heimdal-clients - 1.6~git20131207+dfsg-1ubuntu1.2 No subscription required Medium CVE-2017-11103 Ubuntu 14.04 LTS USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks. Update Instructions: Run `sudo pro fix USN-3353-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.10 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.10 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.10 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.10 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.10 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.10 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.10 No subscription required Medium CVE-2017-11103 Ubuntu 14.04 LTS Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges. Update Instructions: Run `sudo pro fix USN-3354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.25 python3-problem-report - 2.14.1-0ubuntu3.25 apport-kde - 2.14.1-0ubuntu3.25 apport-retrace - 2.14.1-0ubuntu3.25 apport-valgrind - 2.14.1-0ubuntu3.25 python3-apport - 2.14.1-0ubuntu3.25 dh-apport - 2.14.1-0ubuntu3.25 apport-gtk - 2.14.1-0ubuntu3.25 apport - 2.14.1-0ubuntu3.25 python-problem-report - 2.14.1-0ubuntu3.25 apport-noui - 2.14.1-0ubuntu3.25 No subscription required Medium CVE-2017-10708 Ubuntu 14.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain invalid monitor configurations. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3355-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.5 libspice-server1 - 0.12.4-0nocelt2ubuntu1.5 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.5 No subscription required Medium CVE-2017-7506 Ubuntu 14.04 LTS It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-4ubuntu1.4 expat - 2.1.0-4ubuntu1.4 libexpat1-dev - 2.1.0-4ubuntu1.4 lib64expat1-dev - 2.1.0-4ubuntu1.4 libexpat1-udeb - 2.1.0-4ubuntu1.4 lib64expat1 - 2.1.0-4ubuntu1.4 No subscription required Medium CVE-2017-9233 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Update Instructions: Run `sudo pro fix USN-3357-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.57-0ubuntu0.14.04.1 mysql-client - 5.5.57-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.57-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.57-0ubuntu0.14.04.1 libmysqld-pic - 5.5.57-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.57-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.57-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.57-0ubuntu0.14.04.1 mysql-common - 5.5.57-0ubuntu0.14.04.1 mysql-server - 5.5.57-0ubuntu0.14.04.1 mysql-testsuite - 5.5.57-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.57-0ubuntu0.14.04.1 libmysqld-dev - 5.5.57-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.57-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-3529 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3637 CVE-2017-3638 CVE-2017-3639 CVE-2017-3640 CVE-2017-3641 CVE-2017-3642 CVE-2017-3643 CVE-2017-3644 CVE-2017-3645 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3650 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944) It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8955) It was discovered that the SCSI generic (sg) driver in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-8962) Sasha Levin discovered that a race condition existed in the performance events and counters subsystem of the Linux kernel when handling CPU unplug events. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8963) Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the fcntl64() system call in the Linux kernel did not properly set memory limits when returning on 32-bit ARM processors. A local attacker could use this to gain administrative privileges. (CVE-2015-8966) It was discovered that the system call table for ARM 64-bit processors in the Linux kernel was not write-protected. An attacker could use this in conjunction with another kernel vulnerability to execute arbitrary code. (CVE-2015-8967) It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895) It was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924) It was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion). (CVE-2017-8925) Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605) Update Instructions: Run `sudo pro fix USN-3360-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-125-generic - 3.13.0-125.174 linux-image-3.13.0-125-powerpc-e500 - 3.13.0-125.174 linux-image-3.13.0-125-generic - 3.13.0-125.174 linux-image-3.13.0-125-powerpc-smp - 3.13.0-125.174 linux-image-3.13.0-125-powerpc-e500mc - 3.13.0-125.174 linux-image-3.13.0-125-lowlatency - 3.13.0-125.174 linux-image-3.13.0-125-powerpc64-smp - 3.13.0-125.174 linux-image-3.13.0-125-generic-lpae - 3.13.0-125.174 linux-image-3.13.0-125-powerpc64-emb - 3.13.0-125.174 No subscription required Medium CVE-2014-9900 CVE-2015-8944 CVE-2015-8955 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2015-8966 CVE-2015-8967 CVE-2016-10088 CVE-2017-1000380 CVE-2017-7346 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9605 Ubuntu 14.04 LTS It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. (CVE-2017-10971) It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2017-10972) Eric Sesterhenn discovered that the X.Org X server incorrectly compared MIT cookies. An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie. (CVE-2017-2624) Update Instructions: Run `sudo pro fix USN-3362-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.9 xorg-server-source - 2:1.15.1-0ubuntu2.9 xdmx - 2:1.15.1-0ubuntu2.9 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.9 xserver-xorg-dev - 2:1.15.1-0ubuntu2.9 xvfb - 2:1.15.1-0ubuntu2.9 xnest - 2:1.15.1-0ubuntu2.9 xserver-common - 2:1.15.1-0ubuntu2.9 xserver-xephyr - 2:1.15.1-0ubuntu2.9 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.9 xdmx-tools - 2:1.15.1-0ubuntu2.9 No subscription required xserver-xephyr-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty2 xserver-xorg-core-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty2 xserver-xorg-dev-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty2 xwayland-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty2 xorg-server-source-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty2 No subscription required Medium CVE-2017-10971 CVE-2017-10972 CVE-2017-2624 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3363-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.8 libmagickcore5 - 8:6.7.7.10-6ubuntu3.8 imagemagick - 8:6.7.7.10-6ubuntu3.8 imagemagick-doc - 8:6.7.7.10-6ubuntu3.8 libmagickwand5 - 8:6.7.7.10-6ubuntu3.8 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.8 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.8 libmagick++-dev - 8:6.7.7.10-6ubuntu3.8 libmagick++5 - 8:6.7.7.10-6ubuntu3.8 perlmagick - 8:6.7.7.10-6ubuntu3.8 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.8 No subscription required Medium CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11352 CVE-2017-11360 CVE-2017-11447 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 Ubuntu 14.04 LTS USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3363-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.9 libmagickcore5 - 8:6.7.7.10-6ubuntu3.9 imagemagick - 8:6.7.7.10-6ubuntu3.9 imagemagick-doc - 8:6.7.7.10-6ubuntu3.9 libmagickwand5 - 8:6.7.7.10-6ubuntu3.9 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.9 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.9 libmagick++-dev - 8:6.7.7.10-6ubuntu3.9 libmagick++5 - 8:6.7.7.10-6ubuntu3.9 perlmagick - 8:6.7.7.10-6ubuntu3.9 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.9 No subscription required None https://launchpad.net/bugs/1707015 Ubuntu 14.04 LTS USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150) Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605) Update Instructions: Run `sudo pro fix USN-3364-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-87-generic-lpae - 4.4.0-87.110~14.04.1 linux-image-extra-4.4.0-87-generic - 4.4.0-87.110~14.04.1 linux-image-4.4.0-87-powerpc64-emb - 4.4.0-87.110~14.04.1 linux-image-4.4.0-87-generic - 4.4.0-87.110~14.04.1 linux-image-4.4.0-87-powerpc-smp - 4.4.0-87.110~14.04.1 linux-image-4.4.0-87-powerpc64-smp - 4.4.0-87.110~14.04.1 linux-image-4.4.0-87-lowlatency - 4.4.0-87.110~14.04.1 linux-image-4.4.0-87-powerpc-e500mc - 4.4.0-87.110~14.04.1 No subscription required Medium CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605 Ubuntu 14.04 LTS It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855) Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-7551) It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096) Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337) It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339) It was discovered that Ruby incorrectly handled the initialization vector (IV) in GCM mode. An attacker could possibly use this issue to bypass encryption. (CVE-2016-7798) Update Instructions: Run `sudo pro fix USN-3365-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.3 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.3 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.3 ruby1.9.1-full - 1.9.3.484-2ubuntu1.3 libruby1.9.1 - 1.9.3.484-2ubuntu1.3 ri1.9.1 - 1.9.3.484-2ubuntu1.3 ruby1.9.1 - 1.9.3.484-2ubuntu1.3 ruby1.9.3 - 1.9.3.484-2ubuntu1.3 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.4 libruby2.0 - 2.0.0.484-1ubuntu2.4 ruby2.0-doc - 2.0.0.484-1ubuntu2.4 ruby2.0 - 2.0.0.484-1ubuntu2.4 ruby2.0-dev - 2.0.0.484-1ubuntu2.4 No subscription required Medium CVE-2009-5147 CVE-2015-1855 CVE-2015-7551 CVE-2015-9096 CVE-2016-2337 CVE-2016-2339 CVE-2016-7798 Ubuntu 14.04 LTS Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8501) It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-9939) It was discovered that gdb incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226) It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131) It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. (CVE-2016-4491) Update Instructions: Run `sudo pro fix USN-3367-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gdb-multiarch - 7.7.1-0ubuntu5~14.04.3 gdb-source - 7.7.1-0ubuntu5~14.04.3 gdbserver - 7.7.1-0ubuntu5~14.04.3 gdb-minimal - 7.7.1-0ubuntu5~14.04.3 gdb - 7.7.1-0ubuntu5~14.04.3 gdb-doc - 7.7.1-0ubuntu5~14.04.3 gdb64 - 7.7.1-0ubuntu5~14.04.3 No subscription required Medium CVE-2014-8501 CVE-2014-9939 CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 Ubuntu 14.04 LTS It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226) It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131) It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. (CVE-2016-4491) Update Instructions: Run `sudo pro fix USN-3368-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libiberty-dev - 20131116-1ubuntu0.2 No subscription required Medium CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 Ubuntu 14.04 LTS Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3369-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freeradius-ldap - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-mysql - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-common - 2.1.12+dfsg-1.2ubuntu8.2 libfreeradius-dev - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-postgresql - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-utils - 2.1.12+dfsg-1.2ubuntu8.2 freeradius - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-iodbc - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-dialupadmin - 2.1.12+dfsg-1.2ubuntu8.2 libfreeradius2 - 2.1.12+dfsg-1.2ubuntu8.2 freeradius-krb5 - 2.1.12+dfsg-1.2ubuntu8.2 No subscription required Medium CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 Ubuntu 14.04 LTS Robert Święcki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Update Instructions: Run `sudo pro fix USN-3370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.17 libapache2-mod-macro - 1:2.4.7-1ubuntu4.17 No subscription required apache2-data - 2.4.7-1ubuntu4.17 apache2.2-bin - 2.4.7-1ubuntu4.17 apache2-utils - 2.4.7-1ubuntu4.17 apache2-dev - 2.4.7-1ubuntu4.17 apache2-mpm-worker - 2.4.7-1ubuntu4.17 apache2-suexec-custom - 2.4.7-1ubuntu4.17 apache2-suexec - 2.4.7-1ubuntu4.17 apache2 - 2.4.7-1ubuntu4.17 apache2-suexec-pristine - 2.4.7-1ubuntu4.17 apache2-doc - 2.4.7-1ubuntu4.17 apache2-mpm-prefork - 2.4.7-1ubuntu4.17 apache2-mpm-itk - 2.4.7-1ubuntu4.17 apache2-mpm-event - 2.4.7-1ubuntu4.17 apache2-bin - 2.4.7-1ubuntu4.17 No subscription required Medium CVE-2017-9788 Ubuntu 14.04 LTS It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry Transport) authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password. Update Instructions: Run `sudo pro fix USN-3374-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rabbitmq-server - 3.2.4-1ubuntu0.1 No subscription required High CVE-2016-9877 Ubuntu 14.04 LTS It was discovered that LXC incorrectly handled the TIOCSTI ioctl. An attacker could possibly use this issue to escape LXC containers. Update Instructions: Run `sudo pro fix USN-3375-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 1.0.10-0ubuntu1.1 liblxc1 - 1.0.10-0ubuntu1.1 lxc-templates - 1.0.10-0ubuntu1.1 python3-lxc - 1.0.10-0ubuntu1.1 lxc - 1.0.10-0ubuntu1.1 lxc-tests - 1.0.10-0ubuntu1.1 No subscription required Medium CVE-2016-10124 Ubuntu 14.04 LTS USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Update Instructions: Run `sudo pro fix USN-3378-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-89-powerpc64-emb - 4.4.0-89.112~14.04.1 linux-image-4.4.0-89-powerpc-smp - 4.4.0-89.112~14.04.1 linux-image-4.4.0-89-lowlatency - 4.4.0-89.112~14.04.1 linux-image-4.4.0-89-generic - 4.4.0-89.112~14.04.1 linux-image-4.4.0-89-generic-lpae - 4.4.0-89.112~14.04.1 linux-image-4.4.0-89-powerpc-e500mc - 4.4.0-89.112~14.04.1 linux-image-extra-4.4.0-89-generic - 4.4.0-89.112~14.04.1 linux-image-4.4.0-89-powerpc64-smp - 4.4.0-89.112~14.04.1 No subscription required High CVE-2017-1000365 CVE-2017-10810 CVE-2017-7482 CVE-2017-7533 Ubuntu 14.04 LTS It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Update Instructions: Run `sudo pro fix USN-3379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: shotwell - 0.18.0-0ubuntu4.5 shotwell-common - 0.18.0-0ubuntu4.5 No subscription required Medium CVE-2017-1000024 Ubuntu 14.04 LTS It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain length values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2834, CVE-2017-2835) Tyler Bohan discovered that FreeRDP incorrectly handled certain packets. A malicious server could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839) Update Instructions: Run `sudo pro fix USN-3380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp1 - 1.0.2-2ubuntu1.1 libfreerdp-plugins-standard - 1.0.2-2ubuntu1.1 freerdp-x11 - 1.0.2-2ubuntu1.1 libfreerdp-dev - 1.0.2-2ubuntu1.1 No subscription required Medium CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Ubuntu 14.04 LTS Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) It was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Update Instructions: Run `sudo pro fix USN-3381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-3.13.0-126-generic - 3.13.0-126.175 linux-image-3.13.0-126-powerpc-e500 - 3.13.0-126.175 linux-image-3.13.0-126-generic-lpae - 3.13.0-126.175 linux-image-3.13.0-126-powerpc-smp - 3.13.0-126.175 linux-image-3.13.0-126-powerpc64-smp - 3.13.0-126.175 linux-image-3.13.0-126-powerpc-e500mc - 3.13.0-126.175 linux-image-3.13.0-126-lowlatency - 3.13.0-126.175 linux-image-3.13.0-126-powerpc64-emb - 3.13.0-126.175 linux-image-3.13.0-126-generic - 3.13.0-126.175 No subscription required Medium CVE-2016-8405 CVE-2017-1000365 CVE-2017-2618 CVE-2017-7482 Ubuntu 14.04 LTS It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server. (CVE-2017-11145) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) Update Instructions: Run `sudo pro fix USN-3382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.22 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.22 php5-curl - 5.5.9+dfsg-1ubuntu4.22 php5-intl - 5.5.9+dfsg-1ubuntu4.22 php5-snmp - 5.5.9+dfsg-1ubuntu4.22 php5-mysql - 5.5.9+dfsg-1ubuntu4.22 php5-odbc - 5.5.9+dfsg-1ubuntu4.22 php5-xsl - 5.5.9+dfsg-1ubuntu4.22 php5-gd - 5.5.9+dfsg-1ubuntu4.22 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.22 php5-tidy - 5.5.9+dfsg-1ubuntu4.22 php5-dev - 5.5.9+dfsg-1ubuntu4.22 php5-pgsql - 5.5.9+dfsg-1ubuntu4.22 php5-enchant - 5.5.9+dfsg-1ubuntu4.22 php5-readline - 5.5.9+dfsg-1ubuntu4.22 php5-gmp - 5.5.9+dfsg-1ubuntu4.22 php5-fpm - 5.5.9+dfsg-1ubuntu4.22 php5-cgi - 5.5.9+dfsg-1ubuntu4.22 php5-sqlite - 5.5.9+dfsg-1ubuntu4.22 php5-ldap - 5.5.9+dfsg-1ubuntu4.22 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.22 php5 - 5.5.9+dfsg-1ubuntu4.22 php5-cli - 5.5.9+dfsg-1ubuntu4.22 php-pear - 5.5.9+dfsg-1ubuntu4.22 php5-sybase - 5.5.9+dfsg-1ubuntu4.22 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.22 php5-pspell - 5.5.9+dfsg-1ubuntu4.22 php5-common - 5.5.9+dfsg-1ubuntu4.22 libphp5-embed - 5.5.9+dfsg-1ubuntu4.22 No subscription required Medium CVE-2015-8994 CVE-2016-10397 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11147 CVE-2017-11362 CVE-2017-11628 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 Ubuntu 14.04 LTS Aleksandar Nikolic discovered a stack based buffer overflow when handling chunked encoding. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3383-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.44.2-1ubuntu2.2 libsoup-gnome2.4-dev - 2.44.2-1ubuntu2.2 gir1.2-soup-2.4 - 2.44.2-1ubuntu2.2 libsoup2.4-1 - 2.44.2-1ubuntu2.2 libsoup2.4-dev - 2.44.2-1ubuntu2.2 libsoup2.4-doc - 2.44.2-1ubuntu2.2 No subscription required High CVE-2017-2885 Ubuntu 14.04 LTS USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111) Update Instructions: Run `sudo pro fix USN-3385-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-91-powerpc-smp - 4.4.0-91.114~14.04.1 linux-image-4.4.0-91-generic-lpae - 4.4.0-91.114~14.04.1 linux-image-4.4.0-91-powerpc-e500mc - 4.4.0-91.114~14.04.1 linux-image-4.4.0-91-powerpc64-emb - 4.4.0-91.114~14.04.1 linux-image-4.4.0-91-generic - 4.4.0-91.114~14.04.1 linux-image-4.4.0-91-powerpc64-smp - 4.4.0-91.114~14.04.1 linux-image-extra-4.4.0-91-generic - 4.4.0-91.114~14.04.1 linux-image-4.4.0-91-lowlatency - 4.4.0-91.114~14.04.1 No subscription required High CVE-2017-1000111 CVE-2017-1000112 Ubuntu 14.04 LTS Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111) Update Instructions: Run `sudo pro fix USN-3386-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-128-powerpc-smp - 3.13.0-128.177 linux-image-3.13.0-128-powerpc64-smp - 3.13.0-128.177 linux-image-3.13.0-128-powerpc-e500mc - 3.13.0-128.177 linux-image-3.13.0-128-powerpc64-emb - 3.13.0-128.177 linux-image-3.13.0-128-generic - 3.13.0-128.177 linux-image-3.13.0-128-generic-lpae - 3.13.0-128.177 linux-image-3.13.0-128-powerpc-e500 - 3.13.0-128.177 linux-image-extra-3.13.0-128-generic - 3.13.0-128.177 linux-image-3.13.0-128-lowlatency - 3.13.0-128.177 No subscription required High CVE-2017-1000111 CVE-2017-1000112 Ubuntu 14.04 LTS Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user. Update Instructions: Run `sudo pro fix USN-3387-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.6 gitweb - 1:1.9.1-1ubuntu0.6 git-gui - 1:1.9.1-1ubuntu0.6 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.6 git-arch - 1:1.9.1-1ubuntu0.6 git-bzr - 1:1.9.1-1ubuntu0.6 git-el - 1:1.9.1-1ubuntu0.6 gitk - 1:1.9.1-1ubuntu0.6 git-all - 1:1.9.1-1ubuntu0.6 git-mediawiki - 1:1.9.1-1ubuntu0.6 git-daemon-run - 1:1.9.1-1ubuntu0.6 git-man - 1:1.9.1-1ubuntu0.6 git-doc - 1:1.9.1-1ubuntu0.6 git-svn - 1:1.9.1-1ubuntu0.6 git-cvs - 1:1.9.1-1ubuntu0.6 git-core - 1:1.9.1-1ubuntu0.6 git-email - 1:1.9.1-1ubuntu0.6 No subscription required Medium CVE-2017-1000117 Ubuntu 14.04 LTS Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. (CVE-2017-9800) Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2167) Florian Weimer discovered that Subversion clients did not properly restrict XML entity expansion when accessing http(s):// URLs. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734) Update Instructions: Run `sudo pro fix USN-3388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.8.8-1ubuntu3.3 ruby-svn - 1.8.8-1ubuntu3.3 subversion-tools - 1.8.8-1ubuntu3.3 libapache2-svn - 1.8.8-1ubuntu3.3 libapache2-mod-svn - 1.8.8-1ubuntu3.3 python-subversion - 1.8.8-1ubuntu3.3 libsvn-java - 1.8.8-1ubuntu3.3 subversion - 1.8.8-1ubuntu3.3 libsvn-doc - 1.8.8-1ubuntu3.3 libsvn1 - 1.8.8-1ubuntu3.3 libsvn-perl - 1.8.8-1ubuntu3.3 libsvn-ruby1.8 - 1.8.8-1ubuntu3.3 No subscription required Medium CVE-2016-2167 CVE-2016-8734 CVE-2017-9800 Ubuntu 14.04 LTS A vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack. Update Instructions: Run `sudo pro fix USN-3389-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.7 libgd2-xpm-dev - 2.1.0-3ubuntu0.7 libgd-tools - 2.1.0-3ubuntu0.7 libgd2-noxpm-dev - 2.1.0-3ubuntu0.7 libgd-dev - 2.1.0-3ubuntu0.7 No subscription required Medium CVE-2017-7890 Ubuntu 14.04 LTS Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. (CVE-2017-7546) Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. (CVE-2017-7547) Chapman Flack discovered that PostgreSQL incorrectly handled lo_put() permissions. A remote attacker could possibly use this issue to change the data in a large object. (CVE-2017-7548) Update Instructions: Run `sudo pro fix USN-3390-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.18-0ubuntu0.14.04.1 postgresql-server-dev-9.3 - 9.3.18-0ubuntu0.14.04.1 postgresql-9.3 - 9.3.18-0ubuntu0.14.04.1 postgresql-plperl-9.3 - 9.3.18-0ubuntu0.14.04.1 postgresql-doc-9.3 - 9.3.18-0ubuntu0.14.04.1 postgresql-plpython3-9.3 - 9.3.18-0ubuntu0.14.04.1 libecpg6 - 9.3.18-0ubuntu0.14.04.1 postgresql-pltcl-9.3 - 9.3.18-0ubuntu0.14.04.1 postgresql-client-9.3 - 9.3.18-0ubuntu0.14.04.1 libpgtypes3 - 9.3.18-0ubuntu0.14.04.1 libecpg-dev - 9.3.18-0ubuntu0.14.04.1 libpq-dev - 9.3.18-0ubuntu0.14.04.1 libpq5 - 9.3.18-0ubuntu0.14.04.1 postgresql-contrib-9.3 - 9.3.18-0ubuntu0.14.04.1 libecpg-compat3 - 9.3.18-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809) Update Instructions: Run `sudo pro fix USN-3391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-nn - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-nb - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fa - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fi - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fr - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-fy - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-or - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-kab - 55.0.1+build2-0ubuntu0.14.04.2 firefox-testsuite - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-oc - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-cs - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ga - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gd - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gn - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gl - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-gu - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-pa - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-pl - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-cy - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-pt - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hi - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ms - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-he - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hy - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hr - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hu - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-it - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-as - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ar - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-az - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-id - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mai - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-af - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-is - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-vi - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-an - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-bs - 55.0.1+build2-0ubuntu0.14.04.2 firefox - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ro - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ja - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ru - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-br - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-zh-hant - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-zh-hans - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-bn - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-be - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-bg - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sl - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sk - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-si - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sw - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sv - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sr - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-sq - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ko - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-kn - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-km - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-kk - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ka - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-xh - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ca - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ku - 55.0.1+build2-0ubuntu0.14.04.2 firefox-mozsymbols - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-lv - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-lt - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-th - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-hsb - 55.0.1+build2-0ubuntu0.14.04.2 firefox-dev - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-te - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-cak - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ta - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-lg - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-tr - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-nso - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-de - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-da - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-uk - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mr - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-my - 55.0.1+build2-0ubuntu0.14.04.2 firefox-globalmenu - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-uz - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ml - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mn - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-mk - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ur - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-eu - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-et - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-es - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-csb - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-el - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-eo - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-en - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-zu - 55.0.1+build2-0ubuntu0.14.04.2 firefox-locale-ast - 55.0.1+build2-0ubuntu0.14.04.2 No subscription required Medium CVE-2017-7753 CVE-2017-7779 CVE-2017-7780 CVE-2017-7781 CVE-2017-7783 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7788 CVE-2017-7789 CVE-2017-7791 CVE-2017-7792 CVE-2017-7794 CVE-2017-7797 CVE-2017-7798 CVE-2017-7799 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7806 CVE-2017-7807 CVE-2017-7808 CVE-2017-7809 Ubuntu 14.04 LTS USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809) Update Instructions: Run `sudo pro fix USN-3391-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubufox - 3.4-0ubuntu0.14.04.1 xul-ext-ubufox - 3.4-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1711137 Ubuntu 14.04 LTS USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809) Update Instructions: Run `sudo pro fix USN-3391-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kab - 55.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 55.0.2+build1-0ubuntu0.14.04.1 firefox - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 55.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 55.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-my - 55.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ur - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 55.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 55.0.2+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1710987 Ubuntu 14.04 LTS USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Update Instructions: Run `sudo pro fix USN-3392-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-92-powerpc64-smp - 4.4.0-92.115~14.04.1 linux-image-4.4.0-92-powerpc-smp - 4.4.0-92.115~14.04.1 linux-image-extra-4.4.0-92-generic - 4.4.0-92.115~14.04.1 linux-image-4.4.0-92-lowlatency - 4.4.0-92.115~14.04.1 linux-image-4.4.0-92-powerpc-e500mc - 4.4.0-92.115~14.04.1 linux-image-4.4.0-92-generic-lpae - 4.4.0-92.115~14.04.1 linux-image-4.4.0-92-powerpc64-emb - 4.4.0-92.115~14.04.1 linux-image-4.4.0-92-generic - 4.4.0-92.115~14.04.1 No subscription required None https://bugs.launchpad.net/bugs/1709032 https://usn.ubuntu.com/usn/usn-3378-2 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419) It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack compression. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420) Update Instructions: Run `sudo pro fix USN-3393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav-testfiles - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav-base - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav - 0.99.2+addedllvm-0ubuntu0.14.04.2 libclamav7 - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav-daemon - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav-milter - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav-docs - 0.99.2+addedllvm-0ubuntu0.14.04.2 clamav-freshclam - 0.99.2+addedllvm-0ubuntu0.14.04.2 No subscription required Medium CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 Ubuntu 14.04 LTS It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3395-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.10.0-2ubuntu0.2 libc-ares-dev - 1.10.0-2ubuntu0.2 No subscription required Medium CVE-2017-1000381 Ubuntu 14.04 LTS It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074) It was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081) It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087) It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089) It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090) It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096) It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101) It was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code. (CVE-2017-10102) It was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107) It was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108) It was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109) It was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110) It was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10115) It was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116) It was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10118) Ilya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10135) It was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information. (CVE-2017-10176) It was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information. (CVE-2017-10243) Update Instructions: Run `sudo pro fix USN-3396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-source - 7u151-2.6.11-0ubuntu1.14.04.1 icedtea-7-jre-jamvm - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-tests - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-jre-lib - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-jdk - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-jre-headless - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-jre - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-doc - 7u151-2.6.11-0ubuntu1.14.04.1 openjdk-7-demo - 7u151-2.6.11-0ubuntu1.14.04.1 No subscription required Medium CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10243 Ubuntu 14.04 LTS It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3397-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.7 strongswan-plugin-unbound - 5.1.2-0ubuntu2.7 strongswan-plugin-farp - 5.1.2-0ubuntu2.7 strongswan-ikev1 - 5.1.2-0ubuntu2.7 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.7 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.7 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.7 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.7 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.7 strongswan-plugin-sql - 5.1.2-0ubuntu2.7 strongswan-plugin-coupling - 5.1.2-0ubuntu2.7 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.7 strongswan-plugin-lookip - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.7 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.7 strongswan-ike - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.7 libstrongswan - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.7 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.7 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.7 strongswan - 5.1.2-0ubuntu2.7 strongswan-tnc-server - 5.1.2-0ubuntu2.7 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.7 strongswan-tnc-base - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.7 strongswan-starter - 5.1.2-0ubuntu2.7 strongswan-plugin-curl - 5.1.2-0ubuntu2.7 strongswan-plugin-radattr - 5.1.2-0ubuntu2.7 strongswan-plugin-soup - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.7 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.7 strongswan-ikev2 - 5.1.2-0ubuntu2.7 strongswan-plugin-mysql - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.7 strongswan-plugin-openssl - 5.1.2-0ubuntu2.7 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.7 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.7 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.7 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.7 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.7 strongswan-pt-tls-client - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.7 strongswan-nm - 5.1.2-0ubuntu2.7 strongswan-plugin-ldap - 5.1.2-0ubuntu2.7 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.7 strongswan-tnc-pdp - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.7 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.7 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.7 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.7 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.7 strongswan-plugin-ntru - 5.1.2-0ubuntu2.7 strongswan-plugin-gmp - 5.1.2-0ubuntu2.7 strongswan-plugin-agent - 5.1.2-0ubuntu2.7 strongswan-plugin-pgp - 5.1.2-0ubuntu2.7 strongswan-tnc-client - 5.1.2-0ubuntu2.7 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.7 strongswan-plugin-unity - 5.1.2-0ubuntu2.7 strongswan-plugin-led - 5.1.2-0ubuntu2.7 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.7 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.7 No subscription required Medium CVE-2017-11185 Ubuntu 14.04 LTS Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphite2-doc - 1.3.10-0ubuntu0.14.04.1 libgraphite2-3 - 1.3.10-0ubuntu0.14.04.1 libgraphite2-dev - 1.3.10-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Ubuntu 14.04 LTS Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user. Update Instructions: Run `sudo pro fix USN-3399-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cvs - 2:1.12.13+real-12ubuntu0.1 No subscription required Medium CVE-2017-12836 Ubuntu 14.04 LTS It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: augeas-tools - 1.2.0-0ubuntu1.3 libaugeas0 - 1.2.0-0ubuntu1.3 libaugeas-dev - 1.2.0-0ubuntu1.3 augeas-doc - 1.2.0-0ubuntu1.3 augeas-lenses - 1.2.0-0ubuntu1.3 No subscription required Medium CVE-2017-7555 Ubuntu 14.04 LTS It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3401-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: texlive-fonts-recommended-doc - 2013.20140215-1ubuntu0.1 texlive-pictures - 2013.20140215-1ubuntu0.1 texlive-full - 2013.20140215-1ubuntu0.1 texlive-luatex - 2013.20140215-1ubuntu0.1 texlive-pictures-doc - 2013.20140215-1ubuntu0.1 texlive-xetex - 2013.20140215-1ubuntu0.1 texlive-metapost - 2013.20140215-1ubuntu0.1 texlive-latex-base - 2013.20140215-1ubuntu0.1 texlive-fonts-recommended - 2013.20140215-1ubuntu0.1 texlive-latex-recommended-doc - 2013.20140215-1ubuntu0.1 texlive-omega - 2013.20140215-1ubuntu0.1 texlive-base - 2013.20140215-1ubuntu0.1 texlive-generic-recommended - 2013.20140215-1ubuntu0.1 texlive-metapost-doc - 2013.20140215-1ubuntu0.1 texlive-latex-base-doc - 2013.20140215-1ubuntu0.1 texlive - 2013.20140215-1ubuntu0.1 texlive-latex-recommended - 2013.20140215-1ubuntu0.1 No subscription required Medium CVE-2016-10243 Ubuntu 14.04 LTS Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. (CVE-2017-11714) Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739) Kim Gwan Yeong discovered an use-after-free vulnerability in Ghostscript. A remote attacker could use a crafted file to cause a denial of service. (CVE-2017-9612) Kim Gwan Yeong discovered a lack of integer overflow check in Ghostscript. A remote attacker could use crafted PostScript document to cause a denial of service. (CVE-2017-9835) Update Instructions: Run `sudo pro fix USN-3403-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.10 ghostscript-x - 9.10~dfsg-0ubuntu10.10 libgs-dev - 9.10~dfsg-0ubuntu10.10 ghostscript-doc - 9.10~dfsg-0ubuntu10.10 libgs9 - 9.10~dfsg-0ubuntu10.10 libgs9-common - 9.10~dfsg-0ubuntu10.10 No subscription required Medium CVE-2017-11714 CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 Ubuntu 14.04 LTS USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. (CVE-2017-7495) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541) It was discovered that the Linux kernel did not honor the UEFI secure boot mode when performing a kexec operation. A local attacker could use this to bypass secure boot restrictions. (CVE-2015-7837) Update Instructions: Run `sudo pro fix USN-3405-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-93-generic - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-powerpc64-emb - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-powerpc-e500mc - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-generic - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-powerpc64-smp - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-generic-lpae - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-lowlatency - 4.4.0-93.116~14.04.1 linux-image-4.4.0-93-powerpc-smp - 4.4.0-93.116~14.04.1 No subscription required Medium CVE-2015-7837 CVE-2017-11176 CVE-2017-7495 CVE-2017-7541 Ubuntu 14.04 LTS It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-7914) It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261) It was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. (CVE-2017-7495) It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616) Update Instructions: Run `sudo pro fix USN-3406-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-129-powerpc-e500 - 3.13.0-129.178 linux-image-3.13.0-129-generic - 3.13.0-129.178 linux-image-extra-3.13.0-129-generic - 3.13.0-129.178 linux-image-3.13.0-129-lowlatency - 3.13.0-129.178 linux-image-3.13.0-129-powerpc64-smp - 3.13.0-129.178 linux-image-3.13.0-129-powerpc-e500mc - 3.13.0-129.178 linux-image-3.13.0-129-powerpc64-emb - 3.13.0-129.178 linux-image-3.13.0-129-powerpc-smp - 3.13.0-129.178 linux-image-3.13.0-129-generic-lpae - 3.13.0-129.178 No subscription required Medium CVE-2016-7914 CVE-2017-7261 CVE-2017-7273 CVE-2017-7487 CVE-2017-7495 CVE-2017-7616 Ubuntu 14.04 LTS It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantange of this to access sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attacker can use this to denial of service or remote code execution. (CVE-2017-13739) It was discovered a stack-based buffer overflow in Liblouis. A remote attacker can use this to denial of service or possibly unspecified other impact. (CVE-2017-13740, CVE-2017-13742) Update Instructions: Run `sudo pro fix USN-3408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 2.5.3-2ubuntu1.1 liblouis2 - 2.5.3-2ubuntu1.1 python-louis - 2.5.3-2ubuntu1.1 liblouis-dev - 2.5.3-2ubuntu1.1 python3-louis - 2.5.3-2ubuntu1.1 liblouis-data - 2.5.3-2ubuntu1.1 No subscription required Medium CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13742 CVE-2017-13744 Ubuntu 14.04 LTS It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572) It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11571) It was discovered that FontForge was vulnerable to a heap-based buffer overflow. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11574) It was discovered that FontForge was vulnerable to a buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11575, CVE-2017-11577) It was discovered that FontForge wasn't correctly checking the sign of a vector size. A remote attacker could use a crafted file to DoS. (CVE-2017-11576) Update Instructions: Run `sudo pro fix USN-3409-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fontforge-common - 20120731.b-5ubuntu0.1 fontforge - 20120731.b-5ubuntu0.1 libfontforge-dev - 20120731.b-5ubuntu0.1 python-fontforge - 20120731.b-5ubuntu0.1 fontforge-nox - 20120731.b-5ubuntu0.1 libgdraw4 - 20120731.b-5ubuntu0.1 libfontforge1 - 20120731.b-5ubuntu0.1 No subscription required Medium CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 Ubuntu 14.04 LTS It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3410-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.8 libgd2-xpm-dev - 2.1.0-3ubuntu0.8 libgd-tools - 2.1.0-3ubuntu0.8 libgd2-noxpm-dev - 2.1.0-3ubuntu0.8 libgd-dev - 2.1.0-3ubuntu0.8 No subscription required Medium CVE-2017-6362 Ubuntu 14.04 LTS Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user. Update Instructions: Run `sudo pro fix USN-3411-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzr-doc - 2.6.0+bzr6593-1ubuntu1.6 python-bzrlib - 2.6.0+bzr6593-1ubuntu1.6 bzr - 2.6.0+bzr6593-1ubuntu1.6 python-bzrlib.tests - 2.6.0+bzr6593-1ubuntu1.6 No subscription required None https://launchpad.net/bugs/1710979 Ubuntu 14.04 LTS It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol (SDP) implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. (CVE-2017-1000250) Update Instructions: Run `sudo pro fix USN-3413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bluez-audio - 4.101-0ubuntu13.3 bluez-pcmcia-support - 4.101-0ubuntu13.3 libbluetooth3 - 4.101-0ubuntu13.3 bluez-utils - 4.101-0ubuntu13.3 bluez-alsa - 4.101-0ubuntu13.3 bluez-gstreamer - 4.101-0ubuntu13.3 bluetooth - 4.101-0ubuntu13.3 bluez-compat - 4.101-0ubuntu13.3 bluez - 4.101-0ubuntu13.3 bluez-cups - 4.101-0ubuntu13.3 libbluetooth-dev - 4.101-0ubuntu13.3 No subscription required High CVE-2017-1000250 Ubuntu 14.04 LTS Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330) Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374) Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375) Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503) It was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524) It was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664) Li Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806) Anthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911) Reno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434) Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809) Update Instructions: Run `sudo pro fix USN-3414-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.35 qemu-user-static - 2.0.0+dfsg-2ubuntu1.35 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.35 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.35 qemu-kvm - 2.0.0+dfsg-2ubuntu1.35 qemu-user - 2.0.0+dfsg-2ubuntu1.35 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.35 qemu-system - 2.0.0+dfsg-2ubuntu1.35 qemu-utils - 2.0.0+dfsg-2ubuntu1.35 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.35 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.35 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.35 qemu-common - 2.0.0+dfsg-2ubuntu1.35 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.35 qemu - 2.0.0+dfsg-2ubuntu1.35 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.35 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.35 No subscription required Medium CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11434 CVE-2017-12809 CVE-2017-7493 CVE-2017-8112 CVE-2017-8380 CVE-2017-9060 CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 CVE-2017-9524 Ubuntu 14.04 LTS USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330) Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374) Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375) Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503) It was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524) It was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664) Li Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806) Anthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911) Reno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434) Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809) Update Instructions: Run `sudo pro fix USN-3414-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.36 qemu-user-static - 2.0.0+dfsg-2ubuntu1.36 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.36 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.36 qemu-kvm - 2.0.0+dfsg-2ubuntu1.36 qemu-user - 2.0.0+dfsg-2ubuntu1.36 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.36 qemu-system - 2.0.0+dfsg-2ubuntu1.36 qemu-utils - 2.0.0+dfsg-2ubuntu1.36 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.36 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.36 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.36 qemu-common - 2.0.0+dfsg-2ubuntu1.36 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.36 qemu - 2.0.0+dfsg-2ubuntu1.36 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.36 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.36 No subscription required None https://launchpad.net/bugs/1718222 Ubuntu 14.04 LTS Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomäki discovered logic errors in different protocol parsers in tcpdump that could lead to an infinite loop. A remote attacker could use these to cause a denial of service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, CVE-2017-12997) Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomäki, Henri Salo, and Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in tcpdump. A remote attacker could use these to cause a denial of service (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725) Update Instructions: Run `sudo pro fix USN-3415-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.2-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin of modal alerts, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809) A buffer overflow was discovered when displaying SVG content in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7786) Update Instructions: Run `sudo pro fix USN-3416-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.3.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.3.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.3.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.3.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 Ubuntu 14.04 LTS It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2862) It was discovered that the GDK-PixBuf library did not properly handle certain tiff images. If an user or automated system were tricked into opening a specially crafted tiff file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2870) Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service. (CVE-2017-6311) Update Instructions: Run `sudo pro fix USN-3418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.30.7-0ubuntu1.7 libgdk-pixbuf2.0-common - 2.30.7-0ubuntu1.7 libgdk-pixbuf2.0-dev - 2.30.7-0ubuntu1.7 libgdk-pixbuf2.0-0-udeb - 2.30.7-0ubuntu1.7 libgdk-pixbuf2.0-doc - 2.30.7-0ubuntu1.7 gir1.2-gdkpixbuf-2.0 - 2.30.7-0ubuntu1.7 No subscription required Medium CVE-2017-2862 CVE-2017-2870 CVE-2017-6311 Ubuntu 14.04 LTS USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831) Update Instructions: Run `sudo pro fix USN-3420-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-96-generic - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc64-emb - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc-smp - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-lowlatency - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-generic-lpae - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-generic - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc-e500mc - 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc64-smp - 4.4.0-96.119~14.04.1 No subscription required High CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831 Ubuntu 14.04 LTS USN-3421-1 fixed a vulnerability in Libidn2. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Update Instructions: Run `sudo pro fix USN-3421-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libidn2-0-dev - 0.9-1ubuntu0.1~esm1 libidn2-0 - 0.9-1ubuntu0.1~esm1 idn2 - 0.9-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-14062 Ubuntu 14.04 LTS It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-10200) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the key management subsystem in the Linux kernel did not properly allocate memory in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8650) Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084) It was discovered that an information leak existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2016-9178) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) It was discovered that an integer overflow existed in the trace subsystem of the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2016-9754) Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970) Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214) It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346) It was discovered that the keyring implementation in the Linux kernel did not properly restrict searches for dead keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6951) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541) Update Instructions: Run `sudo pro fix USN-3422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-132-lowlatency - 3.13.0-132.181 linux-image-3.13.0-132-powerpc-e500mc - 3.13.0-132.181 linux-image-extra-3.13.0-132-generic - 3.13.0-132.181 linux-image-3.13.0-132-powerpc-e500 - 3.13.0-132.181 linux-image-3.13.0-132-generic - 3.13.0-132.181 linux-image-3.13.0-132-powerpc64-emb - 3.13.0-132.181 linux-image-3.13.0-132-powerpc-smp - 3.13.0-132.181 linux-image-3.13.0-132-powerpc64-smp - 3.13.0-132.181 linux-image-3.13.0-132-generic-lpae - 3.13.0-132.181 No subscription required High CVE-2016-10044 CVE-2016-10200 CVE-2016-7097 CVE-2016-8650 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9191 CVE-2016-9604 CVE-2016-9754 CVE-2017-1000251 CVE-2017-5970 CVE-2017-6214 CVE-2017-6346 CVE-2017-6951 CVE-2017-7187 CVE-2017-7472 CVE-2017-7541 Ubuntu 14.04 LTS It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050) Update Instructions: Run `sudo pro fix USN-3424-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.10 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.10 libxml2 - 2.9.1+dfsg1-3ubuntu4.10 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.10 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.10 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.10 No subscription required Medium CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Ubuntu 14.04 LTS Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed. Update Instructions: Run `sudo pro fix USN-3425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.18 libapache2-mod-macro - 1:2.4.7-1ubuntu4.18 No subscription required apache2-data - 2.4.7-1ubuntu4.18 apache2.2-bin - 2.4.7-1ubuntu4.18 apache2-utils - 2.4.7-1ubuntu4.18 apache2-dev - 2.4.7-1ubuntu4.18 apache2-mpm-worker - 2.4.7-1ubuntu4.18 apache2-suexec-custom - 2.4.7-1ubuntu4.18 apache2-suexec - 2.4.7-1ubuntu4.18 apache2 - 2.4.7-1ubuntu4.18 apache2-suexec-pristine - 2.4.7-1ubuntu4.18 apache2-doc - 2.4.7-1ubuntu4.18 apache2-mpm-prefork - 2.4.7-1ubuntu4.18 apache2-mpm-itk - 2.4.7-1ubuntu4.18 apache2-mpm-event - 2.4.7-1ubuntu4.18 apache2-bin - 2.4.7-1ubuntu4.18 No subscription required Medium CVE-2017-9798 Ubuntu 14.04 LTS Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2017-12151) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote attacker could possibly use this issue to obtain server memory contents. (CVE-2017-12163) Update Instructions: Run `sudo pro fix USN-3426-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.12 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.12 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.12 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.12 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.12 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.12 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.12 No subscription required Medium CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Ubuntu 14.04 LTS Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3427-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: emacs24-bin-common - 24.3+1-2ubuntu1.1 emacs24-lucid - 24.3+1-2ubuntu1.1 emacs24 - 24.3+1-2ubuntu1.1 emacs24-el - 24.3+1-2ubuntu1.1 emacs24-nox - 24.3+1-2ubuntu1.1 emacs24-common - 24.3+1-2ubuntu1.1 No subscription required Medium CVE-2017-14482 Ubuntu 14.04 LTS Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service. Update Instructions: Run `sudo pro fix USN-3429-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-plist - 1.10-1ubuntu0.1 libplist-doc - 1.10-1ubuntu0.1 libplist-utils - 1.10-1ubuntu0.1 libplist-dev - 1.10-1ubuntu0.1 libplist1 - 1.10-1ubuntu0.1 libplist++-dev - 1.10-1ubuntu0.1 libplist++1 - 1.10-1ubuntu0.1 No subscription required Medium CVE-2017-7982 Ubuntu 14.04 LTS Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14492) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14493) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496) Update Instructions: Run `sudo pro fix USN-3430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.68-1ubuntu0.2 dnsmasq-utils - 2.68-1ubuntu0.2 dnsmasq-base - 2.68-1ubuntu0.2 No subscription required High CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Ubuntu 14.04 LTS Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.3 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.3 libnss3 - 2:3.28.4-0ubuntu0.14.04.3 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.3 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.3 No subscription required Medium CVE-2017-7805 Ubuntu 14.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package. Update Instructions: Run `sudo pro fix USN-3432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20170717~14.04.1 No subscription required None https://launchpad.net/bugs/1719851 Ubuntu 14.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial service. This issue only affected Ubuntu 17.04. (CVE-2017-14517) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14519) Update Instructions: Run `sudo pro fix USN-3433-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.6 libpoppler-qt5-1 - 0.24.5-2ubuntu4.6 libpoppler-cpp-dev - 0.24.5-2ubuntu4.6 libpoppler-cpp0 - 0.24.5-2ubuntu4.6 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.6 libpoppler-dev - 0.24.5-2ubuntu4.6 libpoppler-glib8 - 0.24.5-2ubuntu4.6 libpoppler-private-dev - 0.24.5-2ubuntu4.6 libpoppler-qt4-dev - 0.24.5-2ubuntu4.6 libpoppler-glib-dev - 0.24.5-2ubuntu4.6 libpoppler-qt4-4 - 0.24.5-2ubuntu4.6 libpoppler44 - 0.24.5-2ubuntu4.6 libpoppler-qt5-dev - 0.24.5-2ubuntu4.6 libpoppler-glib-doc - 0.24.5-2ubuntu4.6 No subscription required Medium CVE-2017-14517 CVE-2017-14519 Ubuntu 14.04 LTS It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idn - 1.28-1ubuntu2.2 libidn11-dev - 1.28-1ubuntu2.2 libidn11-java - 1.28-1ubuntu2.2 libidn11 - 1.28-1ubuntu2.2 No subscription required Medium CVE-2017-14062 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821) Update Instructions: Run `sudo pro fix USN-3435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-nn - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-nb - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-fa - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-fi - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-fr - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-fy - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-or - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-kab - 56.0+build6-0ubuntu0.14.04.1 firefox-testsuite - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-oc - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-cs - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ga - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-gd - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-gn - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-gl - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-gu - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-pa - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-pl - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-cy - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-pt - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-hi - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ms - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-he - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-hy - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-hr - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-hu - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-it - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-as - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ar - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-az - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-id - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-mai - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-af - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-is - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-vi - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-an - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-bs - 56.0+build6-0ubuntu0.14.04.1 firefox - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ro - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ja - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ru - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-br - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-zh-hant - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-zh-hans - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-bn - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-be - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-bg - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-sl - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-sk - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-si - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-sw - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-sv - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-sr - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-sq - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ko - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-kn - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-km - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-kk - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ka - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-xh - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ca - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ku - 56.0+build6-0ubuntu0.14.04.1 firefox-mozsymbols - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-lv - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-lt - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-th - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-hsb - 56.0+build6-0ubuntu0.14.04.1 firefox-dev - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-te - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-cak - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ta - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-lg - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-tr - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-nso - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-de - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-da - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-uk - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-mr - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-my - 56.0+build6-0ubuntu0.14.04.1 firefox-globalmenu - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-uz - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ml - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-mn - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-mk - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ur - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-eu - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-et - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-es - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-csb - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-el - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-eo - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-en - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-zu - 56.0+build6-0ubuntu0.14.04.1 firefox-locale-ast - 56.0+build6-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7811 CVE-2017-7812 CVE-2017-7813 CVE-2017-7814 CVE-2017-7815 CVE-2017-7816 CVE-2017-7818 CVE-2017-7819 CVE-2017-7820 CVE-2017-7821 CVE-2017-7822 CVE-2017-7823 CVE-2017-7824 Ubuntu 14.04 LTS USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821) Update Instructions: Run `sudo pro fix USN-3435-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-nn - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-nb - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-fa - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-fi - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-fr - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-fy - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-or - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-kab - 56.0+build6-0ubuntu0.14.04.2 firefox-testsuite - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-oc - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-cs - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ga - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-gd - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-gn - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-gl - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-gu - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-pa - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-pl - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-cy - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-pt - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-hi - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ms - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-he - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-hy - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-hr - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-hu - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-it - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-as - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ar - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-az - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-id - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-mai - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-af - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-is - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-vi - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-an - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-bs - 56.0+build6-0ubuntu0.14.04.2 firefox - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ro - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ja - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ru - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-br - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-zh-hant - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-zh-hans - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-bn - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-be - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-bg - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-sl - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-sk - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-si - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-sw - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-sv - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-sr - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-sq - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ko - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-kn - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-km - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-kk - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ka - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-xh - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ca - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ku - 56.0+build6-0ubuntu0.14.04.2 firefox-mozsymbols - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-lv - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-lt - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-th - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-hsb - 56.0+build6-0ubuntu0.14.04.2 firefox-dev - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-te - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-cak - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ta - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-lg - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-tr - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-nso - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-de - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-da - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-uk - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-mr - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-my - 56.0+build6-0ubuntu0.14.04.2 firefox-globalmenu - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-uz - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ml - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-mn - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-mk - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ur - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-eu - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-et - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-es - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-csb - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-el - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-eo - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-en - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-zu - 56.0+build6-0ubuntu0.14.04.2 firefox-locale-ast - 56.0+build6-0ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1720908 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Update Instructions: Run `sudo pro fix USN-3436-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-bn - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-fr - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-en-us - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-es-es - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-nb-no - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-br - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-dsb - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-fy - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-vi - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-mk - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-bn-bd - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-hu - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-es-ar - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-be - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-bg - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ja - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-lt - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-sl - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-en-gb - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-cy - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-si - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-gnome-support - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-hr - 1:52.4.0+build1-0ubuntu0.14.04.2 xul-ext-calendar-timezones - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-de - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-en - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-da - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-nl - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-nn - 1:52.4.0+build1-0ubuntu0.14.04.2 xul-ext-lightning - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ga-ie - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-fy-nl - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-sv - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-pa-in - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-sr - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-sq - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-he - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-hsb - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-kab - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ar - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-uk - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-globalmenu - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-cn - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ta-lk - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ru - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-cs - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-mozsymbols - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-fi - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-testsuite - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ro - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-af - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-pt-pt - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-sk - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-dev - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-hy - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ca - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-sv-se - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-pt-br - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-el - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-pa - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-rm - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ka - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-nn-no - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ko - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ga - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ast - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-tr - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-it - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-pl - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-gd - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-tw - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-id - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-gl - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-nb - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-pt - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-eu - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-et - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-hant - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-hans - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-is - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-es - 1:52.4.0+build1-0ubuntu0.14.04.2 thunderbird-locale-ta - 1:52.4.0+build1-0ubuntu0.14.04.2 No subscription required Medium CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Ubuntu 14.04 LTS Radek Micek discovered that OCaml incorrectly handled sign extensions. A remote attacker could use this issue to cause applications using OCaml to crash, to possibly obtain sensitive information, or to possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3437-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ocaml-mode - 4.01.0-3ubuntu3.1 ocaml-base-nox - 4.01.0-3ubuntu3.1 ocaml-nox - 4.01.0-3ubuntu3.1 camlp4 - 4.01.0-3ubuntu3.1 ocaml - 4.01.0-3ubuntu3.1 camlp4-extra - 4.01.0-3ubuntu3.1 ocaml-source - 4.01.0-3ubuntu3.1 ocaml-native-compilers - 4.01.0-3ubuntu3.1 ocaml-compiler-libs - 4.01.0-3ubuntu3.1 ocaml-interp - 4.01.0-3ubuntu3.1 ocaml-base - 4.01.0-3ubuntu3.1 No subscription required Medium CVE-2015-8869 Ubuntu 14.04 LTS It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default. Update Instructions: Run `sudo pro fix USN-3438-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.7 gitweb - 1:1.9.1-1ubuntu0.7 git-gui - 1:1.9.1-1ubuntu0.7 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.7 git-arch - 1:1.9.1-1ubuntu0.7 git-bzr - 1:1.9.1-1ubuntu0.7 git-el - 1:1.9.1-1ubuntu0.7 gitk - 1:1.9.1-1ubuntu0.7 git-all - 1:1.9.1-1ubuntu0.7 git-mediawiki - 1:1.9.1-1ubuntu0.7 git-daemon-run - 1:1.9.1-1ubuntu0.7 git-man - 1:1.9.1-1ubuntu0.7 git-doc - 1:1.9.1-1ubuntu0.7 git-svn - 1:1.9.1-1ubuntu0.7 git-cvs - 1:1.9.1-1ubuntu0.7 git-core - 1:1.9.1-1ubuntu0.7 git-email - 1:1.9.1-1ubuntu0.7 No subscription required Medium CVE-2017-14867 Ubuntu 14.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. (CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-0900) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-14033) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information. (CVE-2017-14064) Update Instructions: Run `sudo pro fix USN-3439-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.5 ruby1.9.1-dev - 1.9.3.484-2ubuntu1.5 ri1.9.1 - 1.9.3.484-2ubuntu1.5 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.5 ruby1.9.1-full - 1.9.3.484-2ubuntu1.5 libruby1.9.1 - 1.9.3.484-2ubuntu1.5 ruby1.9.1 - 1.9.3.484-2ubuntu1.5 ruby1.9.3 - 1.9.3.484-2ubuntu1.5 No subscription required Medium CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Ubuntu 14.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 17.04 and 16.04. (CVE-2017-14926, CVE-2017-14928) Alberto Garcia, Francisco Oca and Suleman Ali discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-9776) Update Instructions: Run `sudo pro fix USN-3440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.7 libpoppler-qt5-1 - 0.24.5-2ubuntu4.7 libpoppler-cpp-dev - 0.24.5-2ubuntu4.7 libpoppler-cpp0 - 0.24.5-2ubuntu4.7 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.7 libpoppler-dev - 0.24.5-2ubuntu4.7 libpoppler-glib8 - 0.24.5-2ubuntu4.7 libpoppler-private-dev - 0.24.5-2ubuntu4.7 libpoppler-qt4-dev - 0.24.5-2ubuntu4.7 libpoppler-glib-dev - 0.24.5-2ubuntu4.7 libpoppler-qt4-4 - 0.24.5-2ubuntu4.7 libpoppler44 - 0.24.5-2ubuntu4.7 libpoppler-qt5-dev - 0.24.5-2ubuntu4.7 libpoppler-glib-doc - 0.24.5-2ubuntu4.7 No subscription required Medium CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14926 CVE-2017-14928 CVE-2017-14929 CVE-2017-14975 CVE-2017-14977 CVE-2017-9776 Ubuntu 14.04 LTS Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000101) Max Dymond discovered that curl incorrectly handled FTP PWD responses. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service. (CVE-2017-1000254) Brian Carpenter discovered that curl incorrectly handled the --write-out command line option. A local attacker could possibly use this issue to obtain sensitive memory contents. (CVE-2017-7407) Update Instructions: Run `sudo pro fix USN-3441-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.11 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.11 libcurl4-openssl-dev - 7.35.0-1ubuntu2.11 libcurl3-gnutls - 7.35.0-1ubuntu2.11 libcurl3-udeb - 7.35.0-1ubuntu2.11 libcurl4-doc - 7.35.0-1ubuntu2.11 libcurl3-nss - 7.35.0-1ubuntu2.11 libcurl4-nss-dev - 7.35.0-1ubuntu2.11 libcurl3 - 7.35.0-1ubuntu2.11 curl - 7.35.0-1ubuntu2.11 No subscription required Medium CVE-2016-9586 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-7407 Ubuntu 14.04 LTS It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13720) It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13722) Update Instructions: Run `sudo pro fix USN-3442-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfont1 - 1:1.4.7-1ubuntu0.3 libxfont1-udeb - 1:1.4.7-1ubuntu0.3 libxfont-dev - 1:1.4.7-1ubuntu0.3 No subscription required Medium CVE-2017-13720 CVE-2017-13722 Ubuntu 14.04 LTS USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140) Update Instructions: Run `sudo pro fix USN-3444-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-97-generic - 4.4.0-97.120~14.04.1 linux-image-4.4.0-97-generic-lpae - 4.4.0-97.120~14.04.1 linux-image-extra-4.4.0-97-generic - 4.4.0-97.120~14.04.1 linux-image-4.4.0-97-lowlatency - 4.4.0-97.120~14.04.1 linux-image-4.4.0-97-powerpc-smp - 4.4.0-97.120~14.04.1 linux-image-4.4.0-97-powerpc64-emb - 4.4.0-97.120~14.04.1 linux-image-4.4.0-97-powerpc64-smp - 4.4.0-97.120~14.04.1 linux-image-4.4.0-97-powerpc-e500mc - 4.4.0-97.120~14.04.1 No subscription required Medium CVE-2017-12134 CVE-2017-14106 CVE-2017-14140 Ubuntu 14.04 LTS Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Update Instructions: Run `sudo pro fix USN-3445-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-133-powerpc64-smp - 3.13.0-133.182 linux-image-3.13.0-133-powerpc-e500mc - 3.13.0-133.182 linux-image-3.13.0-133-powerpc-e500 - 3.13.0-133.182 linux-image-3.13.0-133-generic-lpae - 3.13.0-133.182 linux-image-3.13.0-133-powerpc-smp - 3.13.0-133.182 linux-image-extra-3.13.0-133-generic - 3.13.0-133.182 linux-image-3.13.0-133-lowlatency - 3.13.0-133.182 linux-image-3.13.0-133-powerpc64-emb - 3.13.0-133.182 linux-image-3.13.0-133-generic - 3.13.0-133.182 No subscription required Medium CVE-2016-8633 CVE-2017-14106 Ubuntu 14.04 LTS Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. (CVE-2015-5251) Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly handled the storage quota. A remote authenticated user could use this issue to consume disk resources, leading to a denial of service. (CVE-2015-5286) Erno Kuvaja discovered that OpenStack Glance incorrectly handled the show_multiple_locations option. When show_multiple_locations is enabled, a remote authenticated user could change an image status and upload new image data. (CVE-2016-0757) Update Instructions: Run `sudo pro fix USN-3446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glance-api - 1:2014.1.5-0ubuntu1.1 python-glance-doc - 1:2014.1.5-0ubuntu1.1 glance-common - 1:2014.1.5-0ubuntu1.1 python-glance - 1:2014.1.5-0ubuntu1.1 glance - 1:2014.1.5-0ubuntu1.1 glance-registry - 1:2014.1.5-0ubuntu1.1 No subscription required Medium CVE-2015-5251 CVE-2015-5286 CVE-2016-0757 Ubuntu 14.04 LTS Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting (XSS) attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form. Update Instructions: Run `sudo pro fix USN-3447-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openstack-dashboard - 1:2014.1.5-0ubuntu2.1 python-django-horizon - 1:2014.1.5-0ubuntu2.1 python-django-openstack - 1:2014.1.5-0ubuntu2.1 openstack-dashboard-ubuntu-theme - 1:2014.1.5-0ubuntu2.1 No subscription required Medium CVE-2016-4428 Ubuntu 14.04 LTS George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280) It was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162) Matthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548) Sreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713) Matt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749) Matthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140) Update Instructions: Run `sudo pro fix USN-3449-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 1:2014.1.5-0ubuntu1.7 nova-common - 1:2014.1.5-0ubuntu1.7 nova-compute-xen - 1:2014.1.5-0ubuntu1.7 nova-api-os-compute - 1:2014.1.5-0ubuntu1.7 nova-objectstore - 1:2014.1.5-0ubuntu1.7 nova-novncproxy - 1:2014.1.5-0ubuntu1.7 nova-api-os-volume - 1:2014.1.5-0ubuntu1.7 nova-compute-lxc - 1:2014.1.5-0ubuntu1.7 nova-consoleauth - 1:2014.1.5-0ubuntu1.7 python-nova - 1:2014.1.5-0ubuntu1.7 nova-network - 1:2014.1.5-0ubuntu1.7 nova-api-ec2 - 1:2014.1.5-0ubuntu1.7 nova-api-metadata - 1:2014.1.5-0ubuntu1.7 nova-compute-kvm - 1:2014.1.5-0ubuntu1.7 nova-xvpvncproxy - 1:2014.1.5-0ubuntu1.7 nova-doc - 1:2014.1.5-0ubuntu1.7 nova-conductor - 1:2014.1.5-0ubuntu1.7 nova-volume - 1:2014.1.5-0ubuntu1.7 nova-compute-vmware - 1:2014.1.5-0ubuntu1.7 nova-spiceproxy - 1:2014.1.5-0ubuntu1.7 nova-scheduler - 1:2014.1.5-0ubuntu1.7 nova-console - 1:2014.1.5-0ubuntu1.7 nova-ajax-console-proxy - 1:2014.1.5-0ubuntu1.7 nova-cert - 1:2014.1.5-0ubuntu1.7 nova-baremetal - 1:2014.1.5-0ubuntu1.7 nova-compute - 1:2014.1.5-0ubuntu1.7 nova-compute-libvirt - 1:2014.1.5-0ubuntu1.7 nova-compute-qemu - 1:2014.1.5-0ubuntu1.7 nova-cells - 1:2014.1.5-0ubuntu1.7 No subscription required Medium CVE-2015-3241 CVE-2015-3280 CVE-2015-5162 CVE-2015-7548 CVE-2015-7713 CVE-2015-8749 CVE-2016-2140 Ubuntu 14.04 LTS It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. (CVE-2015-5223) Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly closed client connections. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2016-0737, CVE-2016-0738) Update Instructions: Run `sudo pro fix USN-3451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: swift-account - 1.13.1-0ubuntu1.5 python-swift - 1.13.1-0ubuntu1.5 swift-doc - 1.13.1-0ubuntu1.5 swift-proxy - 1.13.1-0ubuntu1.5 swift-container - 1.13.1-0ubuntu1.5 swift - 1.13.1-0ubuntu1.5 swift-object-expirer - 1.13.1-0ubuntu1.5 swift-object - 1.13.1-0ubuntu1.5 No subscription required Medium CVE-2015-5223 CVE-2016-0737 CVE-2016-0738 Ubuntu 14.04 LTS It was discovered that Ceph incorrectly handled the handle_command function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacker could possibly use this issue to list bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objects with null conditions. A remote attacker could possibly use this issue to cuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Origin headers. A remote attacker could possibly use this issue to cuase Ceph to crash, resulting in a denial of service. (CVE-2016-9579) Update Instructions: Run `sudo pro fix USN-3452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph-fs-common - 0.80.11-0ubuntu1.14.04.3 ceph-mds - 0.80.11-0ubuntu1.14.04.3 librbd-dev - 0.80.11-0ubuntu1.14.04.3 rbd-fuse - 0.80.11-0ubuntu1.14.04.3 librbd1 - 0.80.11-0ubuntu1.14.04.3 librados-dev - 0.80.11-0ubuntu1.14.04.3 ceph-fuse - 0.80.11-0ubuntu1.14.04.3 python-ceph - 0.80.11-0ubuntu1.14.04.3 ceph-common - 0.80.11-0ubuntu1.14.04.3 libcephfs-java - 0.80.11-0ubuntu1.14.04.3 ceph - 0.80.11-0ubuntu1.14.04.3 libcephfs-dev - 0.80.11-0ubuntu1.14.04.3 ceph-resource-agents - 0.80.11-0ubuntu1.14.04.3 rest-bench - 0.80.11-0ubuntu1.14.04.3 radosgw - 0.80.11-0ubuntu1.14.04.3 librados2 - 0.80.11-0ubuntu1.14.04.3 ceph-test - 0.80.11-0ubuntu1.14.04.3 libcephfs-jni - 0.80.11-0ubuntu1.14.04.3 libcephfs1 - 0.80.11-0ubuntu1.14.04.3 No subscription required Medium CVE-2016-5009 CVE-2016-7031 CVE-2016-8626 CVE-2016-9579 Ubuntu 14.04 LTS Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session. (CVE-2017-13721) Michal Srb discovered that the X.Org X server incorrectly handled XKB buffers. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code. (CVE-2017-13723) Update Instructions: Run `sudo pro fix USN-3453-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.10 xorg-server-source - 2:1.15.1-0ubuntu2.10 xdmx - 2:1.15.1-0ubuntu2.10 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.10 xserver-xorg-dev - 2:1.15.1-0ubuntu2.10 xvfb - 2:1.15.1-0ubuntu2.10 xnest - 2:1.15.1-0ubuntu2.10 xserver-common - 2:1.15.1-0ubuntu2.10 xserver-xephyr - 2:1.15.1-0ubuntu2.10 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.10 xdmx-tools - 2:1.15.1-0ubuntu2.10 No subscription required xserver-xephyr-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty3 xserver-xorg-core-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty3 xserver-xorg-dev-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty3 xwayland-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty3 xorg-server-source-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty3 No subscription required Medium CVE-2017-13721 CVE-2017-13723 Ubuntu 14.04 LTS It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code. Update Instructions: Run `sudo pro fix USN-3454-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libffi6-udeb - 3.1~rc1+r3.0.13-12ubuntu0.2 libffi6 - 3.1~rc1+r3.0.13-12ubuntu0.2 libffi-dev - 3.1~rc1+r3.0.13-12ubuntu0.2 No subscription required Medium CVE-2017-1000376 Ubuntu 14.04 LTS Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update Instructions: Run `sudo pro fix USN-3455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.5 No subscription required wpagui - 2.1-0ubuntu1.5 wpasupplicant-udeb - 2.1-0ubuntu1.5 wpasupplicant - 2.1-0ubuntu1.5 No subscription required High CVE-2016-4476 CVE-2016-4477 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 Ubuntu 14.04 LTS It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11 xorg-server-source - 2:1.15.1-0ubuntu2.11 xdmx - 2:1.15.1-0ubuntu2.11 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11 xvfb - 2:1.15.1-0ubuntu2.11 xnest - 2:1.15.1-0ubuntu2.11 xserver-common - 2:1.15.1-0ubuntu2.11 xserver-xephyr - 2:1.15.1-0ubuntu2.11 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.11 xdmx-tools - 2:1.15.1-0ubuntu2.11 No subscription required xserver-xephyr-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty4 xserver-xorg-core-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty4 xserver-xorg-dev-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty4 xwayland-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty4 xorg-server-source-lts-xenial - 2:1.18.3-1ubuntu2.3~trusty4 No subscription required Medium CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 Ubuntu 14.04 LTS Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3457-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.12 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.12 libcurl4-openssl-dev - 7.35.0-1ubuntu2.12 libcurl3-gnutls - 7.35.0-1ubuntu2.12 libcurl3-udeb - 7.35.0-1ubuntu2.12 libcurl4-doc - 7.35.0-1ubuntu2.12 libcurl3-nss - 7.35.0-1ubuntu2.12 libcurl4-nss-dev - 7.35.0-1ubuntu2.12 libcurl3 - 7.35.0-1ubuntu2.12 curl - 7.35.0-1ubuntu2.12 No subscription required Medium CVE-2017-1000257 Ubuntu 14.04 LTS It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3458-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.7 libicu52 - 52.1-3ubuntu0.7 libicu-dev - 52.1-3ubuntu0.7 icu-doc - 52.1-3ubuntu0.7 No subscription required Medium CVE-2017-14952 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Update Instructions: Run `sudo pro fix USN-3459-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.58-0ubuntu0.14.04.1 mysql-client - 5.5.58-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.58-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.58-0ubuntu0.14.04.1 libmysqld-pic - 5.5.58-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.58-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.58-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.58-0ubuntu0.14.04.1 mysql-common - 5.5.58-0ubuntu0.14.04.1 mysql-server - 5.5.58-0ubuntu0.14.04.1 mysql-testsuite - 5.5.58-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.58-0ubuntu0.14.04.1 libmysqld-dev - 5.5.58-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.58-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-10155 CVE-2017-10165 CVE-2017-10167 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10311 CVE-2017-10313 CVE-2017-10314 CVE-2017-10320 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Update Instructions: Run `sudo pro fix USN-3461-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-opencl-icd-384 - 384.90-0ubuntu0.14.04.1 nvidia-libopencl1-375 - 384.90-0ubuntu0.14.04.1 nvidia-375-dev - 384.90-0ubuntu0.14.04.1 nvidia-libopencl1-384 - 384.90-0ubuntu0.14.04.1 nvidia-384-dev - 384.90-0ubuntu0.14.04.1 nvidia-opencl-icd-375 - 384.90-0ubuntu0.14.04.1 libcuda1-384 - 384.90-0ubuntu0.14.04.1 nvidia-384 - 384.90-0ubuntu0.14.04.1 libcuda1-375 - 384.90-0ubuntu0.14.04.1 nvidia-375 - 384.90-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-6257 CVE-2017-6259 CVE-2017-6266 CVE-2017-6267 CVE-2017-6272 Ubuntu 14.04 LTS Jan Pokorný and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. (CVE-2016-7035) Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7797) Update Instructions: Run `sudo pro fix USN-3462-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libstonithd2-dev - 1.1.10+git20130802-1ubuntu2.4 pacemaker-remote - 1.1.10+git20130802-1ubuntu2.4 libcib3-dev - 1.1.10+git20130802-1ubuntu2.4 libpe-rules2-dev - 1.1.10+git20130802-1ubuntu2.4 libpengine4-dev - 1.1.10+git20130802-1ubuntu2.4 pacemaker-cli-utils - 1.1.10+git20130802-1ubuntu2.4 libcrmcluster4-dev - 1.1.10+git20130802-1ubuntu2.4 libtransitioner2-dev - 1.1.10+git20130802-1ubuntu2.4 libpe-status4-dev - 1.1.10+git20130802-1ubuntu2.4 libstonithd2 - 1.1.10+git20130802-1ubuntu2.4 libcrmcluster4 - 1.1.10+git20130802-1ubuntu2.4 libcrmcommon3-dev - 1.1.10+git20130802-1ubuntu2.4 libpe-status4 - 1.1.10+git20130802-1ubuntu2.4 libcrmcommon3 - 1.1.10+git20130802-1ubuntu2.4 libcrmservice1 - 1.1.10+git20130802-1ubuntu2.4 libcrmservice1-dev - 1.1.10+git20130802-1ubuntu2.4 pacemaker - 1.1.10+git20130802-1ubuntu2.4 liblrmd1-dev - 1.1.10+git20130802-1ubuntu2.4 libpe-rules2 - 1.1.10+git20130802-1ubuntu2.4 pacemaker-dev - 1.1.10+git20130802-1ubuntu2.4 liblrmd1 - 1.1.10+git20130802-1ubuntu2.4 libtransitioner2 - 1.1.10+git20130802-1ubuntu2.4 libcib3 - 1.1.10+git20130802-1ubuntu2.4 libpengine4 - 1.1.10+git20130802-1ubuntu2.4 No subscription required Medium CVE-2016-7035 CVE-2016-7797 Ubuntu 14.04 LTS It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message. Update Instructions: Run `sudo pro fix USN-3463-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-werkzeug - 0.9.4+dfsg-1.1ubuntu2.1 python-werkzeug - 0.9.4+dfsg-1.1ubuntu2.1 python-werkzeug-doc - 0.9.4+dfsg-1.1ubuntu2.1 No subscription required Medium CVE-2016-10516 Ubuntu 14.04 LTS Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098) Orange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508) Update Instructions: Run `sudo pro fix USN-3464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.15-1ubuntu1.14.04.3 wget-udeb - 1.15-1ubuntu1.14.04.3 No subscription required Medium CVE-2016-7098 CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 Ubuntu 14.04 LTS Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966) Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15227) Hanno Böck discovered that Irssi incorrectly handled themes. If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228) Joseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721) Joseph Bisch discovered that Irssi incorrectly handled certain channel IDs. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722) Joseph Bisch discovered that Irssi incorrectly handled certain long nicks or targets. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723) Update Instructions: Run `sudo pro fix USN-3465-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.15-5ubuntu3.3 irssi - 0.8.15-5ubuntu3.3 No subscription required Medium CVE-2017-10965 CVE-2017-10966 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 Ubuntu 14.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Update Instructions: Run `sudo pro fix USN-3467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.8 libpoppler-qt5-1 - 0.24.5-2ubuntu4.8 libpoppler-cpp-dev - 0.24.5-2ubuntu4.8 libpoppler-cpp0 - 0.24.5-2ubuntu4.8 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.8 libpoppler-dev - 0.24.5-2ubuntu4.8 libpoppler-glib8 - 0.24.5-2ubuntu4.8 libpoppler-private-dev - 0.24.5-2ubuntu4.8 libpoppler-qt4-dev - 0.24.5-2ubuntu4.8 libpoppler-glib-dev - 0.24.5-2ubuntu4.8 libpoppler-qt4-4 - 0.24.5-2ubuntu4.8 libpoppler44 - 0.24.5-2ubuntu4.8 libpoppler-qt5-dev - 0.24.5-2ubuntu4.8 libpoppler-glib-doc - 0.24.5-2ubuntu4.8 No subscription required Medium CVE-2017-15565 Ubuntu 14.04 LTS USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task's extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15537) Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985) Update Instructions: Run `sudo pro fix USN-3469-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-98-generic - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-generic-lpae - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-powerpc64-emb - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-generic - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-powerpc-smp - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-powerpc64-smp - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-lowlatency - 4.4.0-98.121~14.04.1 linux-image-4.4.0-98-powerpc-e500mc - 4.4.0-98.121~14.04.1 No subscription required Medium CVE-2017-10911 CVE-2017-12153 CVE-2017-12154 CVE-2017-12192 CVE-2017-14051 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-14991 CVE-2017-15537 CVE-2017-9984 CVE-2017-9985 Ubuntu 14.04 LTS Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632) Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10661) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) Update Instructions: Run `sudo pro fix USN-3470-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-135-lowlatency - 3.13.0-135.184 linux-image-3.13.0-135-powerpc-e500 - 3.13.0-135.184 linux-image-3.13.0-135-generic - 3.13.0-135.184 linux-image-3.13.0-135-powerpc-smp - 3.13.0-135.184 linux-image-3.13.0-135-powerpc-e500mc - 3.13.0-135.184 linux-image-extra-3.13.0-135-generic - 3.13.0-135.184 linux-image-3.13.0-135-generic-lpae - 3.13.0-135.184 linux-image-3.13.0-135-powerpc64-emb - 3.13.0-135.184 linux-image-3.13.0-135-powerpc64-smp - 3.13.0-135.184 No subscription required Medium CVE-2016-8632 CVE-2017-10661 CVE-2017-10662 CVE-2017-10663 CVE-2017-10911 CVE-2017-11176 CVE-2017-14340 Ubuntu 14.04 LTS Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. (CVE-2017-16227) Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-5495) Update Instructions: Run `sudo pro fix USN-3471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.22.4-3ubuntu1.4 quagga-doc - 0.99.22.4-3ubuntu1.4 No subscription required Medium CVE-2017-16227 CVE-2017-5495 Ubuntu 14.04 LTS Marcin Noga discovered that LibreOffice incorrectly handled PPT documents. If a user were tricked into opening a specially crafted PPT document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2017-12607) Marcin Noga discovered that LibreOffice incorrectly handled Word documents. If a user were tricked into opening a specially crafted Word document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2017-12608) Update Instructions: Run `sudo pro fix USN-3472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu5.2 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu5.2 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu5.2 libreoffice-impress - 1:4.2.8-0ubuntu5.2 libreoffice-officebean - 1:4.2.8-0ubuntu5.2 libreoffice-base - 1:4.2.8-0ubuntu5.2 libreoffice-librelogo - 1:4.2.8-0ubuntu5.2 libreoffice-java-common - 1:4.2.8-0ubuntu5.2 browser-plugin-libreoffice - 1:4.2.8-0ubuntu5.2 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu5.2 libreoffice-style-tango - 1:4.2.8-0ubuntu5.2 libreoffice-style-crystal - 1:4.2.8-0ubuntu5.2 libreoffice-kde - 1:4.2.8-0ubuntu5.2 libreoffice-l10n-ku - 1:4.2.8-0ubuntu5.2 libreoffice-style-galaxy - 1:4.2.8-0ubuntu5.2 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu5.2 libreoffice-core - 1:4.2.8-0ubuntu5.2 libreoffice-presenter-console - 1:4.2.8-0ubuntu5.2 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu5.2 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu5.2 libreoffice-script-provider-python - 1:4.2.8-0ubuntu5.2 libreoffice-common - 1:4.2.8-0ubuntu5.2 libreoffice-gnome - 1:4.2.8-0ubuntu5.2 libreoffice-dev - 1:4.2.8-0ubuntu5.2 libreoffice-gtk3 - 1:4.2.8-0ubuntu5.2 libreoffice-report-builder - 1:4.2.8-0ubuntu5.2 libreoffice-pdfimport - 1:4.2.8-0ubuntu5.2 libreoffice-base-core - 1:4.2.8-0ubuntu5.2 libreoffice-ogltrans - 1:4.2.8-0ubuntu5.2 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu5.2 libreoffice-gtk - 1:4.2.8-0ubuntu5.2 libreoffice-calc - 1:4.2.8-0ubuntu5.2 libreoffice-base-drivers - 1:4.2.8-0ubuntu5.2 libreoffice-style-oxygen - 1:4.2.8-0ubuntu5.2 libreoffice-emailmerge - 1:4.2.8-0ubuntu5.2 libreoffice-style-human - 1:4.2.8-0ubuntu5.2 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu5.2 python3-uno - 1:4.2.8-0ubuntu5.2 libreoffice-math - 1:4.2.8-0ubuntu5.2 libreoffice-writer - 1:4.2.8-0ubuntu5.2 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu5.2 libreoffice-script-provider-js - 1:4.2.8-0ubuntu5.2 libreoffice - 1:4.2.8-0ubuntu5.2 libreoffice-draw - 1:4.2.8-0ubuntu5.2 libreoffice-style-sifr - 1:4.2.8-0ubuntu5.2 libreoffice-dev-doc - 1:4.2.8-0ubuntu5.2 libreoffice-l10n-in - 1:4.2.8-0ubuntu5.2 libreoffice-l10n-za - 1:4.2.8-0ubuntu5.2 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu5.2 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu5.2 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu5.2 No subscription required uno-libs3 - 4.2.8-0ubuntu5.2 ure - 4.2.8-0ubuntu5.2 No subscription required Medium CVE-2017-12607 CVE-2017-12608 Ubuntu 14.04 LTS Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service or potentially execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 2.5.3-2ubuntu1.2 liblouis2 - 2.5.3-2ubuntu1.2 python-louis - 2.5.3-2ubuntu1.2 liblouis-dev - 2.5.3-2ubuntu1.2 python3-louis - 2.5.3-2ubuntu1.2 liblouis-data - 2.5.3-2ubuntu1.2 No subscription required Medium CVE-2014-8184 Ubuntu 14.04 LTS It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736) Update Instructions: Run `sudo pro fix USN-3475-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.23 libssl-dev - 1.0.1f-1ubuntu2.23 openssl - 1.0.1f-1ubuntu2.23 libssl-doc - 1.0.1f-1ubuntu2.23 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.23 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.23 No subscription required Medium CVE-2017-3735 CVE-2017-3736 Ubuntu 14.04 LTS Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. (CVE-2017-8806) Update Instructions: Run `sudo pro fix USN-3476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-all - 154ubuntu1.1 postgresql-client-common - 154ubuntu1.1 postgresql-common - 154ubuntu1.1 No subscription required postgresql - 9.3+154ubuntu1.1 postgresql-contrib - 9.3+154ubuntu1.1 postgresql-doc - 9.3+154ubuntu1.1 postgresql-client - 9.3+154ubuntu1.1 No subscription required Medium CVE-2016-1255 CVE-2017-8806 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-nn - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-nb - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-fa - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-fi - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-fr - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-fy - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-or - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-kab - 57.0+build4-0ubuntu0.14.04.4 firefox-testsuite - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-oc - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-cs - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ga - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-gd - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-gn - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-gl - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-gu - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-pa - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-pl - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-cy - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-pt - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-hi - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ms - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-he - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-hy - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-hr - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-hu - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-it - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-as - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ar - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-az - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-id - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-mai - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-af - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-is - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-vi - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-an - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-bs - 57.0+build4-0ubuntu0.14.04.4 firefox - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ro - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ja - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ru - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-br - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-zh-hant - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-zh-hans - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-bn - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-be - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-bg - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-sl - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-sk - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-si - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-sw - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-sv - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-sr - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-sq - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ko - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-kn - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-km - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-kk - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ka - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-xh - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ca - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ku - 57.0+build4-0ubuntu0.14.04.4 firefox-mozsymbols - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-lv - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-lt - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-th - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-hsb - 57.0+build4-0ubuntu0.14.04.4 firefox-dev - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-te - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-cak - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ta - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-lg - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-tr - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-nso - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-de - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-da - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-uk - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-mr - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-my - 57.0+build4-0ubuntu0.14.04.4 firefox-globalmenu - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-uz - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ml - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-mn - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-mk - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ur - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-eu - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-et - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-es - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-csb - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-el - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-eo - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-en - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-zu - 57.0+build4-0ubuntu0.14.04.4 firefox-locale-ast - 57.0+build4-0ubuntu0.14.04.4 No subscription required Medium CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 CVE-2017-7840 CVE-2017-7842 Ubuntu 14.04 LTS USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-nn - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-nb - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-fa - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-fi - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-fr - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-fy - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-or - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-kab - 57.0+build4-0ubuntu0.14.04.5 firefox-testsuite - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-oc - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-cs - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ga - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-gd - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-gn - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-gl - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-gu - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-pa - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-pl - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-cy - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-pt - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-hi - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ms - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-he - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-hy - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-hr - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-hu - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-it - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-as - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ar - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-az - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-id - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-mai - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-af - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-is - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-vi - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-an - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-bs - 57.0+build4-0ubuntu0.14.04.5 firefox - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ro - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ja - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ru - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-br - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-zh-hant - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-zh-hans - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-bn - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-be - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-bg - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-sl - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-sk - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-si - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-sw - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-sv - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-sr - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-sq - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ko - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-kn - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-km - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-kk - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ka - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-xh - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ca - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ku - 57.0+build4-0ubuntu0.14.04.5 firefox-mozsymbols - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-lv - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-lt - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-th - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-hsb - 57.0+build4-0ubuntu0.14.04.5 firefox-dev - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-te - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-cak - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ta - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-lg - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-tr - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-nso - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-de - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-da - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-uk - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-mr - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-my - 57.0+build4-0ubuntu0.14.04.5 firefox-globalmenu - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-uz - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ml - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-mn - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-mk - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ur - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-eu - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-et - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-es - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-csb - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-el - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-eo - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-en - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-zu - 57.0+build4-0ubuntu0.14.04.5 firefox-locale-ast - 57.0+build4-0ubuntu0.14.04.5 No subscription required None https://launchpad.net/bugs/1733970 Ubuntu 14.04 LTS USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kab - 57.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gn - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 57.0.1+build2-0ubuntu0.14.04.1 firefox - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 57.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 57.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cak - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-my - 57.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ur - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 57.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 57.0.1+build2-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1735801 Ubuntu 14.04 LTS USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nn - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nb - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fa - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fi - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fr - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fy - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-or - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kab - 57.0.3+build1-0ubuntu0.14.04.1 firefox-testsuite - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-oc - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cs - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ga - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gd - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gn - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gl - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gu - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pa - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pl - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cy - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pt - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hi - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ms - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-he - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hy - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hr - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hu - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-it - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-as - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ar - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-az - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-id - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mai - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-af - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-is - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-vi - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-an - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bs - 57.0.3+build1-0ubuntu0.14.04.1 firefox - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ro - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ja - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ru - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-br - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bn - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-be - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bg - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sl - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sk - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-si - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sw - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sv - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sr - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sq - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ko - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kn - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-km - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kk - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ka - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-xh - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ca - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ku - 57.0.3+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lv - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lt - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-th - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 57.0.3+build1-0ubuntu0.14.04.1 firefox-dev - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-te - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cak - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ta - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lg - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-tr - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nso - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-de - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-da - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uk - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mr - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-my - 57.0.3+build1-0ubuntu0.14.04.1 firefox-globalmenu - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uz - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ml - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mn - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mk - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ur - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eu - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-et - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-es - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-csb - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-el - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eo - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-en - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zu - 57.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ast - 57.0.3+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1741048 Ubuntu 14.04 LTS Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12837, CVE-2017-12883) Update Instructions: Run `sudo pro fix USN-3478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.3 perl-doc - 5.18.2-2ubuntu1.3 libperl5.18 - 5.18.2-2ubuntu1.3 perl-base - 5.18.2-2ubuntu1.3 perl-modules - 5.18.2-2ubuntu1.3 libcgi-fast-perl - 5.18.2-2ubuntu1.3 perl - 5.18.2-2ubuntu1.3 perl-debug - 5.18.2-2ubuntu1.3 No subscription required Medium CVE-2017-12837 CVE-2017-12883 Ubuntu 14.04 LTS David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098) Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT ... ON CONFLICT DO UPDATE commands. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. Update Instructions: Run `sudo pro fix USN-3479-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.20-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.20-0ubuntu0.14.04 postgresql-9.3 - 9.3.20-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.20-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.20-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.20-0ubuntu0.14.04 libecpg6 - 9.3.20-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.20-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.20-0ubuntu0.14.04 libpgtypes3 - 9.3.20-0ubuntu0.14.04 libecpg-dev - 9.3.20-0ubuntu0.14.04 libpq-dev - 9.3.20-0ubuntu0.14.04 libpq5 - 9.3.20-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.20-0ubuntu0.14.04 libecpg-compat3 - 9.3.20-0ubuntu0.14.04 No subscription required Medium CVE-2017-15098 CVE-2017-15099 Ubuntu 14.04 LTS Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180) Update Instructions: Run `sudo pro fix USN-3480-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.27 python3-problem-report - 2.14.1-0ubuntu3.27 apport-kde - 2.14.1-0ubuntu3.27 apport-retrace - 2.14.1-0ubuntu3.27 apport-valgrind - 2.14.1-0ubuntu3.27 python3-apport - 2.14.1-0ubuntu3.27 dh-apport - 2.14.1-0ubuntu3.27 apport-gtk - 2.14.1-0ubuntu3.27 apport - 2.14.1-0ubuntu3.27 python-problem-report - 2.14.1-0ubuntu3.27 apport-noui - 2.14.1-0ubuntu3.27 No subscription required High CVE-2017-14177 CVE-2017-14180 Ubuntu 14.04 LTS Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: procmail - 3.22-21ubuntu0.2 No subscription required High CVE-2017-16844 Ubuntu 14.04 LTS USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Eric Biggers discovered a race condition in the key management subsystem of the Linux kernel around keys in a negative state. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951) Andrey Konovalov discovered a use-after-free vulnerability in the USB serial console driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16525) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB unattached storage driver in the Linux kernel contained out-of-bounds error when handling alternative settings. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16530) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate CDC metadata. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16534) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Update Instructions: Run `sudo pro fix USN-3485-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-101-generic-lpae - 4.4.0-101.124~14.04.1 linux-image-4.4.0-101-powerpc-smp - 4.4.0-101.124~14.04.1 linux-image-extra-4.4.0-101-generic - 4.4.0-101.124~14.04.1 linux-image-4.4.0-101-generic - 4.4.0-101.124~14.04.1 linux-image-4.4.0-101-powerpc-e500mc - 4.4.0-101.124~14.04.1 linux-image-4.4.0-101-powerpc64-emb - 4.4.0-101.124~14.04.1 linux-image-4.4.0-101-lowlatency - 4.4.0-101.124~14.04.1 linux-image-4.4.0-101-powerpc64-smp - 4.4.0-101.124~14.04.1 No subscription required Medium CVE-2017-15265 CVE-2017-15299 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16526 CVE-2017-16527 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16533 CVE-2017-16534 CVE-2017-16535 Ubuntu 14.04 LTS It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Eric Biggers discovered a race condition in the key management subsystem of the Linux kernel around keys in a negative state. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951) Andrey Konovalov discovered a use-after-free vulnerability in the USB serial console driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16525) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB unattached storage driver in the Linux kernel contained out-of-bounds error when handling alternative settings. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16530) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate CDC metadata. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16534) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Update Instructions: Run `sudo pro fix USN-3485-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1003-aws - 4.4.0-1003.3 No subscription required Medium CVE-2017-15265 CVE-2017-15299 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16526 CVE-2017-16527 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16533 CVE-2017-16534 CVE-2017-16535 Ubuntu 14.04 LTS Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15275) Update Instructions: Run `sudo pro fix USN-3486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.13 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.13 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.13 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.13 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.13 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.13 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.13 No subscription required Medium CVE-2017-14746 CVE-2017-15275 Ubuntu 14.04 LTS It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Update Instructions: Run `sudo pro fix USN-3489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: db5.3-doc - 5.3.28-3ubuntu3.1 libdb5.3-java-jni - 5.3.28-3ubuntu3.1 libdb5.3-tcl - 5.3.28-3ubuntu3.1 libdb5.3-java-dev - 5.3.28-3ubuntu3.1 libdb5.3-dev - 5.3.28-3ubuntu3.1 db5.3-util - 5.3.28-3ubuntu3.1 libdb5.3-stl-dev - 5.3.28-3ubuntu3.1 libdb5.3-sql - 5.3.28-3ubuntu3.1 libdb5.3++-dev - 5.3.28-3ubuntu3.1 db5.3-sql-util - 5.3.28-3ubuntu3.1 libdb5.3 - 5.3.28-3ubuntu3.1 libdb5.3-stl - 5.3.28-3ubuntu3.1 libdb5.3-java-gcj - 5.3.28-3ubuntu3.1 libdb5.3-sql-dev - 5.3.28-3ubuntu3.1 libdb5.3-java - 5.3.28-3ubuntu3.1 libdb5.3++ - 5.3.28-3ubuntu3.1 No subscription required Medium CVE-2017-10140 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to bypass same-origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830) Update Instructions: Run `sudo pro fix USN-3490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.5.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.5.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.5.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.5.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Ubuntu 14.04 LTS Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209) Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-1000231, CVE-2017-1000232) Update Instructions: Run `sudo pro fix USN-3491-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldns-dev - 1.6.17-1ubuntu0.1 python-ldns - 1.6.17-1ubuntu0.1 ldnsutils - 1.6.17-1ubuntu0.1 libldns1 - 1.6.17-1ubuntu0.1 No subscription required Medium CVE-2014-3209 CVE-2017-1000231 CVE-2017-1000232 Ubuntu 14.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code Update Instructions: Run `sudo pro fix USN-3492-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw9 - 0.15.4-1ubuntu0.1 libraw-doc - 0.15.4-1ubuntu0.1 libraw-bin - 0.15.4-1ubuntu0.1 libraw-dev - 0.15.4-1ubuntu0.1 No subscription required Medium CVE-2015-3885 CVE-2015-8366 CVE-2015-8367 CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-6886 CVE-2017-6887 Ubuntu 14.04 LTS It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3494-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml-libxml-perl - 2.0108+dfsg-1ubuntu0.2 No subscription required Medium CVE-2017-10672 Ubuntu 14.04 LTS It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3495-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: optipng - 0.6.4-1ubuntu0.14.04.2 No subscription required Medium CVE-2017-1000229 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3496-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.4 libpython2.7 - 2.7.6-8ubuntu0.4 python2.7 - 2.7.6-8ubuntu0.4 python2.7-minimal - 2.7.6-8ubuntu0.4 libpython2.7-testsuite - 2.7.6-8ubuntu0.4 libpython2.7-dev - 2.7.6-8ubuntu0.4 idle-python2.7 - 2.7.6-8ubuntu0.4 python2.7-doc - 2.7.6-8ubuntu0.4 python2.7-dev - 2.7.6-8ubuntu0.4 python2.7-examples - 2.7.6-8ubuntu0.4 libpython2.7-stdlib - 2.7.6-8ubuntu0.4 No subscription required Medium CVE-2017-1000158 Ubuntu 14.04 LTS USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3496-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.4-dev - 3.4.3-1ubuntu1~14.04.6 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.6 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.6 python3.4-minimal - 3.4.3-1ubuntu1~14.04.6 python3.4-venv - 3.4.3-1ubuntu1~14.04.6 python3.4 - 3.4.3-1ubuntu1~14.04.6 python3.4-doc - 3.4.3-1ubuntu1~14.04.6 idle-python3.4 - 3.4.3-1ubuntu1~14.04.6 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.6 libpython3.4 - 3.4.3-1ubuntu1~14.04.6 python3.4-examples - 3.4.3-1ubuntu1~14.04.6 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.6 No subscription required Medium CVE-2017-1000158 Ubuntu 14.04 LTS It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10281) It was discovered that the Remote Method Invocation (RMI) component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10285) It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. (CVE-2017-10295) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects from Java Cryptography Extension KeyStore (JCEKS). An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10345) It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10346) Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10347) It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10348, CVE-2017-10357) It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10349) It was discovered that the JAX-WS component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10350) It was discovered that the Networking component of OpenJDK did not properly set timeouts on FTP client actions. A remote attacker could use this to cause a denial of service (application hang). (CVE-2017-10355) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt discovered that the Security component in OpenJDK did not sufficiently protect password-based encryption keys in key stores. An attacker could use this to expose sensitive information. (CVE-2017-10356) Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. (CVE-2017-10388) Update Instructions: Run `sudo pro fix USN-3497-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-source - 7u151-2.6.11-2ubuntu0.14.04.1 icedtea-7-jre-jamvm - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-tests - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-jre-lib - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-jdk - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-jre-headless - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-jre - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-doc - 7u151-2.6.11-2ubuntu0.14.04.1 openjdk-7-demo - 7u151-2.6.11-2ubuntu0.14.04.1 No subscription required Medium CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Ubuntu 14.04 LTS Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-8817) Update Instructions: Run `sudo pro fix USN-3498-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.13 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.13 libcurl4-openssl-dev - 7.35.0-1ubuntu2.13 libcurl3-gnutls - 7.35.0-1ubuntu2.13 libcurl3-udeb - 7.35.0-1ubuntu2.13 libcurl4-doc - 7.35.0-1ubuntu2.13 libcurl3-nss - 7.35.0-1ubuntu2.13 libcurl4-nss-dev - 7.35.0-1ubuntu2.13 libcurl3 - 7.35.0-1ubuntu2.13 curl - 7.35.0-1ubuntu2.13 No subscription required Medium CVE-2017-8816 CVE-2017-8817 Ubuntu 14.04 LTS It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files. Update Instructions: Run `sudo pro fix USN-3500-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfont1 - 1:1.4.7-1ubuntu0.4 libxfont1-udeb - 1:1.4.7-1ubuntu0.4 libxfont-dev - 1:1.4.7-1ubuntu0.4 No subscription required Medium CVE-2017-16611 Ubuntu 14.04 LTS It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxcursor-dev - 1:1.1.14-1ubuntu0.14.04.1 libxcursor1 - 1:1.1.14-1ubuntu0.14.04.1 libxcursor1-udeb - 1:1.1.14-1ubuntu0.14.04.1 No subscription required Medium CVE-2017-16612 Ubuntu 14.04 LTS It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.10.3-0ubuntu10.4 libevview3-3 - 3.10.3-0ubuntu10.4 evince-common - 3.10.3-0ubuntu10.4 libevince-dev - 3.10.3-0ubuntu10.4 evince - 3.10.3-0ubuntu10.4 libevdocument3-4 - 3.10.3-0ubuntu10.4 evince-gtk - 3.10.3-0ubuntu10.4 No subscription required Medium CVE-2017-1000159 Ubuntu 14.04 LTS Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3504-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.11 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.11 libxml2 - 2.9.1+dfsg1-3ubuntu4.11 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.11 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.11 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.11 No subscription required Low CVE-2017-16932 Ubuntu 14.04 LTS Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081) Update Instructions: Run `sudo pro fix USN-3505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: scsi-firmware - 1.127.24 nic-firmware - 1.127.24 linux-firmware - 1.127.24 No subscription required High CVE-2017-13080 CVE-2017-13081 Ubuntu 14.04 LTS It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. (CVE-2017-17434) Update Instructions: Run `sudo pro fix USN-3506-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.0-2ubuntu0.3 No subscription required Medium CVE-2017-17433 CVE-2017-17434 Ubuntu 14.04 LTS USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Update Instructions: Run `sudo pro fix USN-3509-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1005-aws - 4.4.0-1005.5 No subscription required linux-image-4.4.0-103-powerpc64-smp - 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-generic-lpae - 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc64-emb - 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-generic - 4.4.0-103.126~14.04.1 linux-image-extra-4.4.0-103-generic - 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc-smp - 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc-e500mc - 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-lowlatency - 4.4.0-103.126~14.04.1 No subscription required High CVE-2017-1000405 CVE-2017-12193 CVE-2017-16643 CVE-2017-16939 Ubuntu 14.04 LTS USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Update Instructions: Run `sudo pro fix USN-3509-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1006-aws - 4.4.0-1006.6 No subscription required linux-image-4.4.0-104-powerpc64-smp - 4.4.0-104.127~14.04.1 linux-image-4.4.0-104-lowlatency - 4.4.0-104.127~14.04.1 linux-image-4.4.0-104-powerpc64-emb - 4.4.0-104.127~14.04.1 linux-image-extra-4.4.0-104-generic - 4.4.0-104.127~14.04.1 linux-image-4.4.0-104-powerpc-smp - 4.4.0-104.127~14.04.1 linux-image-4.4.0-104-powerpc-e500mc - 4.4.0-104.127~14.04.1 linux-image-4.4.0-104-generic-lpae - 4.4.0-104.127~14.04.1 linux-image-4.4.0-104-generic - 4.4.0-104.127~14.04.1 No subscription required None https://launchpad.net/bugs/1737033 https://www.ubuntu.com/usn/usn-3509-2 Ubuntu 14.04 LTS Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Update Instructions: Run `sudo pro fix USN-3510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-137-powerpc-smp - 3.13.0-137.186 linux-image-3.13.0-137-powerpc-e500mc - 3.13.0-137.186 linux-image-3.13.0-137-powerpc64-smp - 3.13.0-137.186 linux-image-extra-3.13.0-137-generic - 3.13.0-137.186 linux-image-3.13.0-137-generic - 3.13.0-137.186 linux-image-3.13.0-137-generic-lpae - 3.13.0-137.186 linux-image-3.13.0-137-powerpc-e500 - 3.13.0-137.186 linux-image-3.13.0-137-powerpc64-emb - 3.13.0-137.186 linux-image-3.13.0-137-lowlatency - 3.13.0-137.186 No subscription required High CVE-2017-1000405 CVE-2017-16939 Ubuntu 14.04 LTS It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.12 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.12 libxml2 - 2.9.1+dfsg1-3ubuntu4.12 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.12 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.12 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.12 No subscription required Medium CVE-2017-15412 Ubuntu 14.04 LTS It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution. Update Instructions: Run `sudo pro fix USN-3515-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.6 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.6 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.6 ruby1.9.1-full - 1.9.3.484-2ubuntu1.6 libruby1.9.1 - 1.9.3.484-2ubuntu1.6 ri1.9.1 - 1.9.3.484-2ubuntu1.6 ruby1.9.1 - 1.9.3.484-2ubuntu1.6 ruby1.9.3 - 1.9.3.484-2ubuntu1.6 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.5 libruby2.0 - 2.0.0.484-1ubuntu2.5 ruby2.0-doc - 2.0.0.484-1ubuntu2.5 ruby2.0 - 2.0.0.484-1ubuntu2.5 ruby2.0-dev - 2.0.0.484-1ubuntu2.5 No subscription required Medium CVE-2017-17405 Ubuntu 14.04 LTS It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754). Update Instructions: Run `sudo pro fix USN-3516-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-nn - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-nb - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fa - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fi - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fr - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-fy - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-or - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-kab - 57.0.4+build1-0ubuntu0.14.04.1 firefox-testsuite - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-oc - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-cs - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ga - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gd - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gn - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gl - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-gu - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-pa - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-pl - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-cy - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-pt - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hi - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ms - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-he - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hy - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hr - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hu - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-it - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-as - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ar - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-az - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-id - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mai - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-af - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-is - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-vi - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-an - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-bs - 57.0.4+build1-0ubuntu0.14.04.1 firefox - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ro - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ja - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ru - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-br - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-bn - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-be - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-bg - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sl - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sk - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-si - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sw - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sv - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sr - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-sq - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ko - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-kn - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-km - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-kk - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ka - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-xh - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ca - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ku - 57.0.4+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-lv - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-lt - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-th - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 57.0.4+build1-0ubuntu0.14.04.1 firefox-dev - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-te - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-cak - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ta - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-lg - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-tr - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-nso - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-de - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-da - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-uk - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mr - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-my - 57.0.4+build1-0ubuntu0.14.04.1 firefox-globalmenu - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-uz - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ml - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mn - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-mk - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ur - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-eu - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-et - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-es - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-csb - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-el - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-eo - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-en - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-zu - 57.0.4+build1-0ubuntu0.14.04.1 firefox-locale-ast - 57.0.4+build1-0ubuntu0.14.04.1 No subscription required Critical CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 Ubuntu 14.04 LTS It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. (CVE-2017-1000456) It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-14976) Update Instructions: Run `sudo pro fix USN-3517-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.9 libpoppler-qt5-1 - 0.24.5-2ubuntu4.9 libpoppler-cpp-dev - 0.24.5-2ubuntu4.9 libpoppler-cpp0 - 0.24.5-2ubuntu4.9 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.9 libpoppler-dev - 0.24.5-2ubuntu4.9 libpoppler-glib8 - 0.24.5-2ubuntu4.9 libpoppler-private-dev - 0.24.5-2ubuntu4.9 libpoppler-qt4-dev - 0.24.5-2ubuntu4.9 libpoppler-glib-dev - 0.24.5-2ubuntu4.9 libpoppler-qt4-4 - 0.24.5-2ubuntu4.9 libpoppler44 - 0.24.5-2ubuntu4.9 libpoppler-qt5-dev - 0.24.5-2ubuntu4.9 libpoppler-glib-doc - 0.24.5-2ubuntu4.9 No subscription required Medium CVE-2017-1000456 CVE-2017-14976 Ubuntu 14.04 LTS It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3518-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: awstats - 7.2+dfsg-1ubuntu0.1 No subscription required Medium CVE-2017-1000501 Ubuntu 14.04 LTS It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. (CVE-2017-5647) It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2017-5648) It was discovered that Tomcat incorrectly handled error pages. A remote attacker could possibly use this issue to replace or remove the custom error page. (CVE-2017-5664) It was discovered that Tomcat incorrectly handled the CORS filter. A remote attacker could possibly use this issue to perform cache poisoning. (CVE-2017-7674) Update Instructions: Run `sudo pro fix USN-3519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.13 libservlet3.0-java - 7.0.52-1ubuntu0.13 tomcat7-docs - 7.0.52-1ubuntu0.13 libservlet3.0-java-doc - 7.0.52-1ubuntu0.13 tomcat7 - 7.0.52-1ubuntu0.13 libtomcat7-java - 7.0.52-1ubuntu0.13 tomcat7-user - 7.0.52-1ubuntu0.13 tomcat7-admin - 7.0.52-1ubuntu0.13 tomcat7-examples - 7.0.52-1ubuntu0.13 No subscription required Medium CVE-2017-5647 CVE-2017-5648 CVE-2017-5664 CVE-2017-7674 Ubuntu 14.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3521-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-opencl-icd-384 - 384.111-0ubuntu0.14.04.1 nvidia-libopencl1-375 - 384.111-0ubuntu0.14.04.1 nvidia-375-dev - 384.111-0ubuntu0.14.04.1 nvidia-libopencl1-384 - 384.111-0ubuntu0.14.04.1 nvidia-384-dev - 384.111-0ubuntu0.14.04.1 nvidia-opencl-icd-375 - 384.111-0ubuntu0.14.04.1 libcuda1-384 - 384.111-0ubuntu0.14.04.1 nvidia-384 - 384.111-0ubuntu0.14.04.1 libcuda1-375 - 384.111-0ubuntu0.14.04.1 nvidia-375 - 384.111-0ubuntu0.14.04.1 No subscription required High CVE-2017-5753 Ubuntu 14.04 LTS USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Update Instructions: Run `sudo pro fix USN-3522-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1009-aws - 4.4.0-1009.9 No subscription required linux-image-4.4.0-108-lowlatency - 4.4.0-108.131~14.04.1 linux-image-extra-4.4.0-108-generic - 4.4.0-108.131~14.04.1 linux-image-4.4.0-108-powerpc-e500mc - 4.4.0-108.131~14.04.1 linux-image-4.4.0-108-powerpc64-emb - 4.4.0-108.131~14.04.1 linux-image-4.4.0-108-generic - 4.4.0-108.131~14.04.1 linux-image-4.4.0-108-powerpc-smp - 4.4.0-108.131~14.04.1 linux-image-4.4.0-108-generic-lpae - 4.4.0-108.131~14.04.1 linux-image-4.4.0-108-powerpc64-smp - 4.4.0-108.131~14.04.1 No subscription required Critical CVE-2017-5754 Ubuntu 14.04 LTS USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown (CVE-2017-5754). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-3522-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-109-powerpc-e500mc - 4.4.0-109.132~14.04.1 linux-image-4.4.0-109-powerpc64-smp - 4.4.0-109.132~14.04.1 linux-image-4.4.0-109-generic-lpae - 4.4.0-109.132~14.04.1 linux-image-4.4.0-109-powerpc-smp - 4.4.0-109.132~14.04.1 linux-image-4.4.0-109-lowlatency - 4.4.0-109.132~14.04.1 linux-image-extra-4.4.0-109-generic - 4.4.0-109.132~14.04.1 linux-image-4.4.0-109-generic - 4.4.0-109.132~14.04.1 linux-image-4.4.0-109-powerpc64-emb - 4.4.0-109.132~14.04.1 No subscription required None https://launchpad.net/bugs/1741934 https://usn.ubuntu.com/usn/usn-3522-2 Ubuntu 14.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-3524-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-139-powerpc-e500mc - 3.13.0-139.188 linux-image-3.13.0-139-powerpc-e500 - 3.13.0-139.188 linux-image-3.13.0-139-generic-lpae - 3.13.0-139.188 linux-image-3.13.0-139-powerpc-smp - 3.13.0-139.188 linux-image-3.13.0-139-powerpc64-emb - 3.13.0-139.188 linux-image-extra-3.13.0-139-generic - 3.13.0-139.188 linux-image-3.13.0-139-generic - 3.13.0-139.188 linux-image-3.13.0-139-powerpc64-smp - 3.13.0-139.188 linux-image-3.13.0-139-lowlatency - 3.13.0-139.188 No subscription required Critical CVE-2017-5754 Ubuntu 14.04 LTS Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5205) Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5206) Joseph Bisch discovered that Irssi incorrectly handled incomplete variable arguments. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5207) Joseph Bisch discovered that Irssi incorrectly handled completing certain strings. An attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-5208) Update Instructions: Run `sudo pro fix USN-3527-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.15-5ubuntu3.4 irssi - 0.8.15-5ubuntu3.4 No subscription required Medium CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 Ubuntu 14.04 LTS It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033) It was discovered that Ruby incorrectly handled some generating JSON. An attacker could use this to possible expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-17790) Update Instructions: Run `sudo pro fix USN-3528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.7 ruby1.9.1-dev - 1.9.3.484-2ubuntu1.7 ri1.9.1 - 1.9.3.484-2ubuntu1.7 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.7 ruby1.9.1-full - 1.9.3.484-2ubuntu1.7 libruby1.9.1 - 1.9.3.484-2ubuntu1.7 ruby1.9.1 - 1.9.3.484-2ubuntu1.7 ruby1.9.3 - 1.9.3.484-2ubuntu1.7 No subscription required Medium CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17790 Ubuntu 14.04 LTS It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this in combination with another vulnerability, in order to cause unspecified problems. (CVE-2017-7846) It was discovered that the RSS feed can leak local path names. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-7847) It was discovered that RSS feeds are vulnerable to new line injection. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this to cause unspecified problems. (CVE-2017-7848) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, execute arbitrary code, or cause other unspecified effects. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) Update Instructions: Run `sudo pro fix USN-3529-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.6.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.6.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.6.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.6.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Ubuntu 14.04 LTS It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180108.0~ubuntu14.04.2 No subscription required High CVE-2017-5715 Ubuntu 14.04 LTS USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. Original advisory details: It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3531-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180108.0+really20170707ubuntu14.04.1 No subscription required None https://launchpad.net/bugs/1742933 Ubuntu 14.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the corrected microcode updates required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3531-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180312.0~ubuntu14.04.1 No subscription required High CVE-2017-5715 Ubuntu 14.04 LTS It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. (CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files. An attacker could use this to cause a denial of service. (CVE-2017-6314) Update Instructions: Run `sudo pro fix USN-3532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.30.7-0ubuntu1.8 libgdk-pixbuf2.0-common - 2.30.7-0ubuntu1.8 libgdk-pixbuf2.0-dev - 2.30.7-0ubuntu1.8 libgdk-pixbuf2.0-0-udeb - 2.30.7-0ubuntu1.8 libgdk-pixbuf2.0-doc - 2.30.7-0ubuntu1.8 gir1.2-gdkpixbuf-2.0 - 2.30.7-0ubuntu1.8 No subscription required Medium CVE-2017-1000422 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 Ubuntu 14.04 LTS It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3533-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: transmission-common - 2.82-1.1ubuntu3.2 transmission - 2.82-1.1ubuntu3.2 transmission-daemon - 2.82-1.1ubuntu3.2 transmission-qt - 2.82-1.1ubuntu3.2 transmission-gtk - 2.82-1.1ubuntu3.2 transmission-cli - 2.82-1.1ubuntu3.2 No subscription required Medium CVE-2018-5702 Ubuntu 14.04 LTS It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd(2) syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. (CVE-2018-1000001) A memory leak was discovered in the _dl_init_paths() function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. (CVE-2017-1000408) A heap-based buffer overflow was discovered in the _dl_init_paths() function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_LIBRARY_PATH environment variable, in combination with CVE-2017-1000408 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. (CVE-2017-1000409) An off-by-one error leading to a heap-based buffer overflow was discovered in the GNU C library glob() implementation. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code via a maliciously crafted pattern. (CVE-2017-15670) A heap-based buffer overflow was discovered during unescaping of user names with the ~ operator in the GNU C library glob() implementation. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code via a maliciously crafted pattern. (CVE-2017-15804) It was discovered that the GNU C library dynamic loader mishandles RPATH and RUNPATH containing $ORIGIN for privileged (setuid or AT_SECURE) programs. A local attacker could potentially exploit this by providing a specially crafted library in the current working directory in order to gain administrative privileges. (CVE-2017-16997) It was discovered that the GNU C library malloc() implementation could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, resulting in a heap-based overflow. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2017-17426) Update Instructions: Run `sudo pro fix USN-3534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.19-0ubuntu6.14 libnss-dns-udeb - 2.19-0ubuntu6.14 libc6-ppc64 - 2.19-0ubuntu6.14 libc-bin - 2.19-0ubuntu6.14 libc6-x32 - 2.19-0ubuntu6.14 libc6-armel - 2.19-0ubuntu6.14 eglibc-source - 2.19-0ubuntu6.14 libc6-pic - 2.19-0ubuntu6.14 libc6-dev-ppc64 - 2.19-0ubuntu6.14 libc6-dev-armel - 2.19-0ubuntu6.14 libnss-files-udeb - 2.19-0ubuntu6.14 glibc-doc - 2.19-0ubuntu6.14 nscd - 2.19-0ubuntu6.14 multiarch-support - 2.19-0ubuntu6.14 libc6-dev - 2.19-0ubuntu6.14 libc6-amd64 - 2.19-0ubuntu6.14 libc6-dev-amd64 - 2.19-0ubuntu6.14 libc6 - 2.19-0ubuntu6.14 libc6-dev-x32 - 2.19-0ubuntu6.14 libc6-udeb - 2.19-0ubuntu6.14 libc6-dev-i386 - 2.19-0ubuntu6.14 libc-dev-bin - 2.19-0ubuntu6.14 libc6-prof - 2.19-0ubuntu6.14 No subscription required High CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15804 CVE-2017-16997 CVE-2017-17426 CVE-2018-1000001 Ubuntu 14.04 LTS Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.17 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.17 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.17 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.17 bind9utils - 1:9.9.5.dfsg-3ubuntu0.17 libdns100 - 1:9.9.5.dfsg-3ubuntu0.17 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.17 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.17 host - 1:9.9.5.dfsg-3ubuntu0.17 lwresd - 1:9.9.5.dfsg-3ubuntu0.17 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.17 libisc95 - 1:9.9.5.dfsg-3ubuntu0.17 bind9 - 1:9.9.5.dfsg-3ubuntu0.17 bind9-host - 1:9.9.5.dfsg-3ubuntu0.17 No subscription required Medium CVE-2017-3145 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Update Instructions: Run `sudo pro fix USN-3537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.59-0ubuntu0.14.04.1 mysql-client - 5.5.59-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.59-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.59-0ubuntu0.14.04.1 libmysqld-pic - 5.5.59-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.59-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.59-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.59-0ubuntu0.14.04.1 mysql-common - 5.5.59-0ubuntu0.14.04.1 mysql-server - 5.5.59-0ubuntu0.14.04.1 mysql-testsuite - 5.5.59-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.59-0ubuntu0.14.04.1 libmysqld-dev - 5.5.59-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.59-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-2562 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2600 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2646 CVE-2018-2647 CVE-2018-2665 CVE-2018-2667 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703 Ubuntu 14.04 LTS Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10009) Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10010) Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory operations. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10011) Guido Vranken discovered that OpenSSH incorrectly handled certain shared memory manager operations. A local attacker could possibly use issue to gain privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10012) Michal Zalewski discovered that OpenSSH incorrectly prevented write operations in readonly mode. A remote attacker could possibly use this issue to create zero-length files, leading to a denial of service. (CVE-2017-15906) Update Instructions: Run `sudo pro fix USN-3538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.10 openssh-client - 1:6.6p1-2ubuntu2.10 openssh-server - 1:6.6p1-2ubuntu2.10 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.10 ssh - 1:6.6p1-2ubuntu2.10 ssh-krb5 - 1:6.6p1-2ubuntu2.10 openssh-client-udeb - 1:6.6p1-2ubuntu2.10 openssh-sftp-server - 1:6.6p1-2ubuntu2.10 No subscription required Medium CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2017-15906 Ubuntu 14.04 LTS It was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code. (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789) Update Instructions: Run `sudo pro fix USN-3539-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgimp2.0-doc - 2.8.10-0ubuntu1.2 libgimp2.0-dev - 2.8.10-0ubuntu1.2 libgimp2.0 - 2.8.10-0ubuntu1.2 gimp-data - 2.8.10-0ubuntu1.2 gimp - 2.8.10-0ubuntu1.2 No subscription required Medium CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789 Ubuntu 14.04 LTS USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753) USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Update Instructions: Run `sudo pro fix USN-3540-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1011-aws - 4.4.0-1011.11 No subscription required linux-image-4.4.0-111-powerpc-smp - 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-smp - 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-emb - 4.4.0-111.134~14.04.1 linux-image-extra-4.4.0-111-generic - 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-e500mc - 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-generic-lpae - 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-lowlatency - 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-generic - 4.4.0-111.134~14.04.1 No subscription required Critical CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Ubuntu 14.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only) and amd64 architectures. Update Instructions: Run `sudo pro fix USN-3542-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-141-generic-lpae - 3.13.0-141.190 linux-image-3.13.0-141-powerpc-e500mc - 3.13.0-141.190 linux-image-3.13.0-141-lowlatency - 3.13.0-141.190 linux-image-3.13.0-141-powerpc64-emb - 3.13.0-141.190 linux-image-extra-3.13.0-141-generic - 3.13.0-141.190 linux-image-3.13.0-141-powerpc64-smp - 3.13.0-141.190 linux-image-3.13.0-141-generic - 3.13.0-141.190 linux-image-3.13.0-141-powerpc-e500 - 3.13.0-141.190 linux-image-3.13.0-141-powerpc-smp - 3.13.0-141.190 No subscription required High CVE-2017-5715 CVE-2017-5753 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Ubuntu 14.04 LTS It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code. (CVE-2018-5764) Update Instructions: Run `sudo pro fix USN-3543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.0-2ubuntu0.4 No subscription required Medium CVE-2017-16548 CVE-2018-5764 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115, CVE-2018-5117, CVE-2018-5122) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to gain additional privileges, bypass same-origin restrictions, or execute arbitrary code. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116) A security issue was discovered with the developer tools. If a user were tricked in to opening a specially crafted website with the developer tools open, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2018-5106) A security issue was discovered with printing. An attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2018-5107) It was discovered that manually entered blob URLs could be accessed by subsequent private browsing tabs. If a user were tricked in to entering a blob URL, an attacker could potentially exploit this to obtain sensitive information from a private browsing context. (CVE-2018-5108) It was discovered that dragging certain specially formatted URLs to the addressbar could cause the wrong URL to be displayed. If a user were tricked in to opening a specially crafted website and dragging a URL to the addressbar, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2018-5111) It was discovered that WebExtension developer tools panels could open non-relative URLs. If a user were tricked in to installing a specially crafted extension and running the developer tools, an attacker could potentially exploit this to gain additional privileges. (CVE-2018-5112) It was discovered that ActivityStream images can attempt to load local content through file: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another vulnerability that allowed sandbox protections to be bypassed, in order to obtain sensitive information from local files. (CVE-2018-5118) It was discovered that the reader view will load cross-origin content in violation of CORS headers. An attacker could exploit this to bypass CORS restrictions. (CVE-2018-5119) Update Instructions: Run `sudo pro fix USN-3544-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-nn - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ne - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-nb - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-fa - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-fi - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-fr - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-fy - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-or - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-kab - 58.0+build6-0ubuntu0.14.04.1 firefox-testsuite - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-oc - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-cs - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ga - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-gd - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-gn - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-gl - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-gu - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-pa - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-pl - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-cy - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-pt - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-hi - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-uk - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-he - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-hy - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-hr - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-hu - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-as - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ar - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-az - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-id - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-mai - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-af - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-is - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-it - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-an - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-bs - 58.0+build6-0ubuntu0.14.04.1 firefox - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ro - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ja - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ru - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-br - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-zh-hant - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-zh-hans - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-bn - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-be - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-bg - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-sl - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-sk - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-si - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-sw - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-sv - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-sr - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-sq - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ko - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-kn - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-km - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-kk - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ka - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-xh - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ca - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ku - 58.0+build6-0ubuntu0.14.04.1 firefox-mozsymbols - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-lv - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-lt - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-th - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-hsb - 58.0+build6-0ubuntu0.14.04.1 firefox-dev - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-te - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-cak - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ta - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-lg - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-tr - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-nso - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-de - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-da - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ms - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-mr - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-my - 58.0+build6-0ubuntu0.14.04.1 firefox-globalmenu - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-uz - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ml - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-mn - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-mk - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ur - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-vi - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-eu - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-et - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-es - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-csb - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-el - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-eo - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-en - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-zu - 58.0+build6-0ubuntu0.14.04.1 firefox-locale-ast - 58.0+build6-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5089 CVE-2018-5090 CVE-2018-5091 CVE-2018-5092 CVE-2018-5093 CVE-2018-5094 CVE-2018-5095 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5100 CVE-2018-5101 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5105 CVE-2018-5106 CVE-2018-5107 CVE-2018-5108 CVE-2018-5109 CVE-2018-5111 CVE-2018-5112 CVE-2018-5113 CVE-2018-5114 CVE-2018-5115 CVE-2018-5116 CVE-2018-5117 CVE-2018-5118 CVE-2018-5119 CVE-2018-5122 Ubuntu 14.04 LTS USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115, CVE-2018-5117, CVE-2018-5122) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to gain additional privileges, bypass same-origin restrictions, or execute arbitrary code. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116) A security issue was discovered with the developer tools. If a user were tricked in to opening a specially crafted website with the developer tools open, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2018-5106) A security issue was discovered with printing. An attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2018-5107) It was discovered that manually entered blob URLs could be accessed by subsequent private browsing tabs. If a user were tricked in to entering a blob URL, an attacker could potentially exploit this to obtain sensitive information from a private browsing context. (CVE-2018-5108) It was discovered that dragging certain specially formatted URLs to the addressbar could cause the wrong URL to be displayed. If a user were tricked in to opening a specially crafted website and dragging a URL to the addressbar, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2018-5111) It was discovered that WebExtension developer tools panels could open non-relative URLs. If a user were tricked in to installing a specially crafted extension and running the developer tools, an attacker could potentially exploit this to gain additional privileges. (CVE-2018-5112) It was discovered that ActivityStream images can attempt to load local content through file: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another vulnerability that allowed sandbox protections to be bypassed, in order to obtain sensitive information from local files. (CVE-2018-5118) It was discovered that the reader view will load cross-origin content in violation of CORS headers. An attacker could exploit this to bypass CORS restrictions. (CVE-2018-5119) Update Instructions: Run `sudo pro fix USN-3544-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ne - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kab - 58.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 58.0.2+build1-0ubuntu0.14.04.1 firefox - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 58.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 58.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-my - 58.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ur - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 58.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 58.0.2+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1749025 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146) Update Instructions: Run `sudo pro fix USN-3545-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.7.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.7.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.7.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.7.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 Ubuntu 14.04 LTS It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-10790) It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6003) Update Instructions: Run `sudo pro fix USN-3547-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 3.4-3ubuntu0.6 libtasn1-3-bin - 3.4-3ubuntu0.6 libtasn1-bin - 3.4-3ubuntu0.6 libtasn1-3-dev - 3.4-3ubuntu0.6 libtasn1-6 - 3.4-3ubuntu0.6 No subscription required Medium CVE-2017-10790 CVE-2018-6003 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12376) It was discovered that ClamAV incorrectly handled parsing certain mew packet files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12377) It was discovered that ClamAV incorrectly handled parsing certain TAR files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-12378) In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Update Instructions: Run `sudo pro fix USN-3550-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav-testfiles - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav-base - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav - 0.99.3+addedllvm-0ubuntu0.14.04.1 libclamav7 - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav-daemon - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav-milter - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav-docs - 0.99.3+addedllvm-0ubuntu0.14.04.1 clamav-freshclam - 0.99.3+addedllvm-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 Ubuntu 14.04 LTS Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. (CVE-2018-5124) Update Instructions: Run `sudo pro fix USN-3552-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ne - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kab - 58.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gn - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 58.0.1+build1-0ubuntu0.14.04.1 firefox - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 58.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 58.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cak - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-my - 58.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uz - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ur - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 58.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 58.0.1+build1-0ubuntu0.14.04.1 No subscription required High CVE-2018-5124 Ubuntu 14.04 LTS It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. (CVE-2018-1000007) Update Instructions: Run `sudo pro fix USN-3554-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.14 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.14 libcurl4-openssl-dev - 7.35.0-1ubuntu2.14 libcurl3-gnutls - 7.35.0-1ubuntu2.14 libcurl3-udeb - 7.35.0-1ubuntu2.14 libcurl4-doc - 7.35.0-1ubuntu2.14 libcurl3-nss - 7.35.0-1ubuntu2.14 libcurl4-nss-dev - 7.35.0-1ubuntu2.14 libcurl3 - 7.35.0-1ubuntu2.14 curl - 7.35.0-1ubuntu2.14 No subscription required Medium CVE-2018-1000005 CVE-2018-1000007 Ubuntu 14.04 LTS It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6196, CVE-2018-6197) It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files. (CVE-2018-6198) Update Instructions: Run `sudo pro fix USN-3555-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m-img - 0.5.3-15ubuntu0.2 w3m - 0.5.3-15ubuntu0.2 No subscription required Medium CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 Ubuntu 14.04 LTS It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3556-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.3 dovecot-mysql - 1:2.2.9-1ubuntu2.3 dovecot-sieve - 1:2.2.9-1ubuntu2.3 dovecot-core - 1:2.2.9-1ubuntu2.3 dovecot-ldap - 1:2.2.9-1ubuntu2.3 dovecot-sqlite - 1:2.2.9-1ubuntu2.3 dovecot-dev - 1:2.2.9-1ubuntu2.3 dovecot-pop3d - 1:2.2.9-1ubuntu2.3 dovecot-imapd - 1:2.2.9-1ubuntu2.3 dovecot-managesieved - 1:2.2.9-1ubuntu2.3 mail-stack-delivery - 1:2.2.9-1ubuntu2.3 dovecot-gssapi - 1:2.2.9-1ubuntu2.3 dovecot-solr - 1:2.2.9-1ubuntu2.3 dovecot-lmtpd - 1:2.2.9-1ubuntu2.3 No subscription required Medium CVE-2017-15132 Ubuntu 14.04 LTS Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570) Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2571) Santiago Ruano Rincón discovered that Squid incorrectly handled certain Vary headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027) Update Instructions: Run `sudo pro fix USN-3557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.3.8-1ubuntu6.11 squid-cgi - 3.3.8-1ubuntu6.11 squid3-common - 3.3.8-1ubuntu6.11 squid-purge - 3.3.8-1ubuntu6.11 squidclient - 3.3.8-1ubuntu6.11 squid3 - 3.3.8-1ubuntu6.11 No subscription required Medium CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-3948 CVE-2018-1000024 CVE-2018-1000027 Ubuntu 14.04 LTS Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908) It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. (CVE-2018-1049) Update Instructions: Run `sudo pro fix USN-3558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgudev-1.0-dev - 1:204-5ubuntu20.26 gir1.2-gudev-1.0 - 1:204-5ubuntu20.26 libgudev-1.0-0 - 1:204-5ubuntu20.26 No subscription required libsystemd-id128-dev - 204-5ubuntu20.26 systemd - 204-5ubuntu20.26 udev-udeb - 204-5ubuntu20.26 python-systemd - 204-5ubuntu20.26 libsystemd-journal0 - 204-5ubuntu20.26 libsystemd-journal-dev - 204-5ubuntu20.26 libsystemd-id128-0 - 204-5ubuntu20.26 libudev1 - 204-5ubuntu20.26 systemd-services - 204-5ubuntu20.26 libpam-systemd - 204-5ubuntu20.26 libsystemd-daemon0 - 204-5ubuntu20.26 libsystemd-login-dev - 204-5ubuntu20.26 udev - 204-5ubuntu20.26 libsystemd-daemon-dev - 204-5ubuntu20.26 libudev1-udeb - 204-5ubuntu20.26 libudev-dev - 204-5ubuntu20.26 libsystemd-login0 - 204-5ubuntu20.26 No subscription required Medium CVE-2017-15908 CVE-2018-1049 Ubuntu 14.04 LTS It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Update Instructions: Run `sudo pro fix USN-3560-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.38 qemu-user-static - 2.0.0+dfsg-2ubuntu1.38 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.38 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.38 qemu-kvm - 2.0.0+dfsg-2ubuntu1.38 qemu-user - 2.0.0+dfsg-2ubuntu1.38 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.38 qemu-system - 2.0.0+dfsg-2ubuntu1.38 qemu-utils - 2.0.0+dfsg-2ubuntu1.38 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.38 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.38 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.38 qemu-common - 2.0.0+dfsg-2ubuntu1.38 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.38 qemu - 2.0.0+dfsg-2ubuntu1.38 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.38 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.38 No subscription required High CVE-2017-5715 Ubuntu 14.04 LTS It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Update Instructions: Run `sudo pro fix USN-3561-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.25 libvirt-dev - 1.2.2-0ubuntu13.1.25 libvirt-doc - 1.2.2-0ubuntu13.1.25 libvirt-bin - 1.2.2-0ubuntu13.1.25 No subscription required High CVE-2017-5715 Ubuntu 14.04 LTS It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Update Instructions: Run `sudo pro fix USN-3562-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libminiupnpc-dev - 1.6-3ubuntu2.14.04.4 libminiupnpc8 - 1.6-3ubuntu2.14.04.4 miniupnpc - 1.6-3ubuntu2.14.04.4 No subscription required Medium CVE-2017-1000494 Ubuntu 14.04 LTS It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code. Update Instructions: Run `sudo pro fix USN-3563-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.16-2ubuntu0.5 No subscription required Medium CVE-2018-5950 Ubuntu 14.04 LTS It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3564-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.21-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.21-0ubuntu0.14.04 postgresql-9.3 - 9.3.21-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.21-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.21-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.21-0ubuntu0.14.04 libecpg6 - 9.3.21-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.21-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.21-0ubuntu0.14.04 libpgtypes3 - 9.3.21-0ubuntu0.14.04 libecpg-dev - 9.3.21-0ubuntu0.14.04 libpq-dev - 9.3.21-0ubuntu0.14.04 libpq5 - 9.3.21-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.21-0ubuntu0.14.04 libecpg-compat3 - 9.3.21-0ubuntu0.14.04 No subscription required Low CVE-2018-1053 Ubuntu 14.04 LTS Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3565-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.82-3ubuntu2.4 eximon4 - 4.82-3ubuntu2.4 exim4 - 4.82-3ubuntu2.4 exim4-daemon-light - 4.82-3ubuntu2.4 exim4-config - 4.82-3ubuntu2.4 exim4-daemon-heavy - 4.82-3ubuntu2.4 exim4-base - 4.82-3ubuntu2.4 No subscription required Medium CVE-2018-6789 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2018-5712) It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12933) It was discovered that PHP incorrectly handled 'front of' and 'back of' date directives. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-16642) Update Instructions: Run `sudo pro fix USN-3566-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.23 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.23 php5-curl - 5.5.9+dfsg-1ubuntu4.23 php5-intl - 5.5.9+dfsg-1ubuntu4.23 php5-snmp - 5.5.9+dfsg-1ubuntu4.23 php5-mysql - 5.5.9+dfsg-1ubuntu4.23 php5-odbc - 5.5.9+dfsg-1ubuntu4.23 php5-xsl - 5.5.9+dfsg-1ubuntu4.23 php5-gd - 5.5.9+dfsg-1ubuntu4.23 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.23 php5-tidy - 5.5.9+dfsg-1ubuntu4.23 php5-dev - 5.5.9+dfsg-1ubuntu4.23 php5-pgsql - 5.5.9+dfsg-1ubuntu4.23 php5-enchant - 5.5.9+dfsg-1ubuntu4.23 php5-readline - 5.5.9+dfsg-1ubuntu4.23 php5-gmp - 5.5.9+dfsg-1ubuntu4.23 php5-fpm - 5.5.9+dfsg-1ubuntu4.23 php5-cgi - 5.5.9+dfsg-1ubuntu4.23 php5-sqlite - 5.5.9+dfsg-1ubuntu4.23 php5-ldap - 5.5.9+dfsg-1ubuntu4.23 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.23 php5 - 5.5.9+dfsg-1ubuntu4.23 php5-cli - 5.5.9+dfsg-1ubuntu4.23 php-pear - 5.5.9+dfsg-1ubuntu4.23 php5-sybase - 5.5.9+dfsg-1ubuntu4.23 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.23 php5-pspell - 5.5.9+dfsg-1ubuntu4.23 php5-common - 5.5.9+dfsg-1ubuntu4.23 libphp5-embed - 5.5.9+dfsg-1ubuntu4.23 No subscription required Medium CVE-2017-12933 CVE-2017-16642 CVE-2018-5712 Ubuntu 14.04 LTS USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20783) It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. (CVE-2019-11036) Original advisory details: It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 ESM. (CVE-2017-12933) It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2017-11362) It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 12.04 ESM. (CVE-2016-10712) Update Instructions: Run `sudo pro fix USN-3566-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm2 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm2 php5 - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm2 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm2 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm2 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm2 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-10712 CVE-2017-11362 CVE-2017-12933 CVE-2018-20783 CVE-2019-11036 Ubuntu 14.04 LTS It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3567-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: puppetmaster-common - 3.4.3-1ubuntu1.3 puppetmaster - 3.4.3-1ubuntu1.3 puppet-testsuite - 3.4.3-1ubuntu1.3 puppet - 3.4.3-1ubuntu1.3 puppet-common - 3.4.3-1ubuntu1.3 puppet-el - 3.4.3-1ubuntu1.3 puppetmaster-passenger - 3.4.3-1ubuntu1.3 vim-puppet - 3.4.3-1ubuntu1.3 No subscription required Medium CVE-2017-10689 Ubuntu 14.04 LTS Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10169) Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-6767) Update Instructions: Run `sudo pro fix USN-3568-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 4.70.0-1ubuntu0.1 libwavpack-dev - 4.70.0-1ubuntu0.1 wavpack - 4.70.0-1ubuntu0.1 No subscription required Medium CVE-2016-10169 CVE-2018-6767 Ubuntu 14.04 LTS It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. (CVE-2017-14632) It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. (CVE-2017-14633) Update Instructions: Run `sudo pro fix USN-3569-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvorbis0a - 1.3.2-1.3ubuntu1.1 libvorbisfile3 - 1.3.2-1.3ubuntu1.1 libvorbisenc2 - 1.3.2-1.3ubuntu1.1 libvorbis-dev - 1.3.2-1.3ubuntu1.1 No subscription required Medium CVE-2017-14632 CVE-2017-14633 Ubuntu 14.04 LTS Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 1.18-1ubuntu0.1 No subscription required Medium CVE-2018-1056 Ubuntu 14.04 LTS It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Böck, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385) Update Instructions: Run `sudo pro fix USN-3571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: erlang-gs - 1:16.b.3-dfsg-1ubuntu2.2 erlang-x11 - 1:16.b.3-dfsg-1ubuntu2.2 erlang-jinterface - 1:16.b.3-dfsg-1ubuntu2.2 erlang-asn1 - 1:16.b.3-dfsg-1ubuntu2.2 erlang-inets - 1:16.b.3-dfsg-1ubuntu2.2 erlang-snmp - 1:16.b.3-dfsg-1ubuntu2.2 erlang-mode - 1:16.b.3-dfsg-1ubuntu2.2 erlang-odbc - 1:16.b.3-dfsg-1ubuntu2.2 erlang-typer - 1:16.b.3-dfsg-1ubuntu2.2 erlang-common-test - 1:16.b.3-dfsg-1ubuntu2.2 erlang-edoc - 1:16.b.3-dfsg-1ubuntu2.2 erlang-examples - 1:16.b.3-dfsg-1ubuntu2.2 erlang-ic - 1:16.b.3-dfsg-1ubuntu2.2 erlang-os-mon - 1:16.b.3-dfsg-1ubuntu2.2 erlang-syntax-tools - 1:16.b.3-dfsg-1ubuntu2.2 erlang-ssl - 1:16.b.3-dfsg-1ubuntu2.2 erlang-dev - 1:16.b.3-dfsg-1ubuntu2.2 erlang-ssh - 1:16.b.3-dfsg-1ubuntu2.2 erlang-ic-java - 1:16.b.3-dfsg-1ubuntu2.2 erlang-megaco - 1:16.b.3-dfsg-1ubuntu2.2 erlang-manpages - 1:16.b.3-dfsg-1ubuntu2.2 erlang-appmon - 1:16.b.3-dfsg-1ubuntu2.2 erlang - 1:16.b.3-dfsg-1ubuntu2.2 erlang-runtime-tools - 1:16.b.3-dfsg-1ubuntu2.2 erlang-eunit - 1:16.b.3-dfsg-1ubuntu2.2 erlang-tools - 1:16.b.3-dfsg-1ubuntu2.2 erlang-pman - 1:16.b.3-dfsg-1ubuntu2.2 erlang-observer - 1:16.b.3-dfsg-1ubuntu2.2 erlang-percept - 1:16.b.3-dfsg-1ubuntu2.2 erlang-debugger - 1:16.b.3-dfsg-1ubuntu2.2 erlang-parsetools - 1:16.b.3-dfsg-1ubuntu2.2 erlang-public-key - 1:16.b.3-dfsg-1ubuntu2.2 erlang-diameter - 1:16.b.3-dfsg-1ubuntu2.2 erlang-corba - 1:16.b.3-dfsg-1ubuntu2.2 erlang-doc - 1:16.b.3-dfsg-1ubuntu2.2 erlang-reltool - 1:16.b.3-dfsg-1ubuntu2.2 erlang-xmerl - 1:16.b.3-dfsg-1ubuntu2.2 erlang-nox - 1:16.b.3-dfsg-1ubuntu2.2 erlang-test-server - 1:16.b.3-dfsg-1ubuntu2.2 erlang-eldap - 1:16.b.3-dfsg-1ubuntu2.2 erlang-src - 1:16.b.3-dfsg-1ubuntu2.2 erlang-tv - 1:16.b.3-dfsg-1ubuntu2.2 erlang-webtool - 1:16.b.3-dfsg-1ubuntu2.2 erlang-mnesia - 1:16.b.3-dfsg-1ubuntu2.2 erlang-toolbar - 1:16.b.3-dfsg-1ubuntu2.2 erlang-base-hipe - 1:16.b.3-dfsg-1ubuntu2.2 erlang-crypto - 1:16.b.3-dfsg-1ubuntu2.2 erlang-erl-docgen - 1:16.b.3-dfsg-1ubuntu2.2 erlang-base - 1:16.b.3-dfsg-1ubuntu2.2 erlang-et - 1:16.b.3-dfsg-1ubuntu2.2 erlang-dialyzer - 1:16.b.3-dfsg-1ubuntu2.2 No subscription required Medium CVE-2014-1693 CVE-2015-2774 CVE-2016-10253 CVE-2017-1000385 Ubuntu 14.04 LTS It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379) It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-5378) It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5380) It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. An attacker in control of a configured peer could use this to cause a denial of service (infinite loop). (CVE-2018-5381) Update Instructions: Run `sudo pro fix USN-3573-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.22.4-3ubuntu1.5 quagga-doc - 0.99.22.4-3ubuntu1.5 No subscription required Medium CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Ubuntu 14.04 LTS It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845) It was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381) Eric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043) Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683) Update Instructions: Run `sudo pro fix USN-3575-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.39 qemu-user-static - 2.0.0+dfsg-2ubuntu1.39 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.39 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.39 qemu-kvm - 2.0.0+dfsg-2ubuntu1.39 qemu-user - 2.0.0+dfsg-2ubuntu1.39 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.39 qemu-system - 2.0.0+dfsg-2ubuntu1.39 qemu-utils - 2.0.0+dfsg-2ubuntu1.39 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.39 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.39 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.39 qemu-common - 2.0.0+dfsg-2ubuntu1.39 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.39 qemu - 2.0.0+dfsg-2ubuntu1.39 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.39 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.39 No subscription required Medium CVE-2017-11334 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15118 CVE-2017-15119 CVE-2017-15124 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2018-5683 Ubuntu 14.04 LTS USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845) It was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381) Eric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043) Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683) Update Instructions: Run `sudo pro fix USN-3575-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.40 qemu-user-static - 2.0.0+dfsg-2ubuntu1.40 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.40 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.40 qemu-kvm - 2.0.0+dfsg-2ubuntu1.40 qemu-user - 2.0.0+dfsg-2ubuntu1.40 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.40 qemu-system - 2.0.0+dfsg-2ubuntu1.40 qemu-utils - 2.0.0+dfsg-2ubuntu1.40 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.40 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.40 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.40 qemu-common - 2.0.0+dfsg-2ubuntu1.40 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.40 qemu - 2.0.0+dfsg-2ubuntu1.40 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.40 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.40 No subscription required None https://launchpad.net/bugs/1752761 Ubuntu 14.04 LTS Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764) Update Instructions: Run `sudo pro fix USN-3576-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.26 libvirt-dev - 1.2.2-0ubuntu13.1.26 libvirt-doc - 1.2.2-0ubuntu13.1.26 libvirt-bin - 1.2.2-0ubuntu13.1.26 No subscription required Low CVE-2016-5008 CVE-2017-1000256 CVE-2018-5748 CVE-2018-6764 Ubuntu 14.04 LTS Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack. (CVE-2017-18190) Update Instructions: Run `sudo pro fix USN-3577-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.9 libcups2-dev - 1.7.2-0ubuntu1.9 cups-bsd - 1.7.2-0ubuntu1.9 libcupsmime1 - 1.7.2-0ubuntu1.9 cups-common - 1.7.2-0ubuntu1.9 cups-core-drivers - 1.7.2-0ubuntu1.9 cups-server-common - 1.7.2-0ubuntu1.9 libcupsimage2 - 1.7.2-0ubuntu1.9 cups-client - 1.7.2-0ubuntu1.9 libcupscgi1-dev - 1.7.2-0ubuntu1.9 libcups2 - 1.7.2-0ubuntu1.9 libcupsmime1-dev - 1.7.2-0ubuntu1.9 cups-ppdc - 1.7.2-0ubuntu1.9 libcupsppdc1 - 1.7.2-0ubuntu1.9 cups - 1.7.2-0ubuntu1.9 libcupsppdc1-dev - 1.7.2-0ubuntu1.9 libcupsimage2-dev - 1.7.2-0ubuntu1.9 cups-daemon - 1.7.2-0ubuntu1.9 No subscription required Medium CVE-2017-18190 Ubuntu 14.04 LTS It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. (CVE-2018-6871) Update Instructions: Run `sudo pro fix USN-3579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu5.3 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu5.3 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu5.3 libreoffice-impress - 1:4.2.8-0ubuntu5.3 libreoffice-officebean - 1:4.2.8-0ubuntu5.3 libreoffice-base - 1:4.2.8-0ubuntu5.3 libreoffice-librelogo - 1:4.2.8-0ubuntu5.3 libreoffice-java-common - 1:4.2.8-0ubuntu5.3 browser-plugin-libreoffice - 1:4.2.8-0ubuntu5.3 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu5.3 libreoffice-style-tango - 1:4.2.8-0ubuntu5.3 libreoffice-style-crystal - 1:4.2.8-0ubuntu5.3 libreoffice-kde - 1:4.2.8-0ubuntu5.3 libreoffice-l10n-ku - 1:4.2.8-0ubuntu5.3 libreoffice-style-galaxy - 1:4.2.8-0ubuntu5.3 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu5.3 libreoffice-core - 1:4.2.8-0ubuntu5.3 libreoffice-presenter-console - 1:4.2.8-0ubuntu5.3 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu5.3 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu5.3 libreoffice-script-provider-python - 1:4.2.8-0ubuntu5.3 libreoffice-common - 1:4.2.8-0ubuntu5.3 libreoffice-gnome - 1:4.2.8-0ubuntu5.3 libreoffice-dev - 1:4.2.8-0ubuntu5.3 libreoffice-gtk3 - 1:4.2.8-0ubuntu5.3 libreoffice-report-builder - 1:4.2.8-0ubuntu5.3 libreoffice-pdfimport - 1:4.2.8-0ubuntu5.3 libreoffice-base-core - 1:4.2.8-0ubuntu5.3 libreoffice-ogltrans - 1:4.2.8-0ubuntu5.3 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu5.3 libreoffice-gtk - 1:4.2.8-0ubuntu5.3 libreoffice-calc - 1:4.2.8-0ubuntu5.3 libreoffice-base-drivers - 1:4.2.8-0ubuntu5.3 libreoffice-style-oxygen - 1:4.2.8-0ubuntu5.3 libreoffice-emailmerge - 1:4.2.8-0ubuntu5.3 libreoffice-style-human - 1:4.2.8-0ubuntu5.3 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu5.3 python3-uno - 1:4.2.8-0ubuntu5.3 libreoffice-math - 1:4.2.8-0ubuntu5.3 libreoffice-writer - 1:4.2.8-0ubuntu5.3 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu5.3 libreoffice-script-provider-js - 1:4.2.8-0ubuntu5.3 libreoffice - 1:4.2.8-0ubuntu5.3 libreoffice-draw - 1:4.2.8-0ubuntu5.3 libreoffice-style-sifr - 1:4.2.8-0ubuntu5.3 libreoffice-dev-doc - 1:4.2.8-0ubuntu5.3 libreoffice-l10n-in - 1:4.2.8-0ubuntu5.3 libreoffice-l10n-za - 1:4.2.8-0ubuntu5.3 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu5.3 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu5.3 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu5.3 No subscription required uno-libs3 - 4.2.8-0ubuntu5.3 ure - 4.2.8-0ubuntu5.3 No subscription required High CVE-2018-6871 Ubuntu 14.04 LTS USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712) Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. (CVE-2015-8952) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-12190) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824) USN-3540-2 mitigated CVE-2017-5715 (Spectre Variant 2) for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) Update Instructions: Run `sudo pro fix USN-3582-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1014-aws - 4.4.0-1014.14 No subscription required linux-image-4.4.0-116-powerpc64-emb - 4.4.0-116.140~14.04.1 linux-image-extra-4.4.0-116-generic - 4.4.0-116.140~14.04.1 linux-image-4.4.0-116-lowlatency - 4.4.0-116.140~14.04.1 linux-image-4.4.0-116-generic - 4.4.0-116.140~14.04.1 linux-image-4.4.0-116-generic-lpae - 4.4.0-116.140~14.04.1 linux-image-4.4.0-116-powerpc-e500mc - 4.4.0-116.140~14.04.1 linux-image-4.4.0-116-powerpc64-smp - 4.4.0-116.140~14.04.1 linux-image-4.4.0-116-powerpc-smp - 4.4.0-116.140~14.04.1 No subscription required High CVE-2015-8952 CVE-2017-12190 CVE-2017-15115 CVE-2017-17712 CVE-2017-5715 CVE-2017-8824 Ubuntu 14.04 LTS It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0750) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-12190) It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) James Patrick-Evans discovered a race condition in the LEGO USB Infrared Tower driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15102) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) It was discovered that the key management subsystem in the Linux kernel did not properly handle NULL payloads with non-zero length values. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15274) It was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) implementation in the Linux kernel did not validate the type of socket passed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15868) Andrey Konovalov discovered a use-after-free vulnerability in the USB serial console driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16525) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) Denys Fedoryshchenko discovered a use-after-free vulnerability in the netfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-18017) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669) It was discovered that an integer overflow vulnerability existing in the IPv6 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-7542) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824) Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) 范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) USN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Update Instructions: Run `sudo pro fix USN-3583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-142-powerpc-smp - 3.13.0-142.191 linux-image-3.13.0-142-powerpc-e500mc - 3.13.0-142.191 linux-image-3.13.0-142-powerpc64-smp - 3.13.0-142.191 linux-image-3.13.0-142-powerpc64-emb - 3.13.0-142.191 linux-image-3.13.0-142-generic - 3.13.0-142.191 linux-image-3.13.0-142-generic-lpae - 3.13.0-142.191 linux-image-extra-3.13.0-142-generic - 3.13.0-142.191 linux-image-3.13.0-142-powerpc-e500 - 3.13.0-142.191 linux-image-3.13.0-142-lowlatency - 3.13.0-142.191 No subscription required Critical CVE-2017-0750 CVE-2017-0861 CVE-2017-1000407 CVE-2017-12153 CVE-2017-12190 CVE-2017-12192 CVE-2017-14051 CVE-2017-14140 CVE-2017-14156 CVE-2017-14489 CVE-2017-15102 CVE-2017-15115 CVE-2017-15274 CVE-2017-15868 CVE-2017-16525 CVE-2017-17450 CVE-2017-17806 CVE-2017-18017 CVE-2017-5669 CVE-2017-5754 CVE-2017-7542 CVE-2017-7889 CVE-2017-8824 CVE-2018-5333 CVE-2018-5344 Ubuntu 14.04 LTS Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sensible-utils - 0.0.9ubuntu0.14.04.1 No subscription required Medium CVE-2017-17512 Ubuntu 14.04 LTS It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3585-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 13.2.0-1ubuntu1.2 python-twisted-news - 13.2.0-1ubuntu1.2 python-twisted-lore - 13.2.0-1ubuntu1.2 python-twisted-names - 13.2.0-1ubuntu1.2 python-twisted-words - 13.2.0-1ubuntu1.2 python-twisted-runner - 13.2.0-1ubuntu1.2 python-twisted-core - 13.2.0-1ubuntu1.2 python-twisted-web - 13.2.0-1ubuntu1.2 python-twisted - 13.2.0-1ubuntu1.2 python-twisted-mail - 13.2.0-1ubuntu1.2 python-twisted-bin - 13.2.0-1ubuntu1.2 No subscription required python-twisted-conch - 1:13.2.0-1ubuntu1.2 No subscription required Low CVE-2016-1000111 Ubuntu 14.04 LTS Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774) It was discovered that the DHCP server incorrectly handled socket descriptors. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-3144) Felix Wilhelm discovered that the DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the dhclient AppArmor profile. (CVE-2018-5732) Felix Wilhelm discovered that the DHCP server incorrectly handled reference counting. A remote attacker could possibly use this issue to cause the DHCP server to crash, resulting in a denial of service. (CVE-2018-5733) Update Instructions: Run `sudo pro fix USN-3586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-relay - 4.2.4-7ubuntu12.12 isc-dhcp-client-noddns - 4.2.4-7ubuntu12.12 isc-dhcp-dev - 4.2.4-7ubuntu12.12 isc-dhcp-client - 4.2.4-7ubuntu12.12 isc-dhcp-common - 4.2.4-7ubuntu12.12 isc-dhcp-server - 4.2.4-7ubuntu12.12 isc-dhcp-client-udeb - 4.2.4-7ubuntu12.12 isc-dhcp-server-ldap - 4.2.4-7ubuntu12.12 No subscription required Medium CVE-2016-2774 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 Ubuntu 14.04 LTS It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2017-15130) Update Instructions: Run `sudo pro fix USN-3587-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.4 dovecot-mysql - 1:2.2.9-1ubuntu2.4 dovecot-sieve - 1:2.2.9-1ubuntu2.4 dovecot-core - 1:2.2.9-1ubuntu2.4 dovecot-ldap - 1:2.2.9-1ubuntu2.4 dovecot-sqlite - 1:2.2.9-1ubuntu2.4 dovecot-dev - 1:2.2.9-1ubuntu2.4 dovecot-pop3d - 1:2.2.9-1ubuntu2.4 dovecot-imapd - 1:2.2.9-1ubuntu2.4 dovecot-managesieved - 1:2.2.9-1ubuntu2.4 mail-stack-delivery - 1:2.2.9-1ubuntu2.4 dovecot-gssapi - 1:2.2.9-1ubuntu2.4 dovecot-solr - 1:2.2.9-1ubuntu2.4 dovecot-lmtpd - 1:2.2.9-1ubuntu2.4 No subscription required Medium CVE-2017-14461 CVE-2017-15130 Ubuntu 14.04 LTS Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service (daemon crash). (CVE-2017-9951) It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack. (CVE-2018-1000115) Update Instructions: Run `sudo pro fix USN-3588-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.14-0ubuntu9.2 No subscription required Low CVE-2017-9951 CVE-2018-1000115 Ubuntu 14.04 LTS It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3589-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.22-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.22-0ubuntu0.14.04 postgresql-9.3 - 9.3.22-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.22-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.22-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.22-0ubuntu0.14.04 libecpg6 - 9.3.22-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.22-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.22-0ubuntu0.14.04 libpgtypes3 - 9.3.22-0ubuntu0.14.04 libecpg-dev - 9.3.22-0ubuntu0.14.04 libpq-dev - 9.3.22-0ubuntu0.14.04 libpq5 - 9.3.22-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.22-0ubuntu0.14.04 libecpg-compat3 - 9.3.22-0ubuntu0.14.04 No subscription required Medium CVE-2018-1058 https://launchpad.net/bugs/1752271 Ubuntu 14.04 LTS It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7050) It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. (CVE-2018-7051) It was discovered that Irssi incorrectly handled an increase in the number of windows. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7052) It was discovered that Irssi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-7053) It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7054) Update Instructions: Run `sudo pro fix USN-3590-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.15-5ubuntu3.5 irssi - 0.8.15-5ubuntu3.5 No subscription required Medium CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 CVE-2018-7053 CVE-2018-7054 Ubuntu 14.04 LTS James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.2 python-django - 1.6.11-0ubuntu1.2 No subscription required Medium CVE-2018-7536 CVE-2018-7537 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085) Update Instructions: Run `sudo pro fix USN-3592-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav-testfiles - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav-base - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav - 0.99.4+addedllvm-0ubuntu0.14.04.1 libclamav7 - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav-daemon - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav-milter - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav-docs - 0.99.4+addedllvm-0ubuntu0.14.04.1 clamav-freshclam - 0.99.4+addedllvm-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-0202 CVE-2018-1000085 Ubuntu 14.04 LTS It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071) It was discovered that Zsh incorrectly handled some symbolic links. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072) It was discovered that Zsh incorrectly handled certain errors. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10714) It was discovered that Zsh incorrectly handled certain commands. An attacker could possibly use this to execute arbitrary code. (CVE-2017-18205) It was discovered that Zsh incorrectly handled certain symlinks. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possible use to execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7548) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-7549) Update Instructions: Run `sudo pro fix USN-3593-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-beta-doc - 5.0.2-3ubuntu6.1 zsh-static - 5.0.2-3ubuntu6.1 zsh-common - 5.0.2-3ubuntu6.1 zsh-beta - 5.0.2-3ubuntu6.1 zsh-dev - 5.0.2-3ubuntu6.1 zsh - 5.0.2-3ubuntu6.1 zsh-doc - 5.0.2-3ubuntu6.1 No subscription required Medium CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-7548 CVE-2018-7549 Ubuntu 14.04 LTS USN-3542-1 mitigated CVE-2017-5715 (Spectre Variant 2) for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) Update Instructions: Run `sudo pro fix USN-3594-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-143-powerpc-e500 - 3.13.0-143.192 linux-image-3.13.0-143-generic - 3.13.0-143.192 linux-image-extra-3.13.0-143-generic - 3.13.0-143.192 linux-image-3.13.0-143-generic-lpae - 3.13.0-143.192 linux-image-3.13.0-143-powerpc64-smp - 3.13.0-143.192 linux-image-3.13.0-143-powerpc-e500mc - 3.13.0-143.192 linux-image-3.13.0-143-powerpc64-emb - 3.13.0-143.192 linux-image-3.13.0-143-lowlatency - 3.13.0-143.192 linux-image-3.13.0-143-powerpc-smp - 3.13.0-143.192 No subscription required High CVE-2017-5715 https://usn.ubuntu.com/3542-1/ Ubuntu 14.04 LTS Björn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. (CVE-2018-1050) Update Instructions: Run `sudo pro fix USN-3595-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.14 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.14 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.14 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.14 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.14 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.14 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.14 No subscription required High CVE-2018-1050 CVE-2018-1057 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. (CVE-2018-5131) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information or bypass security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135) It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133) It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143) Update Instructions: Run `sudo pro fix USN-3596-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-nn - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ne - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-nb - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-fa - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-fi - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-fr - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-fy - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-or - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-kab - 59.0+build5-0ubuntu0.14.04.1 firefox-testsuite - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-oc - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-cs - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ga - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-gd - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-gn - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-gl - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-gu - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-pa - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-pl - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-cy - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-pt - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-hi - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-uk - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-he - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-hy - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-hr - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-hu - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-as - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ar - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ia - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-az - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-id - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-mai - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-af - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-is - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-it - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-an - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-bs - 59.0+build5-0ubuntu0.14.04.1 firefox - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ro - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ja - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ru - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-br - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-zh-hant - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-zh-hans - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-bn - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-be - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-bg - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-sl - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-sk - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-si - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-sw - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-sv - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-sr - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-sq - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ko - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-kn - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-km - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-kk - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ka - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-xh - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ca - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ku - 59.0+build5-0ubuntu0.14.04.1 firefox-mozsymbols - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-lv - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-lt - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-th - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-hsb - 59.0+build5-0ubuntu0.14.04.1 firefox-dev - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-te - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-cak - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ta - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-lg - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-tr - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-nso - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-de - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-da - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ms - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-mr - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-my - 59.0+build5-0ubuntu0.14.04.1 firefox-globalmenu - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-uz - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ml - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-mn - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-mk - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ur - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-vi - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-eu - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-et - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-es - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-csb - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-el - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-eo - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-en - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-zu - 59.0+build5-0ubuntu0.14.04.1 firefox-locale-ast - 59.0+build5-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5125 CVE-2018-5126 CVE-2018-5127 CVE-2018-5128 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5132 CVE-2018-5133 CVE-2018-5134 CVE-2018-5135 CVE-2018-5136 CVE-2018-5137 CVE-2018-5140 CVE-2018-5141 CVE-2018-5142 CVE-2018-5143 Ubuntu 14.04 LTS USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. (CVE-2018-5131) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information or bypass security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135) It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133) It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143) Update Instructions: Run `sudo pro fix USN-3596-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-nn - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ne - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-nb - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-fa - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-fi - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-fr - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-fy - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-or - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-kab - 59.0.2+build1-0ubuntu0.14.04.4 firefox-testsuite - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-oc - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-cs - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ga - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-gd - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-gn - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-gl - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-gu - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-pa - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-pl - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-cy - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-pt - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-hi - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-uk - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-he - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-hy - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-hr - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-hu - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-as - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ar - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ia - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-az - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-id - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-mai - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-af - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-is - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-it - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-an - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-bs - 59.0.2+build1-0ubuntu0.14.04.4 firefox - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ro - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ja - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ru - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-br - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-zh-hant - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-zh-hans - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-bn - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-be - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-bg - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-sl - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-sk - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-si - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-sw - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-sv - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-sr - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-sq - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ko - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-kn - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-km - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-kk - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ka - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-xh - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ca - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ku - 59.0.2+build1-0ubuntu0.14.04.4 firefox-mozsymbols - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-lv - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-lt - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-th - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-hsb - 59.0.2+build1-0ubuntu0.14.04.4 firefox-dev - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-te - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-cak - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ta - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-lg - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-tr - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-nso - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-de - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-da - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ms - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-mr - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-my - 59.0.2+build1-0ubuntu0.14.04.4 firefox-globalmenu - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-uz - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ml - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-mn - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-mk - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ur - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-vi - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-eu - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-et - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-es - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-csb - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-el - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-eo - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-en - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-zu - 59.0.2+build1-0ubuntu0.14.04.4 firefox-locale-ast - 59.0.2+build1-0ubuntu0.14.04.4 No subscription required None https://launchpad.net/bugs/1758107 Ubuntu 14.04 LTS Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-1000120) Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000121) Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. (CVE-2018-1000122) Update Instructions: Run `sudo pro fix USN-3598-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.15 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.15 libcurl4-openssl-dev - 7.35.0-1ubuntu2.15 libcurl3-gnutls - 7.35.0-1ubuntu2.15 libcurl3-udeb - 7.35.0-1ubuntu2.15 libcurl4-doc - 7.35.0-1ubuntu2.15 libcurl3-nss - 7.35.0-1ubuntu2.15 libcurl4-nss-dev - 7.35.0-1ubuntu2.15 libcurl3 - 7.35.0-1ubuntu2.15 curl - 7.35.0-1ubuntu2.15 No subscription required Medium CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Ubuntu 14.04 LTS An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146) Update Instructions: Run `sudo pro fix USN-3599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ne - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kab - 59.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gn - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ia - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 59.0.1+build1-0ubuntu0.14.04.1 firefox - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 59.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 59.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cak - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-my - 59.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uz - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ur - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 59.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 59.0.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5146 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712) It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-5712) It was discovered that PHP incorrectly handled parsing certain HTTP responses. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-7584) Update Instructions: Run `sudo pro fix USN-3600-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.24 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.24 php5-curl - 5.5.9+dfsg-1ubuntu4.24 php5-intl - 5.5.9+dfsg-1ubuntu4.24 php5-snmp - 5.5.9+dfsg-1ubuntu4.24 php5-mysql - 5.5.9+dfsg-1ubuntu4.24 php5-odbc - 5.5.9+dfsg-1ubuntu4.24 php5-xsl - 5.5.9+dfsg-1ubuntu4.24 php5-gd - 5.5.9+dfsg-1ubuntu4.24 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.24 php5-tidy - 5.5.9+dfsg-1ubuntu4.24 php5-dev - 5.5.9+dfsg-1ubuntu4.24 php5-pgsql - 5.5.9+dfsg-1ubuntu4.24 php5-enchant - 5.5.9+dfsg-1ubuntu4.24 php5-readline - 5.5.9+dfsg-1ubuntu4.24 php5-gmp - 5.5.9+dfsg-1ubuntu4.24 php5-fpm - 5.5.9+dfsg-1ubuntu4.24 php5-cgi - 5.5.9+dfsg-1ubuntu4.24 php5-sqlite - 5.5.9+dfsg-1ubuntu4.24 php5-ldap - 5.5.9+dfsg-1ubuntu4.24 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.24 php5 - 5.5.9+dfsg-1ubuntu4.24 php5-cli - 5.5.9+dfsg-1ubuntu4.24 php-pear - 5.5.9+dfsg-1ubuntu4.24 php5-sybase - 5.5.9+dfsg-1ubuntu4.24 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.24 php5-pspell - 5.5.9+dfsg-1ubuntu4.24 php5-common - 5.5.9+dfsg-1ubuntu4.24 libphp5-embed - 5.5.9+dfsg-1ubuntu4.24 No subscription required Medium CVE-2016-10712 CVE-2018-5712 CVE-2018-7584 Ubuntu 14.04 LTS It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3601-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.14-0ubuntu9.3 No subscription required Medium CVE-2018-1000127 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.8 libtiffxx5 - 4.0.3-7ubuntu0.8 libtiff5-dev - 4.0.3-7ubuntu0.8 libtiff4-dev - 4.0.3-7ubuntu0.8 libtiff5-alt-dev - 4.0.3-7ubuntu0.8 libtiff5 - 4.0.3-7ubuntu0.8 libtiff-tools - 4.0.3-7ubuntu0.8 libtiff-doc - 4.0.3-7ubuntu0.8 No subscription required Medium CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10371 CVE-2017-10688 CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-18013 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9815 CVE-2017-9936 CVE-2018-5784 Ubuntu 14.04 LTS Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3603-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: paramiko-doc - 1.10.1-1git1ubuntu0.1 python-paramiko - 1.10.1-1git1ubuntu0.1 No subscription required High CVE-2018-7750 Ubuntu 14.04 LTS Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvorbis0a - 1.3.2-1.3ubuntu1.2 libvorbisfile3 - 1.3.2-1.3ubuntu1.2 libvorbisenc2 - 1.3.2-1.3ubuntu1.2 libvorbis-dev - 1.3.2-1.3ubuntu1.2 No subscription required Medium CVE-2018-5146 Ubuntu 14.04 LTS It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3605-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sharutils - 1:4.14-1ubuntu1.1 sharutils-doc - 1:4.14-1ubuntu1.1 No subscription required Medium CVE-2018-1000097 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3606-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.9 libtiffxx5 - 4.0.3-7ubuntu0.9 libtiff5-dev - 4.0.3-7ubuntu0.9 libtiff4-dev - 4.0.3-7ubuntu0.9 libtiff5-alt-dev - 4.0.3-7ubuntu0.9 libtiff5 - 4.0.3-7ubuntu0.9 libtiff-tools - 4.0.3-7ubuntu0.9 libtiff-doc - 4.0.3-7ubuntu0.9 No subscription required Medium CVE-2016-3186 CVE-2016-5102 CVE-2016-5318 CVE-2017-11613 CVE-2017-12944 CVE-2017-17095 CVE-2017-18013 CVE-2017-5563 CVE-2017-9117 CVE-2017-9147 CVE-2017-9935 CVE-2018-5784 Ubuntu 14.04 LTS It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations. Update Instructions: Run `sudo pro fix USN-3607-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen-resolution-extra - 0.17.1.1~14.04.1 No subscription required Medium CVE-2018-8885 Ubuntu 14.04 LTS Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-1071) It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1083) Update Instructions: Run `sudo pro fix USN-3608-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-beta-doc - 5.0.2-3ubuntu6.2 zsh-static - 5.0.2-3ubuntu6.2 zsh-common - 5.0.2-3ubuntu6.2 zsh-beta - 5.0.2-3ubuntu6.2 zsh-dev - 5.0.2-3ubuntu6.2 zsh - 5.0.2-3ubuntu6.2 zsh-doc - 5.0.2-3ubuntu6.2 No subscription required Medium CVE-2018-1071 CVE-2018-1083 Ubuntu 14.04 LTS A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3609-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ne - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kab - 59.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ia - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 59.0.2+build1-0ubuntu0.14.04.1 firefox - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 59.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 59.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-my - 59.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ur - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 59.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 59.0.2+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5148 Ubuntu 14.04 LTS It was discovered that ICU incorrectly handled certain calendars. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3610-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.8 libicu52 - 52.1-3ubuntu0.8 libicu-dev - 52.1-3ubuntu0.8 icu-doc - 52.1-3ubuntu0.8 No subscription required Medium CVE-2017-15422 Ubuntu 14.04 LTS It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3611-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.24 libssl-dev - 1.0.1f-1ubuntu2.24 openssl - 1.0.1f-1ubuntu2.24 libssl-doc - 1.0.1f-1ubuntu2.24 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.24 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.24 No subscription required Medium CVE-2018-0739 Ubuntu 14.04 LTS Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3612-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librelp0 - 1.2.2-2ubuntu1.1 librelp-dev - 1.2.2-2ubuntu1.1 No subscription required Medium CVE-2018-1000140 Ubuntu 14.04 LTS It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588) It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. (CVE-2018-2599) It was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource bundle classes. A local attacker could use this to trick a user into running malicious code. (CVE-2018-2602) It was discovered that OpenJDK did not properly restrict memory allocations when parsing DER input. A remote attacker could possibly use this to cause a denial of service. (CVE-2018-2603) It was discovered that the Java Cryptography Extension (JCE) implementation in OpenJDK in some situations did not guarantee sufficient strength of keys during key agreement. An attacker could use this to expose sensitive information. (CVE-2018-2618) It was discovered that the Java GSS implementation in OpenJDK in some situations did not properly handle GSS contexts in the native GSS library. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2629) It was discovered that the LDAP implementation in OpenJDK did not properly handle LDAP referrals in some situations. An attacker could possibly use this to expose sensitive information or gain unauthorized privileges. (CVE-2018-2633) It was discovered that the Java GSS implementation in OpenJDK in some situations did not properly apply subject credentials. An attacker could possibly use this to expose sensitive information or gain access to unauthorized resources. (CVE-2018-2634) It was discovered that the Java Management Extensions (JMX) component of OpenJDK did not properly apply deserialization filters in some situations. An attacker could use this to bypass deserialization restrictions. (CVE-2018-2637) It was discovered that a use-after-free vulnerability existed in the AWT component of OpenJDK when loading the GTK library. An attacker could possibly use this to execute arbitrary code and escape Java sandbox restrictions. (CVE-2018-2641) It was discovered that in some situations OpenJDK did not properly validate objects when performing deserialization. An attacker could use this to cause a denial of service (application crash or excessive memory consumption). (CVE-2018-2663) It was discovered that the AWT component of OpenJDK did not properly restrict the amount of memory allocated when deserializing some objects. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2677) It was discovered that the JNDI component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects in some situations. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2678) Update Instructions: Run `sudo pro fix USN-3614-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-source - 7u171-2.6.13-0ubuntu0.14.04.2 icedtea-7-jre-jamvm - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-tests - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre-lib - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jdk - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre-headless - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-doc - 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-demo - 7u171-2.6.13-0ubuntu0.14.04.2 No subscription required Medium CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 Ubuntu 14.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3615-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw9 - 0.15.4-1ubuntu0.2 libraw-doc - 0.15.4-1ubuntu0.2 libraw-bin - 0.15.4-1ubuntu0.2 libraw-dev - 0.15.4-1ubuntu0.2 No subscription required Medium CVE-2017-16909 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 Ubuntu 14.04 LTS It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-3616-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-crypto-doc - 2.6.1-4ubuntu0.3 python3-crypto - 2.6.1-4ubuntu0.3 python-crypto - 2.6.1-4ubuntu0.3 No subscription required Medium CVE-2018-6594 Ubuntu 14.04 LTS It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3618-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linuxvnc - 0.9.9+dfsg-1ubuntu1.3 libvncserver0 - 0.9.9+dfsg-1ubuntu1.3 libvncserver-config - 0.9.9+dfsg-1ubuntu1.3 libvncserver-dev - 0.9.9+dfsg-1ubuntu1.3 No subscription required Medium CVE-2018-7225 Ubuntu 14.04 LTS USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) 范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043) Update Instructions: Run `sudo pro fix USN-3619-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1016-aws - 4.4.0-1016.16 No subscription required linux-image-extra-4.4.0-119-generic - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-generic - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-powerpc-e500mc - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-powerpc-smp - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-powerpc64-smp - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-lowlatency - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-powerpc64-emb - 4.4.0-119.143~14.04.1 linux-image-4.4.0-119-generic-lpae - 4.4.0-119.143~14.04.1 No subscription required High CVE-2017-0861 CVE-2017-1000407 CVE-2017-11472 CVE-2017-15129 CVE-2017-16528 CVE-2017-16532 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16649 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16994 CVE-2017-16995 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-17862 CVE-2017-18075 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-7518 CVE-2018-1000026 CVE-2018-5332 CVE-2018-5333 CVE-2018-5344 CVE-2018-6927 CVE-2018-7492 CVE-2018-8043 Ubuntu 14.04 LTS It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Update Instructions: Run `sudo pro fix USN-3620-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-144-powerpc64-smp - 3.13.0-144.193 linux-image-3.13.0-144-powerpc-e500 - 3.13.0-144.193 linux-image-3.13.0-144-generic-lpae - 3.13.0-144.193 linux-image-3.13.0-144-powerpc-smp - 3.13.0-144.193 linux-image-3.13.0-144-powerpc-e500mc - 3.13.0-144.193 linux-image-3.13.0-144-lowlatency - 3.13.0-144.193 linux-image-3.13.0-144-powerpc64-emb - 3.13.0-144.193 linux-image-3.13.0-144-generic - 3.13.0-144.193 linux-image-extra-3.13.0-144-generic - 3.13.0-144.193 No subscription required Medium CVE-2017-11089 CVE-2017-12762 CVE-2017-17448 CVE-2017-17741 CVE-2017-17805 CVE-2017-17807 CVE-2018-1000026 CVE-2018-5332 Ubuntu 14.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-1000073) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-1000075) It was discovered that Ruby incorrectly handled certain crypto signatures. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000076) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079) Update Instructions: Run `sudo pro fix USN-3621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.8 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.8 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.8 ruby1.9.1-full - 1.9.3.484-2ubuntu1.8 libruby1.9.1 - 1.9.3.484-2ubuntu1.8 ri1.9.1 - 1.9.3.484-2ubuntu1.8 ruby1.9.1 - 1.9.3.484-2ubuntu1.8 ruby1.9.3 - 1.9.3.484-2ubuntu1.8 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.6 libruby2.0 - 2.0.0.484-1ubuntu2.6 ruby2.0-doc - 2.0.0.484-1ubuntu2.6 ruby2.0 - 2.0.0.484-1ubuntu2.6 ruby2.0-dev - 2.0.0.484-1ubuntu2.6 No subscription required Medium CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 Ubuntu 14.04 LTS USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-1000073) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-1000075) It was discovered that Ruby incorrectly handled certain crypto signatures. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000076) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079) Update Instructions: Run `sudo pro fix USN-3621-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.10 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.10 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.10 ruby1.9.1-full - 1.9.3.484-2ubuntu1.10 libruby1.9.1 - 1.9.3.484-2ubuntu1.10 ri1.9.1 - 1.9.3.484-2ubuntu1.10 ruby1.9.1 - 1.9.3.484-2ubuntu1.10 ruby1.9.3 - 1.9.3.484-2ubuntu1.10 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.8 libruby2.0 - 2.0.0.484-1ubuntu2.8 ruby2.0-doc - 2.0.0.484-1ubuntu2.8 ruby2.0 - 2.0.0.484-1ubuntu2.8 ruby2.0-dev - 2.0.0.484-1ubuntu2.8 No subscription required Medium CVE-2018-1000074 Ubuntu 14.04 LTS It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3622-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwayland-dev - 1.4.0-1ubuntu1.1 libwayland-server0 - 1.4.0-1ubuntu1.1 libwayland0 - 1.4.0-1ubuntu1.1 libwayland-cursor0 - 1.4.0-1ubuntu1.1 libwayland-client0 - 1.4.0-1ubuntu1.1 No subscription required Medium CVE-2017-16612 Ubuntu 14.04 LTS It was discovered that ubuntu-release-upgrader did not correctly drop permissions before opening a browser to view the release notes. This update fixes the issue. Update Instructions: Run `sudo pro fix USN-3623-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-release-upgrader-core - 1:0.220.10 python3-distupgrade - 1:0.220.10 ubuntu-release-upgrader-gtk - 1:0.220.10 ubuntu-release-upgrader-qt - 1:0.220.10 No subscription required None https://launchpad.net/bugs/1174007 Ubuntu 14.04 LTS It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6951) Update Instructions: Run `sudo pro fix USN-3624-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: patch - 2.7.1-4ubuntu2.4 No subscription required Medium CVE-2016-10713 CVE-2018-1000156 CVE-2018-6951 Ubuntu 14.04 LTS It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8853) It was discovered that Perl incorrectly loaded libraries from the current working directory. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6185) It was discovered that Perl incorrectly handled the rmtree and remove_tree functions. A local attacker could possibly use this issue to set the mode on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-6512) Brian Carpenter discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6797) Nguyen Duc Manh discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6798) GwanYeong Kim discovered that Perl incorrectly handled certain data when using the pack function. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-6913) Update Instructions: Run `sudo pro fix USN-3625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.4 perl-doc - 5.18.2-2ubuntu1.4 libperl5.18 - 5.18.2-2ubuntu1.4 perl-base - 5.18.2-2ubuntu1.4 perl-modules - 5.18.2-2ubuntu1.4 libcgi-fast-perl - 5.18.2-2ubuntu1.4 perl - 5.18.2-2ubuntu1.4 perl-debug - 5.18.2-2ubuntu1.4 No subscription required Medium CVE-2015-8853 CVE-2016-6185 CVE-2017-6512 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Ubuntu 14.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-6914) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-8778, CVE-2018-8780) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to connect to an unintended socket. (CVE-2018-8779) Update Instructions: Run `sudo pro fix USN-3626-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.11 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.11 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.11 ruby1.9.1-full - 1.9.3.484-2ubuntu1.11 libruby1.9.1 - 1.9.3.484-2ubuntu1.11 ri1.9.1 - 1.9.3.484-2ubuntu1.11 ruby1.9.1 - 1.9.3.484-2ubuntu1.11 ruby1.9.3 - 1.9.3.484-2ubuntu1.11 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.9 libruby2.0 - 2.0.0.484-1ubuntu2.9 ruby2.0-doc - 2.0.0.484-1ubuntu2.9 ruby2.0 - 2.0.0.484-1ubuntu2.9 ruby2.0-dev - 2.0.0.484-1ubuntu2.9 No subscription required Medium CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Ubuntu 14.04 LTS Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. (CVE-2017-15715) It was discovered that the Apache HTTP Server mod_session module incorrectly handled certain headers. A remote attacker could possibly use this issue to influence session data. (CVE-2018-1283) Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301) Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache module incorrectly handled certain headers. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1303) Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312) Update Instructions: Run `sudo pro fix USN-3627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.20 libapache2-mod-macro - 1:2.4.7-1ubuntu4.20 No subscription required apache2-data - 2.4.7-1ubuntu4.20 apache2.2-bin - 2.4.7-1ubuntu4.20 apache2-utils - 2.4.7-1ubuntu4.20 apache2-dev - 2.4.7-1ubuntu4.20 apache2-mpm-worker - 2.4.7-1ubuntu4.20 apache2-suexec-custom - 2.4.7-1ubuntu4.20 apache2-suexec - 2.4.7-1ubuntu4.20 apache2 - 2.4.7-1ubuntu4.20 apache2-suexec-pristine - 2.4.7-1ubuntu4.20 apache2-doc - 2.4.7-1ubuntu4.20 apache2-mpm-prefork - 2.4.7-1ubuntu4.20 apache2-mpm-itk - 2.4.7-1ubuntu4.20 apache2-mpm-event - 2.4.7-1ubuntu4.20 apache2-bin - 2.4.7-1ubuntu4.20 No subscription required Medium CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 Ubuntu 14.04 LTS Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Update Instructions: Run `sudo pro fix USN-3628-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.25 libssl-dev - 1.0.1f-1ubuntu2.25 openssl - 1.0.1f-1ubuntu2.25 libssl-doc - 1.0.1f-1ubuntu2.25 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.25 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.25 No subscription required Low CVE-2018-0737 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Update Instructions: Run `sudo pro fix USN-3629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.60-0ubuntu0.14.04.1 mysql-client - 5.5.60-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.60-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.60-0ubuntu0.14.04.1 libmysqld-pic - 5.5.60-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.60-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.60-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.60-0ubuntu0.14.04.1 mysql-common - 5.5.60-0ubuntu0.14.04.1 mysql-server - 5.5.60-0ubuntu0.14.04.1 mysql-testsuite - 5.5.60-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.60-0ubuntu0.14.04.1 libmysqld-dev - 5.5.60-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.60-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846 Ubuntu 14.04 LTS USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock). (CVE-2018-1000004) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) 范龙飞 discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use-after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7566) Update Instructions: Run `sudo pro fix USN-3631-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1017-aws - 4.4.0-1017.17 No subscription required linux-image-4.4.0-121-powerpc-smp - 4.4.0-121.145~14.04.1 linux-image-extra-4.4.0-121-generic - 4.4.0-121.145~14.04.1 linux-image-4.4.0-121-generic-lpae - 4.4.0-121.145~14.04.1 linux-image-4.4.0-121-powerpc-e500mc - 4.4.0-121.145~14.04.1 linux-image-4.4.0-121-lowlatency - 4.4.0-121.145~14.04.1 linux-image-4.4.0-121-powerpc64-smp - 4.4.0-121.145~14.04.1 linux-image-4.4.0-121-powerpc64-emb - 4.4.0-121.145~14.04.1 linux-image-4.4.0-121-generic - 4.4.0-121.145~14.04.1 No subscription required Medium CVE-2017-13305 CVE-2017-16538 CVE-2018-1000004 CVE-2018-5750 CVE-2018-7566 Ubuntu 14.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. (CVE-2016-10317) It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10194) Update Instructions: Run `sudo pro fix USN-3636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.12 ghostscript-x - 9.10~dfsg-0ubuntu10.12 libgs-dev - 9.10~dfsg-0ubuntu10.12 ghostscript-doc - 9.10~dfsg-0ubuntu10.12 libgs9 - 9.10~dfsg-0ubuntu10.12 libgs9-common - 9.10~dfsg-0ubuntu10.12 No subscription required Medium CVE-2016-10317 CVE-2018-10194 Ubuntu 14.04 LTS It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3638-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqpdf-dev - 8.0.2-3~14.04.1 qpdf - 8.0.2-3~14.04.1 libqpdf21 - 8.0.2-3~14.04.1 No subscription required Medium CVE-2015-9252 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-18183 CVE-2017-18184 CVE-2017-18185 CVE-2017-18186 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 CVE-2018-9918 Ubuntu 14.04 LTS Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897) Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087) Andy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1000199) Update Instructions: Run `sudo pro fix USN-3641-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-147-generic-lpae - 3.13.0-147.196 linux-image-3.13.0-147-powerpc-e500 - 3.13.0-147.196 linux-image-3.13.0-147-powerpc64-smp - 3.13.0-147.196 linux-image-3.13.0-147-powerpc64-emb - 3.13.0-147.196 linux-image-3.13.0-147-powerpc-smp - 3.13.0-147.196 linux-image-extra-3.13.0-147-generic - 3.13.0-147.196 linux-image-3.13.0-147-powerpc-e500mc - 3.13.0-147.196 linux-image-3.13.0-147-generic - 3.13.0-147.196 linux-image-3.13.0-147-lowlatency - 3.13.0-147.196 No subscription required linux-image-4.4.0-1019-aws - 4.4.0-1019.19 No subscription required linux-image-4.4.0-124-powerpc64-smp - 4.4.0-124.148~14.04.1 linux-image-extra-4.4.0-124-generic - 4.4.0-124.148~14.04.1 linux-image-4.4.0-124-generic-lpae - 4.4.0-124.148~14.04.1 linux-image-4.4.0-124-powerpc-smp - 4.4.0-124.148~14.04.1 linux-image-4.4.0-124-powerpc-e500mc - 4.4.0-124.148~14.04.1 linux-image-4.4.0-124-lowlatency - 4.4.0-124.148~14.04.1 linux-image-4.4.0-124-powerpc64-emb - 4.4.0-124.148~14.04.1 linux-image-4.4.0-124-generic - 4.4.0-124.148~14.04.1 No subscription required High CVE-2018-1000199 CVE-2018-1087 CVE-2018-8897 Ubuntu 14.04 LTS It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values. Update Instructions: Run `sudo pro fix USN-3643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.15-1ubuntu1.14.04.4 wget-udeb - 1.15-1ubuntu1.14.04.4 No subscription required Medium CVE-2018-0494 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166) It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167) It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169) It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172) It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176) It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181) It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182) Update Instructions: Run `sudo pro fix USN-3645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ne - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-kab - 60.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-gn - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ia - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 60.0+build2-0ubuntu0.14.04.1 firefox - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 60.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 60.0+build2-0ubuntu0.14.04.1 firefox-dev - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-cak - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-my - 60.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ur - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 60.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 60.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 Ubuntu 14.04 LTS USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166) It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167) It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169) It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172) It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176) It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181) It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182) Update Instructions: Run `sudo pro fix USN-3645-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ne - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kab - 60.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gn - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ia - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 60.0.1+build2-0ubuntu0.14.04.1 firefox - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 60.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 60.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cak - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-my - 60.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ur - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 60.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 60.0.1+build2-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1772115 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. (CVE-2018-10545) It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2018-10546) It was discovered that the PHP PHAR error pages incorrectly filtered certain data. A remote attacker could possibly use this issue to perform a reflected XSS attack. (CVE-2018-10547) It was discovered that PHP incorrectly handled LDAP. A malicious remote LDAP server could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-10548) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS. (CVE-2018-10549) Update Instructions: Run `sudo pro fix USN-3646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.25 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.25 php5-curl - 5.5.9+dfsg-1ubuntu4.25 php5-intl - 5.5.9+dfsg-1ubuntu4.25 php5-snmp - 5.5.9+dfsg-1ubuntu4.25 php5-mysql - 5.5.9+dfsg-1ubuntu4.25 php5-odbc - 5.5.9+dfsg-1ubuntu4.25 php5-xsl - 5.5.9+dfsg-1ubuntu4.25 php5-gd - 5.5.9+dfsg-1ubuntu4.25 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.25 php5-tidy - 5.5.9+dfsg-1ubuntu4.25 php5-dev - 5.5.9+dfsg-1ubuntu4.25 php5-pgsql - 5.5.9+dfsg-1ubuntu4.25 php5-enchant - 5.5.9+dfsg-1ubuntu4.25 php5-readline - 5.5.9+dfsg-1ubuntu4.25 php5-gmp - 5.5.9+dfsg-1ubuntu4.25 php5-fpm - 5.5.9+dfsg-1ubuntu4.25 php5-cgi - 5.5.9+dfsg-1ubuntu4.25 php5-sqlite - 5.5.9+dfsg-1ubuntu4.25 php5-ldap - 5.5.9+dfsg-1ubuntu4.25 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.25 php5 - 5.5.9+dfsg-1ubuntu4.25 php5-cli - 5.5.9+dfsg-1ubuntu4.25 php-pear - 5.5.9+dfsg-1ubuntu4.25 php5-sybase - 5.5.9+dfsg-1ubuntu4.25 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.25 php5-pspell - 5.5.9+dfsg-1ubuntu4.25 php5-common - 5.5.9+dfsg-1ubuntu4.25 libphp5-embed - 5.5.9+dfsg-1ubuntu4.25 No subscription required Medium CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 Ubuntu 14.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2017-18267) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768) Update Instructions: Run `sudo pro fix USN-3647-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.11 libpoppler-qt5-1 - 0.24.5-2ubuntu4.11 libpoppler-cpp-dev - 0.24.5-2ubuntu4.11 libpoppler-cpp0 - 0.24.5-2ubuntu4.11 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.11 libpoppler-dev - 0.24.5-2ubuntu4.11 libpoppler-glib8 - 0.24.5-2ubuntu4.11 libpoppler-private-dev - 0.24.5-2ubuntu4.11 libpoppler-qt4-dev - 0.24.5-2ubuntu4.11 libpoppler-glib-dev - 0.24.5-2ubuntu4.11 libpoppler-qt4-4 - 0.24.5-2ubuntu4.11 libpoppler44 - 0.24.5-2ubuntu4.11 libpoppler-qt5-dev - 0.24.5-2ubuntu4.11 libpoppler-glib-doc - 0.24.5-2ubuntu4.11 No subscription required Medium CVE-2017-18267 CVE-2018-10768 Ubuntu 14.04 LTS Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300) Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301) Update Instructions: Run `sudo pro fix USN-3648-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.16 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.16 libcurl4-openssl-dev - 7.35.0-1ubuntu2.16 libcurl3-gnutls - 7.35.0-1ubuntu2.16 libcurl3-udeb - 7.35.0-1ubuntu2.16 libcurl4-doc - 7.35.0-1ubuntu2.16 libcurl3-nss - 7.35.0-1ubuntu2.16 libcurl4-nss-dev - 7.35.0-1ubuntu2.16 libcurl3 - 7.35.0-1ubuntu2.16 curl - 7.35.0-1ubuntu2.16 No subscription required Medium CVE-2018-1000300 CVE-2018-1000301 Ubuntu 14.04 LTS Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16845) Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2018-7550) Ross Lagerwall discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7858) Update Instructions: Run `sudo pro fix USN-3649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.41 qemu-user-static - 2.0.0+dfsg-2ubuntu1.41 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.41 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.41 qemu-kvm - 2.0.0+dfsg-2ubuntu1.41 qemu-user - 2.0.0+dfsg-2ubuntu1.41 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.41 qemu-system - 2.0.0+dfsg-2ubuntu1.41 qemu-utils - 2.0.0+dfsg-2ubuntu1.41 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.41 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.41 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.41 qemu-common - 2.0.0+dfsg-2ubuntu1.41 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.41 qemu - 2.0.0+dfsg-2ubuntu1.41 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.41 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.41 No subscription required Medium CVE-2017-16845 CVE-2018-7550 CVE-2018-7858 Ubuntu 14.04 LTS It was discovered that xdg-utils incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.0~rc1-2ubuntu7.2 No subscription required Medium CVE-2017-18266 Ubuntu 14.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386. Update Instructions: Run `sudo pro fix USN-3651-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.42 qemu-user-static - 2.0.0+dfsg-2ubuntu1.42 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.42 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.42 qemu-kvm - 2.0.0+dfsg-2ubuntu1.42 qemu-user - 2.0.0+dfsg-2ubuntu1.42 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.42 qemu-system - 2.0.0+dfsg-2ubuntu1.42 qemu-utils - 2.0.0+dfsg-2ubuntu1.42 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.42 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.42 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.42 qemu-common - 2.0.0+dfsg-2ubuntu1.42 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.42 qemu - 2.0.0+dfsg-2ubuntu1.42 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.42 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.42 No subscription required Medium CVE-2018-3639 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 14.04 LTS USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822) Update Instructions: Run `sudo pro fix USN-3654-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1022-aws - 4.4.0-1022.22 No subscription required linux-image-4.4.0-127-powerpc-e500mc - 4.4.0-127.153~14.04.1 linux-image-4.4.0-127-powerpc64-emb - 4.4.0-127.153~14.04.1 linux-image-extra-4.4.0-127-generic - 4.4.0-127.153~14.04.1 linux-image-4.4.0-127-generic - 4.4.0-127.153~14.04.1 linux-image-4.4.0-127-generic-lpae - 4.4.0-127.153~14.04.1 linux-image-4.4.0-127-powerpc64-smp - 4.4.0-127.153~14.04.1 linux-image-4.4.0-127-powerpc-smp - 4.4.0-127.153~14.04.1 linux-image-4.4.0-127-lowlatency - 4.4.0-127.153~14.04.1 No subscription required Medium CVE-2017-17975 CVE-2017-18193 CVE-2017-18222 CVE-2018-1065 CVE-2018-1068 CVE-2018-1130 CVE-2018-3639 CVE-2018-5803 CVE-2018-7480 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 14.04 LTS Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) It was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220) It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Kefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822) Update Instructions: Run `sudo pro fix USN-3655-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-149-lowlatency - 3.13.0-149.199 linux-image-extra-3.13.0-149-generic - 3.13.0-149.199 linux-image-3.13.0-149-powerpc64-emb - 3.13.0-149.199 linux-image-3.13.0-149-powerpc-e500mc - 3.13.0-149.199 linux-image-3.13.0-149-generic - 3.13.0-149.199 linux-image-3.13.0-149-powerpc-e500 - 3.13.0-149.199 linux-image-3.13.0-149-powerpc-smp - 3.13.0-149.199 linux-image-3.13.0-149-powerpc64-smp - 3.13.0-149.199 linux-image-3.13.0-149-generic-lpae - 3.13.0-149.199 No subscription required Medium CVE-2017-12134 CVE-2017-13220 CVE-2017-13305 CVE-2017-17449 CVE-2017-18079 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-18221 CVE-2018-3639 CVE-2018-8822 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 14.04 LTS It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124) It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126) Update Instructions: Run `sudo pro fix USN-3658-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprocps3 - 1:3.3.9-1ubuntu2.3 libprocps3-dev - 1:3.3.9-1ubuntu2.3 procps - 1:3.3.9-1ubuntu2.3 No subscription required Medium CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Ubuntu 14.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3659-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.6 libspice-server1 - 0.12.4-0nocelt2ubuntu1.6 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.6 No subscription required Medium CVE-2017-12194 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178) An issue was discovered when processing message headers in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application hang. (CVE-2018-5161) It was discovered encrypted messages could leak plaintext via the src attribute of remote images or links. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5162) It was discovered that the filename of an attachment could be spoofed. An attacker could potentially exploit this by tricking the user in to opening an attachment of a different type to the one expected. (CVE-2018-5170) Multiple security issues were discovered in Skia. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2018-5183) It was discovered that S/MIME encrypted messages with remote content could leak plaintext via a chosen-ciphertext attack. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5184) It was discovered that plaintext of decrypted emails could leak by submitting an embedded form. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5185) Update Instructions: Run `sudo pro fix USN-3660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.8.0+build1-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.8.0+build1-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-dev - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.8.0+build1-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.8.0+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 Ubuntu 14.04 LTS It was discovered that Batik incorrectly handled certain XML. An attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-3661-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbatik-java - 1.7.ubuntu-8ubuntu2.14.04.3 No subscription required Medium CVE-2018-8013 Ubuntu 14.04 LTS It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Update Instructions: Run `sudo pro fix USN-3662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-opencl-icd-384 - 384.130-0ubuntu0.14.04.1 nvidia-libopencl1-375 - 384.130-0ubuntu0.14.04.1 nvidia-375-dev - 384.130-0ubuntu0.14.04.1 nvidia-libopencl1-384 - 384.130-0ubuntu0.14.04.1 nvidia-384-dev - 384.130-0ubuntu0.14.04.1 nvidia-opencl-icd-375 - 384.130-0ubuntu0.14.04.1 libcuda1-384 - 384.130-0ubuntu0.14.04.1 nvidia-384 - 384.130-0ubuntu0.14.04.1 libcuda1-375 - 384.130-0ubuntu0.14.04.1 nvidia-375 - 384.130-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-6249 CVE-2018-6253 Ubuntu 14.04 LTS USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers. Update Instructions: Run `sudo pro fix USN-3664-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29 python3-problem-report - 2.14.1-0ubuntu3.29 apport-kde - 2.14.1-0ubuntu3.29 apport-retrace - 2.14.1-0ubuntu3.29 apport-valgrind - 2.14.1-0ubuntu3.29 python3-apport - 2.14.1-0ubuntu3.29 dh-apport - 2.14.1-0ubuntu3.29 apport-gtk - 2.14.1-0ubuntu3.29 apport - 2.14.1-0ubuntu3.29 python-problem-report - 2.14.1-0ubuntu3.29 apport-noui - 2.14.1-0ubuntu3.29 No subscription required High CVE-2018-6552 Ubuntu 14.04 LTS It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616, CVE-2017-12617) It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. (CVE-2017-15706) It was discovered that Tomcat incorrectly handled en empty string URL pattern in security constraint definitions. A remote attacker could possibly use this issue to gain access to web application resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304) It was discovered that Tomcat incorrectly handled applying certain security constraints. A remote attacker could possibly access certain resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305) It was discovered that the Tomcat CORS filter default settings were insecure and would enable 'supportsCredentials' for all origins, contrary to expectations. (CVE-2018-8014) Update Instructions: Run `sudo pro fix USN-3665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.14 libservlet3.0-java - 7.0.52-1ubuntu0.14 tomcat7-docs - 7.0.52-1ubuntu0.14 libservlet3.0-java-doc - 7.0.52-1ubuntu0.14 tomcat7 - 7.0.52-1ubuntu0.14 libtomcat7-java - 7.0.52-1ubuntu0.14 tomcat7-user - 7.0.52-1ubuntu0.14 tomcat7-admin - 7.0.52-1ubuntu0.14 tomcat7-examples - 7.0.52-1ubuntu0.14 No subscription required Medium CVE-2017-12616 CVE-2017-12617 CVE-2017-15706 CVE-2018-1304 CVE-2018-1305 CVE-2018-8014 Ubuntu 14.04 LTS It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2017-12141, CVE-2017-9146, CVE-2017-9471, CVE-2017-9473) It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to access sensitive information. (CVE-2017-9058) Update Instructions: Run `sudo pro fix USN-3667-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libytnef0-dev - 1.5-6ubuntu0.2 libytnef0 - 1.5-6ubuntu0.2 No subscription required Medium CVE-2017-12141 CVE-2017-9058 CVE-2017-9146 CVE-2017-9471 CVE-2017-9473 Ubuntu 14.04 LTS It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3668-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exempi - 2.2.1-1ubuntu1.1 libexempi3 - 2.2.1-1ubuntu1.1 libexempi-dev - 2.2.1-1ubuntu1.1 No subscription required Medium CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 Ubuntu 14.04 LTS It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11440) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-11577) Update Instructions: Run `sudo pro fix USN-3669-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 2.5.3-2ubuntu1.3 liblouis2 - 2.5.3-2ubuntu1.3 python-louis - 2.5.3-2ubuntu1.3 liblouis-dev - 2.5.3-2ubuntu1.3 python3-louis - 2.5.3-2ubuntu1.3 liblouis-data - 2.5.3-2ubuntu1.3 No subscription required Medium CVE-2018-11410 CVE-2018-11440 CVE-2018-11577 Ubuntu 14.04 LTS Agostino Sarubbo discovered that elfutils incorrectly handled certain malformed ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, elfutils could be made to crash or consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3670-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasm1 - 0.158-0ubuntu5.3 libdw-dev - 0.158-0ubuntu5.3 libelf1 - 0.158-0ubuntu5.3 libelf-dev - 0.158-0ubuntu5.3 elfutils - 0.158-0ubuntu5.3 libdw1 - 0.158-0ubuntu5.3 libasm-dev - 0.158-0ubuntu5.3 No subscription required Medium CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 Ubuntu 14.04 LTS Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. (CVE-2018-11235) It was discovered that an integer overflow existed in git's pathname consistency checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233) Update Instructions: Run `sudo pro fix USN-3671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.8 gitweb - 1:1.9.1-1ubuntu0.8 git-gui - 1:1.9.1-1ubuntu0.8 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.8 git-arch - 1:1.9.1-1ubuntu0.8 git-bzr - 1:1.9.1-1ubuntu0.8 git-el - 1:1.9.1-1ubuntu0.8 gitk - 1:1.9.1-1ubuntu0.8 git-all - 1:1.9.1-1ubuntu0.8 git-mediawiki - 1:1.9.1-1ubuntu0.8 git-daemon-run - 1:1.9.1-1ubuntu0.8 git-man - 1:1.9.1-1ubuntu0.8 git-doc - 1:1.9.1-1ubuntu0.8 git-svn - 1:1.9.1-1ubuntu0.8 git-cvs - 1:1.9.1-1ubuntu0.8 git-core - 1:1.9.1-1ubuntu0.8 git-email - 1:1.9.1-1ubuntu0.8 No subscription required High CVE-2018-11233 CVE-2018-11235 Ubuntu 14.04 LTS Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11683, CVE-2018-11684, CVE-2018-11685) Update Instructions: Run `sudo pro fix USN-3672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 2.5.3-2ubuntu1.4 liblouis2 - 2.5.3-2ubuntu1.4 python-louis - 2.5.3-2ubuntu1.4 liblouis-dev - 2.5.3-2ubuntu1.4 python3-louis - 2.5.3-2ubuntu1.4 liblouis-data - 2.5.3-2ubuntu1.4 No subscription required Medium CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 Ubuntu 14.04 LTS Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick Unbound into accepting a NODATA proof. Update Instructions: Run `sudo pro fix USN-3673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.4.22-1ubuntu4.14.04.3 unbound - 1.4.22-1ubuntu4.14.04.3 python-unbound - 1.4.22-1ubuntu4.14.04.3 unbound-anchor - 1.4.22-1ubuntu4.14.04.3 unbound-host - 1.4.22-1ubuntu4.14.04.3 libunbound-dev - 1.4.22-1ubuntu4.14.04.3 No subscription required Low CVE-2017-15105 Ubuntu 14.04 LTS It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Xingyuan Lin discovered that a out-of-bounds read existed in the USB Video Class (UVC) driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-0627) Update Instructions: Run `sudo pro fix USN-3674-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-151-powerpc-smp - 3.13.0-151.201 linux-image-3.13.0-151-powerpc-e500mc - 3.13.0-151.201 linux-image-3.13.0-151-powerpc64-emb - 3.13.0-151.201 linux-image-3.13.0-151-generic - 3.13.0-151.201 linux-image-3.13.0-151-powerpc64-smp - 3.13.0-151.201 linux-image-3.13.0-151-generic-lpae - 3.13.0-151.201 linux-image-extra-3.13.0-151-generic - 3.13.0-151.201 linux-image-3.13.0-151-powerpc-e500 - 3.13.0-151.201 linux-image-3.13.0-151-lowlatency - 3.13.0-151.201 No subscription required Medium CVE-2017-0627 CVE-2018-1068 CVE-2018-7492 CVE-2018-8781 Ubuntu 14.04 LTS Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline primary Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234) Update Instructions: Run `sudo pro fix USN-3675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.16-1ubuntu2.5 gnupg-udeb - 1.4.16-1ubuntu2.5 gpgv - 1.4.16-1ubuntu2.5 gpgv-udeb - 1.4.16-1ubuntu2.5 gnupg - 1.4.16-1ubuntu2.5 No subscription required Medium CVE-2018-12020 CVE-2018-9234 Ubuntu 14.04 LTS USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Update Instructions: Run `sudo pro fix USN-3675-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gpgsm - 2.0.22-3ubuntu1.4 gnupg-agent - 2.0.22-3ubuntu1.4 gnupg2 - 2.0.22-3ubuntu1.4 scdaemon - 2.0.22-3ubuntu1.4 gpgv2 - 2.0.22-3ubuntu1.4 No subscription required Medium CVE-2018-12020 Ubuntu 14.04 LTS USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092, CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Update Instructions: Run `sudo pro fix USN-3676-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1023-aws - 4.4.0-1023.23 No subscription required linux-image-4.4.0-128-powerpc-smp - 4.4.0-128.154~14.04.1 linux-image-4.4.0-128-powerpc64-smp - 4.4.0-128.154~14.04.1 linux-image-4.4.0-128-powerpc64-emb - 4.4.0-128.154~14.04.1 linux-image-4.4.0-128-powerpc-e500mc - 4.4.0-128.154~14.04.1 linux-image-4.4.0-128-generic-lpae - 4.4.0-128.154~14.04.1 linux-image-4.4.0-128-lowlatency - 4.4.0-128.154~14.04.1 linux-image-extra-4.4.0-128-generic - 4.4.0-128.154~14.04.1 linux-image-4.4.0-128-generic - 4.4.0-128.154~14.04.1 No subscription required Medium CVE-2018-1092 CVE-2018-1093 CVE-2018-10940 CVE-2018-8087 Ubuntu 14.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD microcode updates to guests on amd64 and i386. Update Instructions: Run `sudo pro fix USN-3679-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.43 qemu-user-static - 2.0.0+dfsg-2ubuntu1.43 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.43 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.43 qemu-kvm - 2.0.0+dfsg-2ubuntu1.43 qemu-user - 2.0.0+dfsg-2ubuntu1.43 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.43 qemu-system - 2.0.0+dfsg-2ubuntu1.43 qemu-utils - 2.0.0+dfsg-2ubuntu1.43 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.43 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.43 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.43 qemu-common - 2.0.0+dfsg-2ubuntu1.43 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.43 qemu - 2.0.0+dfsg-2ubuntu1.43 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.43 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.43 No subscription required Medium CVE-2018-3639 Ubuntu 14.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. (CVE-2018-3639) Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-1064) Update Instructions: Run `sudo pro fix USN-3680-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.27 libvirt-dev - 1.2.2-0ubuntu13.1.27 libvirt-doc - 1.2.2-0ubuntu13.1.27 libvirt-bin - 1.2.2-0ubuntu13.1.27 No subscription required Medium CVE-2018-1064 CVE-2018-3639 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.11 libmagickcore5 - 8:6.7.7.10-6ubuntu3.11 imagemagick - 8:6.7.7.10-6ubuntu3.11 imagemagick-doc - 8:6.7.7.10-6ubuntu3.11 libmagickwand5 - 8:6.7.7.10-6ubuntu3.11 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.11 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.11 libmagick++-dev - 8:6.7.7.10-6ubuntu3.11 libmagick++5 - 8:6.7.7.10-6ubuntu3.11 perlmagick - 8:6.7.7.10-6ubuntu3.11 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.11 No subscription required Medium CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10995 CVE-2017-11352 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12140 CVE-2017-12418 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12640 CVE-2017-12643 CVE-2017-12644 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 CVE-2017-12877 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13134 CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14400 CVE-2017-14505 CVE-2017-14531 CVE-2017-14532 CVE-2017-14533 CVE-2017-14607 CVE-2017-14624 CVE-2017-14625 CVE-2017-14626 CVE-2017-14682 CVE-2017-14684 CVE-2017-14739 CVE-2017-14741 CVE-2017-14989 CVE-2017-15015 CVE-2017-15016 CVE-2017-15017 CVE-2017-15032 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-16546 CVE-2017-17499 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17886 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11625 CVE-2018-11655 CVE-2018-11656 CVE-2018-5246 CVE-2018-5247 CVE-2018-5248 CVE-2018-5357 CVE-2018-5358 CVE-2018-6405 CVE-2018-7443 CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 Ubuntu 14.04 LTS A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3682-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ne - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kab - 60.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ia - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 60.0.2+build1-0ubuntu0.14.04.1 firefox - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 60.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 60.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-my - 60.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ur - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 60.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 60.0.2+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-6126 Ubuntu 14.04 LTS It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-3684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.6 perl-doc - 5.18.2-2ubuntu1.6 libperl5.18 - 5.18.2-2ubuntu1.6 perl-base - 5.18.2-2ubuntu1.6 perl-modules - 5.18.2-2ubuntu1.6 libcgi-fast-perl - 5.18.2-2ubuntu1.6 perl - 5.18.2-2ubuntu1.6 perl-debug - 5.18.2-2ubuntu1.6 No subscription required Medium CVE-2018-12015 Ubuntu 14.04 LTS Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to inject a crafted key into a HTTP response. (CVE-2017-17742) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. This update is only addressed to ruby2.0. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to cause a denial of service. (CVE-2018-8777) Update Instructions: Run `sudo pro fix USN-3685-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.12 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.12 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.12 ruby1.9.1-full - 1.9.3.484-2ubuntu1.12 libruby1.9.1 - 1.9.3.484-2ubuntu1.12 ri1.9.1 - 1.9.3.484-2ubuntu1.12 ruby1.9.1 - 1.9.3.484-2ubuntu1.12 ruby1.9.3 - 1.9.3.484-2ubuntu1.12 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.10 libruby2.0 - 2.0.0.484-1ubuntu2.10 ruby2.0-doc - 2.0.0.484-1ubuntu2.10 ruby2.0 - 2.0.0.484-1ubuntu2.10 ruby2.0-dev - 2.0.0.484-1ubuntu2.10 No subscription required Medium CVE-2017-0898 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14064 CVE-2017-17742 CVE-2018-1000074 CVE-2018-8777 Ubuntu 14.04 LTS USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to inject a crafted key into a HTTP response. (CVE-2017-17742) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. This update is only addressed to ruby2.0. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to cause a denial of service. (CVE-2018-8777) Update Instructions: Run `sudo pro fix USN-3685-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.0-tcltk - 2.0.0.484-1ubuntu2.13+esm1 libruby2.0 - 2.0.0.484-1ubuntu2.13+esm1 ruby2.0-doc - 2.0.0.484-1ubuntu2.13+esm1 ruby2.0-dev - 2.0.0.484-1ubuntu2.13+esm1 ruby2.0 - 2.0.0.484-1ubuntu2.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-0903 https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174 Ubuntu 14.04 LTS Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621) Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653) It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865) It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360) Update Instructions: Run `sudo pro fix USN-3686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.14-2ubuntu3.4 python-magic - 1:5.14-2ubuntu3.4 libmagic1 - 1:5.14-2ubuntu3.4 python3-magic - 1:5.14-2ubuntu3.4 file - 1:5.14-2ubuntu3.4 No subscription required Medium CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 CVE-2015-8865 CVE-2018-10360 Ubuntu 14.04 LTS Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Update Instructions: Run `sudo pro fix USN-3689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.6 libgcrypt11-udeb - 1.5.3-2ubuntu4.6 libgcrypt11-dev - 1.5.3-2ubuntu4.6 libgcrypt11 - 1.5.3-2ubuntu4.6 No subscription required Low CVE-2018-0495 Ubuntu 14.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20180524.1~ubuntu0.14.04.1 No subscription required High CVE-2017-5715 Ubuntu 14.04 LTS USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 (aka Spectre). Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3690-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20180524.1~ubuntu0.14.04.2+really20130710.1 No subscription required None https://launchpad.net/bugs/1779092 Ubuntu 14.04 LTS It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. (CVE-2018-2794) It was discovered that the Security component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2795) It was discovered that the Concurrency component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2796) It was discovered that the JMX component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2797) It was discovered that the AWT component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2798) It was discovered that the JAXP component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2799) Moritz Bechler discovered that the RMI component of OpenJDK enabled HTTP transport for RMI servers by default. A remote attacker could use this to gain access to restricted services. (CVE-2018-2800) It was discovered that a vulnerability existed in the Hotspot component of OpenJDK affecting confidentiality, data integrity, and availability. An attacker could use this to specially craft an Java application that caused a denial of service or bypassed sandbox restrictions. (CVE-2018-2814) Apostolos Giannakidis discovered that the Serialization component of OpenJDK did not properly bound memory allocations in some situations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2815) Update Instructions: Run `sudo pro fix USN-3691-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u181-2.6.14-0ubuntu0.1 openjdk-7-source - 7u181-2.6.14-0ubuntu0.1 icedtea-7-jre-jamvm - 7u181-2.6.14-0ubuntu0.1 openjdk-7-tests - 7u181-2.6.14-0ubuntu0.1 openjdk-7-jre-lib - 7u181-2.6.14-0ubuntu0.1 openjdk-7-jdk - 7u181-2.6.14-0ubuntu0.1 openjdk-7-jre-headless - 7u181-2.6.14-0ubuntu0.1 openjdk-7-jre - 7u181-2.6.14-0ubuntu0.1 openjdk-7-doc - 7u181-2.6.14-0ubuntu0.1 openjdk-7-demo - 7u181-2.6.14-0ubuntu0.1 No subscription required Medium CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Ubuntu 14.04 LTS Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732) Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737) Update Instructions: Run `sudo pro fix USN-3692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.26 libssl-dev - 1.0.1f-1ubuntu2.26 openssl - 1.0.1f-1ubuntu2.26 libssl-doc - 1.0.1f-1ubuntu2.26 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.26 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.26 No subscription required Low CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 Ubuntu 14.04 LTS It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3693-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-14ubuntu3.5 libjasper-dev - 1.900.1-14ubuntu3.5 libjasper1 - 1.900.1-14ubuntu3.5 No subscription required Medium CVE-2015-5203 CVE-2015-5221 CVE-2016-10248 CVE-2016-10250 CVE-2016-8883 CVE-2016-8887 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9396 CVE-2016-9600 CVE-2017-1000050 CVE-2017-6850 Ubuntu 14.04 LTS It was discovered that NASM incorrectly handled certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use these issues to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nasm - 2.10.09-1ubuntu0.1 No subscription required Medium CVE-2017-10686 CVE-2017-11111 CVE-2017-14228 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 CVE-2018-8881 Ubuntu 14.04 LTS USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Jakub Jirasek discovered that multiple use-after-errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3696-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1024-aws - 4.4.0-1024.25 No subscription required linux-image-extra-4.4.0-130-generic - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc64-emb - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-lowlatency - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-generic - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-generic-lpae - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc-e500mc - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc64-smp - 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc-smp - 4.4.0-130.156~14.04.1 No subscription required Medium CVE-2017-13695 CVE-2017-18255 CVE-2017-18257 CVE-2018-1000204 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-3665 CVE-2018-5814 CVE-2018-7755 Ubuntu 14.04 LTS It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). (CVE-2017-12154) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) Update Instructions: Run `sudo pro fix USN-3698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-153-lowlatency - 3.13.0-153.203 linux-image-3.13.0-153-powerpc-e500 - 3.13.0-153.203 linux-image-3.13.0-153-generic - 3.13.0-153.203 linux-image-extra-3.13.0-153-generic - 3.13.0-153.203 linux-image-3.13.0-153-powerpc-smp - 3.13.0-153.203 linux-image-3.13.0-153-powerpc-e500mc - 3.13.0-153.203 linux-image-3.13.0-153-generic-lpae - 3.13.0-153.203 linux-image-3.13.0-153-powerpc64-emb - 3.13.0-153.203 linux-image-3.13.0-153-powerpc64-smp - 3.13.0-153.203 No subscription required Medium CVE-2017-12154 CVE-2017-12193 CVE-2017-15265 CVE-2018-1130 CVE-2018-3665 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7755 CVE-2018-7757 Ubuntu 14.04 LTS It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zziplib-bin - 0.13.62-2ubuntu0.2 libzzip-dev - 0.13.62-2ubuntu0.2 libzzip-0-13 - 0.13.62-2ubuntu0.2 No subscription required Medium CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 Ubuntu 14.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10958, CVE-2018-10998) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. (CVE-2018-10999) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11531) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to access sensitive information. (CVE-2018-12264, CVE-2018-12265) Update Instructions: Run `sudo pro fix USN-3700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.23-1ubuntu2.1 libexiv2-12 - 0.23-1ubuntu2.1 libexiv2-doc - 0.23-1ubuntu2.1 libexiv2-dev - 0.23-1ubuntu2.1 No subscription required Medium CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 CVE-2018-12264 CVE-2018-12265 Ubuntu 14.04 LTS It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3701-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.44.2-1ubuntu2.3 libsoup-gnome2.4-dev - 2.44.2-1ubuntu2.3 gir1.2-soup-2.4 - 2.44.2-1ubuntu2.3 libsoup2.4-1 - 2.44.2-1ubuntu2.3 libsoup2.4-dev - 2.44.2-1ubuntu2.3 libsoup2.4-doc - 2.44.2-1ubuntu2.3 No subscription required Medium CVE-2018-12910 Ubuntu 14.04 LTS It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3703-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-zip-perl - 1.30-7ubuntu0.1 No subscription required Medium CVE-2018-10860 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. (CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12370, CVE-2018-12371) A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. (CVE-2018-12369) Update Instructions: Run `sudo pro fix USN-3705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-nn - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ne - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-nb - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-fa - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-fi - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-fr - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-fy - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-or - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-kab - 61.0+build3-0ubuntu0.14.04.2 firefox-testsuite - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-oc - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-cs - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ga - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-gd - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-gn - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-gl - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-gu - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-pa - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-pl - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-cy - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-pt - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-hi - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-uk - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-he - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-hy - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-hr - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-hu - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-as - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ar - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ia - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-az - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-id - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-mai - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-af - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-is - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-it - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-an - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-bs - 61.0+build3-0ubuntu0.14.04.2 firefox - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ro - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ja - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ru - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-br - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-zh-hant - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-zh-hans - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-bn - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-be - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-bg - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-sl - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-sk - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-si - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-sw - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-sv - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-sr - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-sq - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ko - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-kn - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-km - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-kk - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ka - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-xh - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ca - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ku - 61.0+build3-0ubuntu0.14.04.2 firefox-mozsymbols - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-lv - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-lt - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-th - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-hsb - 61.0+build3-0ubuntu0.14.04.2 firefox-dev - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-te - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-cak - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ta - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-lg - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-tr - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-nso - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-de - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-da - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ms - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-mr - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-my - 61.0+build3-0ubuntu0.14.04.2 firefox-globalmenu - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-uz - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ml - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-mn - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-mk - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ur - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-vi - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-eu - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-et - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-es - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-csb - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-el - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-eo - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-en - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-zu - 61.0+build3-0ubuntu0.14.04.2 firefox-locale-ast - 61.0+build3-0ubuntu0.14.04.2 No subscription required Medium CVE-2018-5156 CVE-2018-5186 CVE-2018-5187 CVE-2018-5188 CVE-2018-12358 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12369 CVE-2018-12370 CVE-2018-12371 Ubuntu 14.04 LTS USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. (CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12370, CVE-2018-12371) A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. (CVE-2018-12369) Update Instructions: Run `sudo pro fix USN-3705-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ne - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kab - 61.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gn - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ia - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 61.0.1+build1-0ubuntu0.14.04.1 firefox - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 61.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 61.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cak - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-my - 61.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uz - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ur - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 61.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 61.0.1+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1781009 Ubuntu 14.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3706-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.3.0-0ubuntu2.1 libjpeg-turbo-test - 1.3.0-0ubuntu2.1 libjpeg-turbo8-dev - 1.3.0-0ubuntu2.1 libturbojpeg - 1.3.0-0ubuntu2.1 libjpeg-turbo-progs - 1.3.0-0ubuntu2.1 No subscription required Medium CVE-2014-9092 CVE-2016-3616 CVE-2017-15232 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-1152 Ubuntu 14.04 LTS Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182) Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7184) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7185) Update Instructions: Run `sudo pro fix USN-3707-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 No subscription required Medium CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Ubuntu 14.04 LTS It was discovered that OpenSLP incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenSLP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslp-dev - 1.2.1-9ubuntu0.3 openslp-doc - 1.2.1-9ubuntu0.3 slptool - 1.2.1-9ubuntu0.3 slpd - 1.2.1-9ubuntu0.3 libslp1 - 1.2.1-9ubuntu0.3 No subscription required Medium CVE-2017-17833 CVE-2018-12938 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.12 libmagickcore5 - 8:6.7.7.10-6ubuntu3.12 imagemagick - 8:6.7.7.10-6ubuntu3.12 imagemagick-doc - 8:6.7.7.10-6ubuntu3.12 libmagickwand5 - 8:6.7.7.10-6ubuntu3.12 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.12 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.12 libmagick++-dev - 8:6.7.7.10-6ubuntu3.12 libmagick++5 - 8:6.7.7.10-6ubuntu3.12 perlmagick - 8:6.7.7.10-6ubuntu3.12 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.12 No subscription required Medium CVE-2018-12599 CVE-2018-12600 CVE-2018-13153 Ubuntu 14.04 LTS Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087) Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-13785) Update Instructions: Run `sudo pro fix USN-3712-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng12-0-udeb - 1.2.50-1ubuntu2.14.04.3 libpng12-dev - 1.2.50-1ubuntu2.14.04.3 libpng3 - 1.2.50-1ubuntu2.14.04.3 libpng12-0 - 1.2.50-1ubuntu2.14.04.3 No subscription required Medium CVE-2016-10087 CVE-2018-13785 Ubuntu 14.04 LTS It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update Instructions: Run `sudo pro fix USN-3713-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.10 libcups2-dev - 1.7.2-0ubuntu1.10 cups-bsd - 1.7.2-0ubuntu1.10 libcupsmime1 - 1.7.2-0ubuntu1.10 cups-common - 1.7.2-0ubuntu1.10 cups-core-drivers - 1.7.2-0ubuntu1.10 cups-server-common - 1.7.2-0ubuntu1.10 libcupsimage2 - 1.7.2-0ubuntu1.10 cups-client - 1.7.2-0ubuntu1.10 libcupscgi1-dev - 1.7.2-0ubuntu1.10 libcups2 - 1.7.2-0ubuntu1.10 libcupsmime1-dev - 1.7.2-0ubuntu1.10 cups-ppdc - 1.7.2-0ubuntu1.10 libcupsppdc1 - 1.7.2-0ubuntu1.10 cups - 1.7.2-0ubuntu1.10 libcupsppdc1-dev - 1.7.2-0ubuntu1.10 libcupsimage2-dev - 1.7.2-0ubuntu1.10 cups-daemon - 1.7.2-0ubuntu1.10 No subscription required Medium CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-6553 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366) It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12372) It was discovered that S/MIME plaintext can be leaked through HTML reply/forward. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12373) It was discovered that forms can be used to exfiltrate encrypted mail parts by pressing enter in a form field. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12374) Update Instructions: Run `sudo pro fix USN-3714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-br - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-be - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-si - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:52.9.1+build3-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-de - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-en - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-da - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:52.9.1+build3-0ubuntu0.14.04.1 xul-ext-lightning - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-he - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-testsuite - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-af - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-dev - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-el - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-it - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-id - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-et - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-is - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-es - 1:52.9.1+build3-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:52.9.1+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188 Ubuntu 14.04 LTS Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255) Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate cookie values. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-4625) Matthias Gerstner discovered that PolicyKit incorrectly checked users. A local attacker could possibly use this issue to cause authentication dialogs to show up for other users, leading to a denial of service or an information leak. (CVE-2018-1116) Update Instructions: Run `sudo pro fix USN-3717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-4ubuntu3.14.04.2 policykit-1-doc - 0.105-4ubuntu3.14.04.2 libpolkit-gobject-1-dev - 0.105-4ubuntu3.14.04.2 libpolkit-agent-1-0 - 0.105-4ubuntu3.14.04.2 libpolkit-gobject-1-0 - 0.105-4ubuntu3.14.04.2 policykit-1 - 0.105-4ubuntu3.14.04.2 gir1.2-polkit-1.0 - 0.105-4ubuntu3.14.04.2 libpolkit-backend-1-dev - 0.105-4ubuntu3.14.04.2 libpolkit-agent-1-dev - 0.105-4ubuntu3.14.04.2 No subscription required Medium CVE-2015-3218 CVE-2015-3255 CVE-2015-4625 CVE-2018-1116 Ubuntu 14.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357) It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349) Update Instructions: Run `sudo pro fix USN-3719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.21-6.4ubuntu2.2 mutt - 1.5.21-6.4ubuntu2.2 No subscription required Medium CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 Ubuntu 14.04 LTS Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-3721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ant - 1.9.3-2ubuntu0.1 ant-doc - 1.9.3-2ubuntu0.1 ant-gcj - 1.9.3-2ubuntu0.1 ant-optional - 1.9.3-2ubuntu0.1 ant-optional-gcj - 1.9.3-2ubuntu0.1 No subscription required Medium CVE-2018-10886 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav-base - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav - 0.100.1+dfsg-1ubuntu0.14.04.1 libclamav7 - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav-daemon - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav-milter - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav-docs - 0.100.1+dfsg-1ubuntu0.14.04.1 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.14.04.1 No subscription required Medium CVE-2018-0360 CVE-2018-0361 Ubuntu 14.04 LTS USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav-base - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav - 0.100.1+dfsg-1ubuntu0.14.04.2 libclamav7 - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav-daemon - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav-milter - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav-docs - 0.100.1+dfsg-1ubuntu0.14.04.2 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.14.04.2 No subscription required None https://launchpad.net/bugs/1783632 Ubuntu 14.04 LTS USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav-base - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav - 0.100.1+dfsg-1ubuntu0.14.04.4 libclamav7 - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav-daemon - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav-milter - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav-docs - 0.100.1+dfsg-1ubuntu0.14.04.4 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.14.04.4 No subscription required None https://launchpad.net/bugs/1792051 Ubuntu 14.04 LTS It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. (CVE-2018-1336) It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2018-8034) Update Instructions: Run `sudo pro fix USN-3723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.15 libservlet3.0-java - 7.0.52-1ubuntu0.15 tomcat7-docs - 7.0.52-1ubuntu0.15 libservlet3.0-java-doc - 7.0.52-1ubuntu0.15 tomcat7 - 7.0.52-1ubuntu0.15 libtomcat7-java - 7.0.52-1ubuntu0.15 tomcat7-user - 7.0.52-1ubuntu0.15 tomcat7-admin - 7.0.52-1ubuntu0.15 tomcat7-examples - 7.0.52-1ubuntu0.15 No subscription required Medium CVE-2018-1336 CVE-2018-8034 Ubuntu 14.04 LTS Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL. Update Instructions: Run `sudo pro fix USN-3724-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libedata-cal1.2-dev - 3.10.4-0ubuntu1.6 libebook1.2-dev - 3.10.4-0ubuntu1.6 libecal1.2-dev - 3.10.4-0ubuntu1.6 libedataserver-1.2-18 - 3.10.4-0ubuntu1.6 libebook-contacts-1.2-0 - 3.10.4-0ubuntu1.6 libebackend-1.2-7 - 3.10.4-0ubuntu1.6 evolution-data-server-online-accounts - 3.10.4-0ubuntu1.6 libebackend1.2-dev - 3.10.4-0ubuntu1.6 libcamel1.2-dev - 3.10.4-0ubuntu1.6 libecal-1.2-16 - 3.10.4-0ubuntu1.6 gir1.2-edataserver-1.2 - 3.10.4-0ubuntu1.6 libedataserver1.2-dev - 3.10.4-0ubuntu1.6 libebook-contacts1.2-dev - 3.10.4-0ubuntu1.6 gir1.2-ebookcontacts-1.2 - 3.10.4-0ubuntu1.6 evolution-data-server-doc - 3.10.4-0ubuntu1.6 libedata-book-1.2-20 - 3.10.4-0ubuntu1.6 libcamel-1.2-45 - 3.10.4-0ubuntu1.6 evolution-data-server - 3.10.4-0ubuntu1.6 evolution-data-server-common - 3.10.4-0ubuntu1.6 libedata-book1.2-dev - 3.10.4-0ubuntu1.6 libedata-cal-1.2-23 - 3.10.4-0ubuntu1.6 libebook-1.2-14 - 3.10.4-0ubuntu1.6 evolution-data-server-dev - 3.10.4-0ubuntu1.6 gir1.2-ebook-1.2 - 3.10.4-0ubuntu1.6 No subscription required Medium CVE-2016-10727 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Update Instructions: Run `sudo pro fix USN-3725-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.61-0ubuntu0.14.04.1 mysql-client - 5.5.61-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.61-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.61-0ubuntu0.14.04.1 libmysqld-pic - 5.5.61-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.61-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.61-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.61-0ubuntu0.14.04.1 mysql-common - 5.5.61-0ubuntu0.14.04.1 mysql-server - 5.5.61-0ubuntu0.14.04.1 mysql-testsuite - 5.5.61-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.61-0ubuntu0.14.04.1 libmysqld-dev - 5.5.61-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.61-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-2767 CVE-2018-3054 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3063 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Ubuntu 14.04 LTS It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys. Update Instructions: Run `sudo pro fix USN-3727-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbcmail-java - 1.49+dfsg-2ubuntu0.1 libbcpkix-java-doc - 1.49+dfsg-2ubuntu0.1 libbcpkix-java - 1.49+dfsg-2ubuntu0.1 libbcmail-java-doc - 1.49+dfsg-2ubuntu0.1 libbcprov-java - 1.49+dfsg-2ubuntu0.1 libbcpg-java - 1.49+dfsg-2ubuntu0.1 libbcprov-java-doc - 1.49+dfsg-2ubuntu0.1 libbcpg-java-doc - 1.49+dfsg-2ubuntu0.1 No subscription required Medium CVE-2015-6644 CVE-2015-7940 CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000341 CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000345 CVE-2016-1000346 Ubuntu 14.04 LTS USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682) Update Instructions: Run `sudo pro fix USN-3728-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav-base - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav - 0.100.1+dfsg-1ubuntu0.14.04.3 libclamav7 - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav-daemon - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav-milter - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav-docs - 0.100.1+dfsg-1ubuntu0.14.04.3 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.14.04.3 No subscription required Medium CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 Ubuntu 14.04 LTS It was discovered that libxcursor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3729-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxcursor-dev - 1:1.1.14-1ubuntu0.14.04.2 libxcursor1 - 1:1.1.14-1ubuntu0.14.04.2 libxcursor1-udeb - 1:1.1.14-1ubuntu0.14.04.2 No subscription required Medium CVE-2015-9262 Ubuntu 14.04 LTS It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lftp - 4.4.13-1ubuntu0.1 No subscription required Medium CVE-2018-10916 Ubuntu 14.04 LTS Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys. Update Instructions: Run `sudo pro fix USN-3733-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.16-1ubuntu2.6 gnupg-udeb - 1.4.16-1ubuntu2.6 gpgv - 1.4.16-1ubuntu2.6 gpgv-udeb - 1.4.16-1ubuntu2.6 gnupg - 1.4.16-1ubuntu2.6 No subscription required Medium CVE-2017-7526 https://launchpad.net/bugs/1785176 Ubuntu 14.04 LTS It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). Update Instructions: Run `sudo pro fix USN-3735-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u181-2.6.14-0ubuntu0.2 openjdk-7-source - 7u181-2.6.14-0ubuntu0.2 icedtea-7-jre-jamvm - 7u181-2.6.14-0ubuntu0.2 openjdk-7-tests - 7u181-2.6.14-0ubuntu0.2 openjdk-7-jre-lib - 7u181-2.6.14-0ubuntu0.2 openjdk-7-jdk - 7u181-2.6.14-0ubuntu0.2 openjdk-7-jre-headless - 7u181-2.6.14-0ubuntu0.2 openjdk-7-jre - 7u181-2.6.14-0ubuntu0.2 openjdk-7-doc - 7u181-2.6.14-0ubuntu0.2 openjdk-7-demo - 7u181-2.6.14-0ubuntu0.2 No subscription required Medium CVE-2018-2952 Ubuntu 14.04 LTS It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350) Agostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14166) It was discovered that libarchive incorrectly handled certain files. A remote attacker could possibly use this issue to get access to sensitive information. (CVE-2017-14501, CVE-2017-14503) Update Instructions: Run `sudo pro fix USN-3736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.6 libarchive13 - 3.1.2-7ubuntu2.6 bsdtar - 3.1.2-7ubuntu2.6 libarchive-dev - 3.1.2-7ubuntu2.6 No subscription required Medium CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14503 Ubuntu 14.04 LTS Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-10858) Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10918) Phillip Kuhrt discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2018-10919) Vivek Das discovered that Samba incorrectly handled NTLMv1 being explicitly disabled on the server. A remote user could possibly be authenticated using NTLMv1, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1139) Update Instructions: Run `sudo pro fix USN-3738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.16 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.16 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.16 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.16 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.16 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.16 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.16 No subscription required Medium CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 Ubuntu 14.04 LTS Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2016-9318) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-18258, CVE-2018-14404, CVE-2018-14567) Update Instructions: Run `sudo pro fix USN-3739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13 libxml2 - 2.9.1+dfsg1-3ubuntu4.13 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.13 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13 No subscription required Medium CVE-2016-9318 CVE-2017-16932 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 Ubuntu 14.04 LTS USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update Instructions: Run `sudo pro fix USN-3741-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1027-aws - 4.4.0-1027.30 No subscription required linux-image-extra-4.4.0-133-generic - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc64-emb - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-generic - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc-e500mc - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-lowlatency - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc64-smp - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc-smp - 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-generic-lpae - 4.4.0-133.159~14.04.1 No subscription required High CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Ubuntu 14.04 LTS USN-3741-1 introduced mitigations in the Linux kernel for Ubuntu 14.04 LTS to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. We apologize for the inconvenience. Original advisory details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update Instructions: Run `sudo pro fix USN-3741-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-156-powerpc64-emb - 3.13.0-156.206 linux-image-3.13.0-156-powerpc-e500mc - 3.13.0-156.206 linux-image-3.13.0-156-generic - 3.13.0-156.206 linux-image-3.13.0-156-powerpc-e500 - 3.13.0-156.206 linux-image-3.13.0-156-powerpc-smp - 3.13.0-156.206 linux-image-extra-3.13.0-156-generic - 3.13.0-156.206 linux-image-3.13.0-156-lowlatency - 3.13.0-156.206 linux-image-3.13.0-156-generic-lpae - 3.13.0-156.206 linux-image-3.13.0-156-powerpc64-smp - 3.13.0-156.206 No subscription required None https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787258 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787127 Ubuntu 14.04 LTS It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2017-18344) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update Instructions: Run `sudo pro fix USN-3742-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-155-powerpc64-smp - 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500mc - 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500 - 3.13.0-155.205 linux-image-3.13.0-155-generic-lpae - 3.13.0-155.205 linux-image-3.13.0-155-powerpc-smp - 3.13.0-155.205 linux-image-3.13.0-155-lowlatency - 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-emb - 3.13.0-155.205 linux-image-3.13.0-155-generic - 3.13.0-155.205 linux-image-extra-3.13.0-155-generic - 3.13.0-155.205 No subscription required High CVE-2017-18344 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Ubuntu 14.04 LTS Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915) It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925) Update Instructions: Run `sudo pro fix USN-3744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-plpython-9.3 - 9.3.24-0ubuntu0.14.04 postgresql-server-dev-9.3 - 9.3.24-0ubuntu0.14.04 postgresql-9.3 - 9.3.24-0ubuntu0.14.04 postgresql-plperl-9.3 - 9.3.24-0ubuntu0.14.04 postgresql-doc-9.3 - 9.3.24-0ubuntu0.14.04 postgresql-plpython3-9.3 - 9.3.24-0ubuntu0.14.04 libecpg6 - 9.3.24-0ubuntu0.14.04 postgresql-pltcl-9.3 - 9.3.24-0ubuntu0.14.04 postgresql-client-9.3 - 9.3.24-0ubuntu0.14.04 libpgtypes3 - 9.3.24-0ubuntu0.14.04 libecpg-dev - 9.3.24-0ubuntu0.14.04 libpq-dev - 9.3.24-0ubuntu0.14.04 libpq5 - 9.3.24-0ubuntu0.14.04 postgresql-contrib-9.3 - 9.3.24-0ubuntu0.14.04 libecpg-compat3 - 9.3.24-0ubuntu0.14.04 No subscription required Medium CVE-2018-10915 CVE-2018-10925 Ubuntu 14.04 LTS It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.6 No subscription required wpagui - 2.1-0ubuntu1.6 wpasupplicant-udeb - 2.1-0ubuntu1.6 wpasupplicant - 2.1-0ubuntu1.6 No subscription required Medium CVE-2018-14526 Ubuntu 14.04 LTS It was discovered that Spice incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.7 libspice-server1 - 0.12.4-0nocelt2ubuntu1.7 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.7 No subscription required Medium CVE-2018-10873 Ubuntu 14.04 LTS USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Update Instructions: Run `sudo pro fix USN-3753-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1028-aws - 4.4.0-1028.31 No subscription required linux-image-4.4.0-134-generic-lpae - 4.4.0-134.160~14.04.1 linux-image-4.4.0-134-powerpc-smp - 4.4.0-134.160~14.04.1 linux-image-extra-4.4.0-134-generic - 4.4.0-134.160~14.04.1 linux-image-4.4.0-134-powerpc64-emb - 4.4.0-134.160~14.04.1 linux-image-4.4.0-134-powerpc-e500mc - 4.4.0-134.160~14.04.1 linux-image-4.4.0-134-generic - 4.4.0-134.160~14.04.1 linux-image-4.4.0-134-lowlatency - 4.4.0-134.160~14.04.1 linux-image-4.4.0-134-powerpc64-smp - 4.4.0-134.160~14.04.1 No subscription required Medium CVE-2017-13168 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10882 CVE-2018-12233 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 Ubuntu 14.04 LTS Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11473) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831) Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Zhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1092) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-157-powerpc64-emb - 3.13.0-157.207 linux-image-3.13.0-157-powerpc-e500 - 3.13.0-157.207 linux-image-3.13.0-157-generic-lpae - 3.13.0-157.207 linux-image-3.13.0-157-powerpc-smp - 3.13.0-157.207 linux-image-3.13.0-157-powerpc-e500mc - 3.13.0-157.207 linux-image-3.13.0-157-lowlatency - 3.13.0-157.207 linux-image-3.13.0-157-powerpc64-smp - 3.13.0-157.207 linux-image-3.13.0-157-generic - 3.13.0-157.207 linux-image-extra-3.13.0-157-generic - 3.13.0-157.207 No subscription required Medium CVE-2016-10208 CVE-2017-11472 CVE-2017-11473 CVE-2017-14991 CVE-2017-15649 CVE-2017-16526 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16532 CVE-2017-16533 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16643 CVE-2017-16644 CVE-2017-16645 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-17558 CVE-2017-18255 CVE-2017-18270 CVE-2017-2583 CVE-2017-2584 CVE-2017-2671 CVE-2017-5549 CVE-2017-5897 CVE-2017-6345 CVE-2017-6348 CVE-2017-7518 CVE-2017-7645 CVE-2017-8831 CVE-2017-9984 CVE-2017-9985 CVE-2018-1000204 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-10323 CVE-2018-10675 CVE-2018-10877 CVE-2018-10881 CVE-2018-1092 CVE-2018-1093 CVE-2018-10940 CVE-2018-12233 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 Ubuntu 14.04 LTS It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222) It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711) Update Instructions: Run `sudo pro fix USN-3755-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.10 libgd2-xpm-dev - 2.1.0-3ubuntu0.10 libgd-tools - 2.1.0-3ubuntu0.10 libgd2-noxpm-dev - 2.1.0-3ubuntu0.10 libgd-dev - 2.1.0-3ubuntu0.10 No subscription required Medium CVE-2018-1000222 CVE-2018-5711 Ubuntu 14.04 LTS It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640) Update Instructions: Run `sudo pro fix USN-3756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180807a.0ubuntu0.14.04.1 No subscription required High CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Ubuntu 14.04 LTS Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.12 libpoppler-qt5-1 - 0.24.5-2ubuntu4.12 libpoppler-cpp-dev - 0.24.5-2ubuntu4.12 libpoppler-cpp0 - 0.24.5-2ubuntu4.12 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.12 libpoppler-dev - 0.24.5-2ubuntu4.12 libpoppler-glib8 - 0.24.5-2ubuntu4.12 libpoppler-private-dev - 0.24.5-2ubuntu4.12 libpoppler-qt4-dev - 0.24.5-2ubuntu4.12 libpoppler-glib-dev - 0.24.5-2ubuntu4.12 libpoppler-qt4-4 - 0.24.5-2ubuntu4.12 libpoppler44 - 0.24.5-2ubuntu4.12 libpoppler-qt5-dev - 0.24.5-2ubuntu4.12 libpoppler-glib-doc - 0.24.5-2ubuntu4.12 No subscription required Medium CVE-2018-13988 Ubuntu 14.04 LTS Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942) Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2016-7943) It was discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600) Update Instructions: Run `sudo pro fix USN-3758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.2-1ubuntu2.1 libx11-data - 2:1.6.2-1ubuntu2.1 libx11-xcb-dev - 2:1.6.2-1ubuntu2.1 libx11-xcb1 - 2:1.6.2-1ubuntu2.1 libx11-doc - 2:1.6.2-1ubuntu2.1 libx11-6-udeb - 2:1.6.2-1ubuntu2.1 libx11-dev - 2:1.6.2-1ubuntu2.1 No subscription required Medium CVE-2016-7942 CVE-2016-7943 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Ubuntu 14.04 LTS Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429) It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14622) It was discovered that libtirpc incorrectly handled certain strings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-8779) Update Instructions: Run `sudo pro fix USN-3759-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtirpc1 - 0.2.2-5ubuntu2.1 libtirpc-dev - 0.2.2-5ubuntu2.1 No subscription required Medium CVE-2016-4429 CVE-2017-8779 CVE-2018-14622 Ubuntu 14.04 LTS It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: transfig - 1:3.2.5.e-1ubuntu1.1 No subscription required Medium CVE-2018-16140 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-nn - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ne - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-nb - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-fa - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-fi - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-fr - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-fy - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-or - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-kab - 62.0+build2-0ubuntu0.14.04.3 firefox-testsuite - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-oc - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-cs - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ga - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-gd - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-gn - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-gl - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-gu - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-pa - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-pl - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-cy - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-pt - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-hi - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-uk - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-he - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-hy - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-hr - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-hu - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-as - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ar - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ia - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-az - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-id - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-mai - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-af - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-is - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-it - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-an - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-bs - 62.0+build2-0ubuntu0.14.04.3 firefox - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ro - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ja - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ru - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-br - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-bn - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-be - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-bg - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-sl - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-sk - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-si - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-sw - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-sv - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-sr - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-sq - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ko - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-kn - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-km - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-kk - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ka - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-xh - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ca - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ku - 62.0+build2-0ubuntu0.14.04.3 firefox-mozsymbols - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-lv - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-lt - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-th - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-hsb - 62.0+build2-0ubuntu0.14.04.3 firefox-dev - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-te - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-cak - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ta - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-lg - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-tr - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-nso - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-de - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-da - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ms - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-mr - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-my - 62.0+build2-0ubuntu0.14.04.3 firefox-globalmenu - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-uz - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ml - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-mn - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-mk - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ur - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-vi - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-eu - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-et - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-es - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-csb - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-el - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-eo - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-en - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-zu - 62.0+build2-0ubuntu0.14.04.3 firefox-locale-ast - 62.0+build2-0ubuntu0.14.04.3 No subscription required Medium CVE-2018-12375 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 Ubuntu 14.04 LTS USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-nn - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ne - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-nb - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-fa - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-fi - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-fr - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-fy - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-or - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-kab - 62.0+build2-0ubuntu0.14.04.4 firefox-testsuite - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-oc - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-cs - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ga - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-gd - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-gn - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-gl - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-gu - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-pa - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-pl - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-cy - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-pt - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-hi - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-uk - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-he - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-hy - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-hr - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-hu - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-as - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ar - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ia - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-az - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-id - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-mai - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-af - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-is - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-it - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-an - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-bs - 62.0+build2-0ubuntu0.14.04.4 firefox - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ro - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ja - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ru - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-br - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-bn - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-be - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-bg - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-sl - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-sk - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-si - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-sw - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-sv - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-sr - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-sq - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ko - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-kn - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-km - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-kk - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ka - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-xh - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ca - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ku - 62.0+build2-0ubuntu0.14.04.4 firefox-mozsymbols - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-lv - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-lt - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-th - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-hsb - 62.0+build2-0ubuntu0.14.04.4 firefox-dev - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-te - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-cak - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ta - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-lg - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-tr - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-nso - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-de - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-da - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ms - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-mr - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-my - 62.0+build2-0ubuntu0.14.04.4 firefox-globalmenu - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-uz - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ml - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-mn - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-mk - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ur - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-vi - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-eu - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-et - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-es - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-csb - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-el - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-eo - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-en - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-zu - 62.0+build2-0ubuntu0.14.04.4 firefox-locale-ast - 62.0+build2-0ubuntu0.14.04.4 No subscription required None https://launchpad.net/bugs/1791789 Ubuntu 14.04 LTS USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-nn - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ne - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-nb - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-fa - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-fi - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-fr - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-fy - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-or - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-kab - 62.0+build2-0ubuntu0.14.04.5 firefox-testsuite - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-oc - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-cs - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ga - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-gd - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-gn - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-gl - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-gu - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-pa - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-pl - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-cy - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-pt - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-hi - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-uk - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-he - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-hy - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-hr - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-hu - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-as - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ar - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ia - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-az - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-id - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-mai - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-af - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-is - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-it - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-an - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-bs - 62.0+build2-0ubuntu0.14.04.5 firefox - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ro - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ja - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ru - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-br - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-bn - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-be - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-bg - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-sl - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-sk - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-si - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-sw - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-sv - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-sr - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-sq - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ko - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-kn - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-km - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-kk - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ka - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-xh - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ca - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ku - 62.0+build2-0ubuntu0.14.04.5 firefox-mozsymbols - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-lv - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-lt - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-th - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-hsb - 62.0+build2-0ubuntu0.14.04.5 firefox-dev - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-te - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-cak - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ta - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-lg - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-tr - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-nso - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-de - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-da - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ms - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-mr - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-my - 62.0+build2-0ubuntu0.14.04.5 firefox-globalmenu - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-uz - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ml - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-mn - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-mk - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ur - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-vi - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-eu - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-et - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-es - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-csb - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-el - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-eo - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-en - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-zu - 62.0+build2-0ubuntu0.14.04.5 firefox-locale-ast - 62.0+build2-0ubuntu0.14.04.5 No subscription required None https://launchpad.net/bugs/1791789 https://usn.ubuntu.com/usn/usn-3761-2 Ubuntu 14.04 LTS It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-0502, CVE-2018-13259) Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1100) Update Instructions: Run `sudo pro fix USN-3764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-beta-doc - 5.0.2-3ubuntu6.3 zsh-static - 5.0.2-3ubuntu6.3 zsh-common - 5.0.2-3ubuntu6.3 zsh-beta - 5.0.2-3ubuntu6.3 zsh-dev - 5.0.2-3ubuntu6.3 zsh - 5.0.2-3ubuntu6.3 zsh-doc - 5.0.2-3ubuntu6.3 No subscription required Medium CVE-2018-0502 CVE-2018-1100 CVE-2018-13259 Ubuntu 14.04 LTS It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.17 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.17 libcurl4-openssl-dev - 7.35.0-1ubuntu2.17 libcurl3-gnutls - 7.35.0-1ubuntu2.17 libcurl3-udeb - 7.35.0-1ubuntu2.17 libcurl4-doc - 7.35.0-1ubuntu2.17 libcurl3-nss - 7.35.0-1ubuntu2.17 libcurl4-nss-dev - 7.35.0-1ubuntu2.17 libcurl3 - 7.35.0-1ubuntu2.17 curl - 7.35.0-1ubuntu2.17 No subscription required Medium CVE-2018-14618 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883) Update Instructions: Run `sudo pro fix USN-3766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.26 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.26 php5-curl - 5.5.9+dfsg-1ubuntu4.26 php5-intl - 5.5.9+dfsg-1ubuntu4.26 php5-snmp - 5.5.9+dfsg-1ubuntu4.26 php5-mysql - 5.5.9+dfsg-1ubuntu4.26 php5-odbc - 5.5.9+dfsg-1ubuntu4.26 php5-xsl - 5.5.9+dfsg-1ubuntu4.26 php5-gd - 5.5.9+dfsg-1ubuntu4.26 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.26 php5-tidy - 5.5.9+dfsg-1ubuntu4.26 php5-dev - 5.5.9+dfsg-1ubuntu4.26 php5-pgsql - 5.5.9+dfsg-1ubuntu4.26 php5-enchant - 5.5.9+dfsg-1ubuntu4.26 php5-readline - 5.5.9+dfsg-1ubuntu4.26 php5-gmp - 5.5.9+dfsg-1ubuntu4.26 php5-fpm - 5.5.9+dfsg-1ubuntu4.26 php5-cgi - 5.5.9+dfsg-1ubuntu4.26 php5-sqlite - 5.5.9+dfsg-1ubuntu4.26 php5-ldap - 5.5.9+dfsg-1ubuntu4.26 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.26 php5 - 5.5.9+dfsg-1ubuntu4.26 php5-cli - 5.5.9+dfsg-1ubuntu4.26 php-pear - 5.5.9+dfsg-1ubuntu4.26 php5-sybase - 5.5.9+dfsg-1ubuntu4.26 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.26 php5-pspell - 5.5.9+dfsg-1ubuntu4.26 php5-common - 5.5.9+dfsg-1ubuntu4.26 libphp5-embed - 5.5.9+dfsg-1ubuntu4.26 No subscription required Medium CVE-2015-9253 CVE-2018-14851 CVE-2018-14883 Ubuntu 14.04 LTS It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428) It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429) Update Instructions: Run `sudo pro fix USN-3767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.40.2-0ubuntu1.1 libglib2.0-0-refdbg - 2.40.2-0ubuntu1.1 libglib2.0-data - 2.40.2-0ubuntu1.1 libglib2.0-udeb - 2.40.2-0ubuntu1.1 libglib2.0-tests - 2.40.2-0ubuntu1.1 libglib2.0-doc - 2.40.2-0ubuntu1.1 libglib2.0-bin - 2.40.2-0ubuntu1.1 libglib2.0-dev - 2.40.2-0ubuntu1.1 No subscription required Medium CVE-2018-16428 CVE-2018-16429 Ubuntu 14.04 LTS Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.10~dfsg-0ubuntu10.13 ghostscript-x - 9.10~dfsg-0ubuntu10.13 libgs-dev - 9.10~dfsg-0ubuntu10.13 ghostscript-doc - 9.10~dfsg-0ubuntu10.13 libgs9 - 9.10~dfsg-0ubuntu10.13 libgs9-common - 9.10~dfsg-0ubuntu10.13 No subscription required Medium CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.18 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.18 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.18 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.18 bind9utils - 1:9.9.5.dfsg-3ubuntu0.18 libdns100 - 1:9.9.5.dfsg-3ubuntu0.18 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.18 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.18 host - 1:9.9.5.dfsg-3ubuntu0.18 lwresd - 1:9.9.5.dfsg-3ubuntu0.18 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.18 libisc95 - 1:9.9.5.dfsg-3ubuntu0.18 bind9 - 1:9.9.5.dfsg-3ubuntu0.18 bind9-host - 1:9.9.5.dfsg-3ubuntu0.18 No subscription required Medium CVE-2018-5740 Ubuntu 14.04 LTS Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165) Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435) Update Instructions: Run `sudo pro fix USN-3770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblcms2-dev - 2.5-0ubuntu4.2 liblcms2-2 - 2.5-0ubuntu4.2 liblcms2-utils - 2.5-0ubuntu4.2 No subscription required Medium CVE-2016-10165 CVE-2018-16435 Ubuntu 14.04 LTS It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2018-10811) Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OIDs in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16151) Sze Yiu Chau discovered that strongSwan incorrectly handled certain parameters fields in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16152) It was discovered that strongSwan incorrectly handled the stroke plugin. A local administrator could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-5388) Update Instructions: Run `sudo pro fix USN-3771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.10 strongswan-plugin-unbound - 5.1.2-0ubuntu2.10 strongswan-plugin-farp - 5.1.2-0ubuntu2.10 strongswan-ikev1 - 5.1.2-0ubuntu2.10 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.10 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.10 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.10 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.10 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.10 strongswan-plugin-sql - 5.1.2-0ubuntu2.10 strongswan-plugin-coupling - 5.1.2-0ubuntu2.10 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.10 strongswan-plugin-lookip - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.10 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.10 strongswan-ike - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.10 libstrongswan - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.10 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.10 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.10 strongswan - 5.1.2-0ubuntu2.10 strongswan-tnc-server - 5.1.2-0ubuntu2.10 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.10 strongswan-tnc-base - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.10 strongswan-starter - 5.1.2-0ubuntu2.10 strongswan-plugin-curl - 5.1.2-0ubuntu2.10 strongswan-plugin-radattr - 5.1.2-0ubuntu2.10 strongswan-plugin-soup - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.10 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.10 strongswan-ikev2 - 5.1.2-0ubuntu2.10 strongswan-plugin-mysql - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.10 strongswan-plugin-openssl - 5.1.2-0ubuntu2.10 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.10 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.10 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.10 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.10 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.10 strongswan-pt-tls-client - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.10 strongswan-nm - 5.1.2-0ubuntu2.10 strongswan-plugin-ldap - 5.1.2-0ubuntu2.10 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.10 strongswan-tnc-pdp - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.10 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.10 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.10 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.10 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.10 strongswan-plugin-ntru - 5.1.2-0ubuntu2.10 strongswan-plugin-gmp - 5.1.2-0ubuntu2.10 strongswan-plugin-agent - 5.1.2-0ubuntu2.10 strongswan-plugin-pgp - 5.1.2-0ubuntu2.10 strongswan-tnc-client - 5.1.2-0ubuntu2.10 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.10 strongswan-plugin-unity - 5.1.2-0ubuntu2.10 strongswan-plugin-led - 5.1.2-0ubuntu2.10 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.10 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.10 No subscription required Medium CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-5388 Ubuntu 14.04 LTS It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3773-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.25~dfsg+1-0ubuntu0.14.04.1 ghostscript-x - 9.25~dfsg+1-0ubuntu0.14.04.1 libgs-dev - 9.25~dfsg+1-0ubuntu0.14.04.1 ghostscript-doc - 9.25~dfsg+1-0ubuntu0.14.04.1 libgs9 - 9.25~dfsg+1-0ubuntu0.14.04.1 libgs9-common - 9.25~dfsg+1-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-16510 CVE-2018-17183 Ubuntu 14.04 LTS It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.11 strongswan-plugin-unbound - 5.1.2-0ubuntu2.11 strongswan-plugin-farp - 5.1.2-0ubuntu2.11 strongswan-ikev1 - 5.1.2-0ubuntu2.11 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.11 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.11 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.11 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.11 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.11 strongswan-plugin-sql - 5.1.2-0ubuntu2.11 strongswan-plugin-coupling - 5.1.2-0ubuntu2.11 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.11 strongswan-plugin-lookip - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.11 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.11 strongswan-ike - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.11 libstrongswan - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.11 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.11 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.11 strongswan - 5.1.2-0ubuntu2.11 strongswan-tnc-server - 5.1.2-0ubuntu2.11 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.11 strongswan-tnc-base - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.11 strongswan-starter - 5.1.2-0ubuntu2.11 strongswan-plugin-curl - 5.1.2-0ubuntu2.11 strongswan-plugin-radattr - 5.1.2-0ubuntu2.11 strongswan-plugin-soup - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.11 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.11 strongswan-ikev2 - 5.1.2-0ubuntu2.11 strongswan-plugin-mysql - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.11 strongswan-plugin-openssl - 5.1.2-0ubuntu2.11 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.11 strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.11 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.11 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.11 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.11 strongswan-pt-tls-client - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.11 strongswan-nm - 5.1.2-0ubuntu2.11 strongswan-plugin-ldap - 5.1.2-0ubuntu2.11 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.11 strongswan-tnc-pdp - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.11 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.11 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.11 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.11 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.11 strongswan-plugin-ntru - 5.1.2-0ubuntu2.11 strongswan-plugin-gmp - 5.1.2-0ubuntu2.11 strongswan-plugin-agent - 5.1.2-0ubuntu2.11 strongswan-plugin-pgp - 5.1.2-0ubuntu2.11 strongswan-tnc-client - 5.1.2-0ubuntu2.11 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.11 strongswan-plugin-unity - 5.1.2-0ubuntu2.11 strongswan-plugin-led - 5.1.2-0ubuntu2.11 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.11 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.11 No subscription required Medium CVE-2018-17540 Ubuntu 14.04 LTS It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges. (CVE-2018-14634) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) Update Instructions: Run `sudo pro fix USN-3775-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-160-powerpc64-emb - 3.13.0-160.210 linux-image-extra-3.13.0-160-generic - 3.13.0-160.210 linux-image-3.13.0-160-generic - 3.13.0-160.210 linux-image-3.13.0-160-powerpc64-smp - 3.13.0-160.210 linux-image-3.13.0-160-lowlatency - 3.13.0-160.210 linux-image-3.13.0-160-powerpc-e500 - 3.13.0-160.210 linux-image-3.13.0-160-generic-lpae - 3.13.0-160.210 linux-image-3.13.0-160-powerpc-smp - 3.13.0-160.210 linux-image-3.13.0-160-powerpc-e500mc - 3.13.0-160.210 No subscription required High CVE-2018-14633 CVE-2018-14634 CVE-2018-15572 CVE-2018-15594 CVE-2018-6554 CVE-2018-6555 Ubuntu 14.04 LTS USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) It was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18216) It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) Update Instructions: Run `sudo pro fix USN-3776-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1031-aws - 4.4.0-1031.34 No subscription required linux-image-4.4.0-137-powerpc-smp - 4.4.0-137.163~14.04.1 linux-image-4.4.0-137-powerpc64-smp - 4.4.0-137.163~14.04.1 linux-image-4.4.0-137-powerpc64-emb - 4.4.0-137.163~14.04.1 linux-image-4.4.0-137-powerpc-e500mc - 4.4.0-137.163~14.04.1 linux-image-extra-4.4.0-137-generic - 4.4.0-137.163~14.04.1 linux-image-4.4.0-137-generic-lpae - 4.4.0-137.163~14.04.1 linux-image-4.4.0-137-lowlatency - 4.4.0-137.163~14.04.1 linux-image-4.4.0-137-generic - 4.4.0-137.163~14.04.1 No subscription required High CVE-2017-18216 CVE-2018-10902 CVE-2018-14633 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 Ubuntu 14.04 LTS A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-12386) It was discovered that the Array.prototype.push could leak memory addresses to the calling function in some circumstances. An attacker could exploit this in combination with another vulnerability to help execute arbitrary code. (CVE-2018-12387) Update Instructions: Run `sudo pro fix USN-3778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-nn - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ne - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-nb - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fa - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fi - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fr - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-fy - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-or - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-kab - 62.0.3+build1-0ubuntu0.14.04.2 firefox-testsuite - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-oc - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-cs - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ga - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gd - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gn - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gl - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-gu - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-pa - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-pl - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-cy - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-pt - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hi - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-uk - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-he - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hy - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hr - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hu - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-as - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ar - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ia - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-az - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-id - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mai - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-af - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-is - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-it - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-an - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-bs - 62.0.3+build1-0ubuntu0.14.04.2 firefox - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ro - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ja - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ru - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-br - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-zh-hant - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-zh-hans - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-bn - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-be - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-bg - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sl - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sk - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-si - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sw - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sv - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sr - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-sq - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ko - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-kn - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-km - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-kk - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ka - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-xh - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ca - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ku - 62.0.3+build1-0ubuntu0.14.04.2 firefox-mozsymbols - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-lv - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-lt - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-th - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-hsb - 62.0.3+build1-0ubuntu0.14.04.2 firefox-dev - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-te - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-cak - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ta - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-lg - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-tr - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-nso - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-de - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-da - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ms - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mr - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-my - 62.0.3+build1-0ubuntu0.14.04.2 firefox-globalmenu - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-uz - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ml - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mn - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-mk - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ur - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-vi - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-eu - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-et - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-es - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-csb - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-el - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-eo - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-en - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-zu - 62.0.3+build1-0ubuntu0.14.04.2 firefox-locale-ast - 62.0.3+build1-0ubuntu0.14.04.2 No subscription required Medium CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Ubuntu 14.04 LTS Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-12085) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294) Update Instructions: Run `sudo pro fix USN-3782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 2.5.3-2ubuntu1.5 liblouis2 - 2.5.3-2ubuntu1.5 python-louis - 2.5.3-2ubuntu1.5 liblouis-dev - 2.5.3-2ubuntu1.5 python3-louis - 2.5.3-2ubuntu1.5 liblouis-data - 2.5.3-2ubuntu1.5 No subscription required Medium CVE-2018-12085 CVE-2018-17294 Ubuntu 14.04 LTS As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files. Update Instructions: Run `sudo pro fix USN-3784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apparmor-docs - 2.10.95-0ubuntu2.6~14.04.4 python-apparmor - 2.10.95-0ubuntu2.6~14.04.4 libapparmor-dev - 2.10.95-0ubuntu2.6~14.04.4 libapparmor-perl - 2.10.95-0ubuntu2.6~14.04.4 libapparmor1 - 2.10.95-0ubuntu2.6~14.04.4 apparmor-notify - 2.10.95-0ubuntu2.6~14.04.4 apparmor-profiles - 2.10.95-0ubuntu2.6~14.04.4 python3-libapparmor - 2.10.95-0ubuntu2.6~14.04.4 python-libapparmor - 2.10.95-0ubuntu2.6~14.04.4 libpam-apparmor - 2.10.95-0ubuntu2.6~14.04.4 apparmor-easyprof - 2.10.95-0ubuntu2.6~14.04.4 apparmor - 2.10.95-0ubuntu2.6~14.04.4 python3-apparmor - 2.10.95-0ubuntu2.6~14.04.4 apparmor-utils - 2.10.95-0ubuntu2.6~14.04.4 libapache2-mod-apparmor - 2.10.95-0ubuntu2.6~14.04.4 dh-apparmor - 2.10.95-0ubuntu2.6~14.04.4 No subscription required None https://launchpad.net/bugs/1788929 https://launchpad.net/bugs/1794848 Ubuntu 14.04 LTS Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-16640, CVE-2018-16750) It was discovered that ImageMagick did not properly initialize a variable before using it when processing MAT images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14551) It was discovered that an information disclosure vulnerability existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (CVE-2018-16323) It was discovered that an out-of-bounds write vulnerability existed in ImageMagick when handling certain images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-16642) It was discovered that ImageMagick did not properly check for errors in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16643) It was discovered that ImageMagick did not properly validate image meta data in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16644) It was discovered that ImageMagick did not prevent excessive memory allocation when handling certain image types. An attacker could use this to cause a denial of service. (CVE-2018-16645) Sergej Schumilo and Cornelius Aschermann discovered that ImageMagick did not properly check for NULL in some situations when processing PNG images. An attacker could use this to cause a denial of service. (CVE-2018-16749) USN-3681-1 fixed vulnerabilities in Imagemagick. Unfortunately, the fix for CVE-2017-13144 introduced a regression in ImageMagick in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This update reverts the fix for CVE-2017-13144 for those releases. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-3785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.13 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13 imagemagick - 8:6.7.7.10-6ubuntu3.13 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13 libmagick++5 - 8:6.7.7.10-6ubuntu3.13 perlmagick - 8:6.7.7.10-6ubuntu3.13 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13 No subscription required Medium CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-14551 CVE-2018-16323 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 https://launchpad.net/bugs/1793485 Ubuntu 14.04 LTS It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864) Update Instructions: Run `sudo pro fix USN-3786-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxkbcommon-x11-dev - 0.4.1-0ubuntu1.1 libxkbcommon-dev - 0.4.1-0ubuntu1.1 libxkbcommon0 - 0.4.1-0ubuntu1.1 libxkbcommon-x11-0 - 0.4.1-0ubuntu1.1 No subscription required Medium CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 Ubuntu 14.04 LTS It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs. Update Instructions: Run `sudo pro fix USN-3787-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.52-1ubuntu0.16 libservlet3.0-java - 7.0.52-1ubuntu0.16 tomcat7-docs - 7.0.52-1ubuntu0.16 libservlet3.0-java-doc - 7.0.52-1ubuntu0.16 tomcat7 - 7.0.52-1ubuntu0.16 libtomcat7-java - 7.0.52-1ubuntu0.16 tomcat7-user - 7.0.52-1ubuntu0.16 tomcat7-admin - 7.0.52-1ubuntu0.16 tomcat7-examples - 7.0.52-1ubuntu0.16 No subscription required Medium CVE-2018-11784 Ubuntu 14.04 LTS Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-5700) It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17407) Update Instructions: Run `sudo pro fix USN-3788-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkpathsea6 - 2013.20130729.30972-2ubuntu0.1 libptexenc1 - 2013.20130729.30972-2ubuntu0.1 libptexenc-dev - 2013.20130729.30972-2ubuntu0.1 libkpathsea-dev - 2013.20130729.30972-2ubuntu0.1 texlive-binaries - 2013.20130729.30972-2ubuntu0.1 No subscription required Medium CVE-2015-5700 CVE-2018-17407 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3789-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav-testfiles - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav-base - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav - 0.100.2+dfsg-1ubuntu0.14.04.1 libclamav7 - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav-daemon - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav-milter - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav-docs - 0.100.2+dfsg-1ubuntu0.14.04.1 clamav-freshclam - 0.100.2+dfsg-1ubuntu0.14.04.1 No subscription required Medium CVE-2018-15378 Ubuntu 14.04 LTS It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-requests-whl - 2.2.1-1ubuntu0.4 python3-requests - 2.2.1-1ubuntu0.4 python-requests - 2.2.1-1ubuntu0.4 No subscription required Medium CVE-2018-18074 Ubuntu 14.04 LTS It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used. Update Instructions: Run `sudo pro fix USN-3791-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.9 gitweb - 1:1.9.1-1ubuntu0.9 git-gui - 1:1.9.1-1ubuntu0.9 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.9 git-arch - 1:1.9.1-1ubuntu0.9 git-bzr - 1:1.9.1-1ubuntu0.9 git-el - 1:1.9.1-1ubuntu0.9 gitk - 1:1.9.1-1ubuntu0.9 git-all - 1:1.9.1-1ubuntu0.9 git-mediawiki - 1:1.9.1-1ubuntu0.9 git-daemon-run - 1:1.9.1-1ubuntu0.9 git-man - 1:1.9.1-1ubuntu0.9 git-doc - 1:1.9.1-1ubuntu0.9 git-svn - 1:1.9.1-1ubuntu0.9 git-cvs - 1:1.9.1-1ubuntu0.9 git-core - 1:1.9.1-1ubuntu0.9 git-email - 1:1.9.1-1ubuntu0.9 No subscription required Medium CVE-2018-17456 Ubuntu 14.04 LTS It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3792-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsnmp-perl - 5.7.2~dfsg-8.1ubuntu3.3 libsnmp-dev - 5.7.2~dfsg-8.1ubuntu3.3 libsnmp-base - 5.7.2~dfsg-8.1ubuntu3.3 snmp - 5.7.2~dfsg-8.1ubuntu3.3 libsnmp30 - 5.7.2~dfsg-8.1ubuntu3.3 tkmib - 5.7.2~dfsg-8.1ubuntu3.3 snmpd - 5.7.2~dfsg-8.1ubuntu3.3 python-netsnmp - 5.7.2~dfsg-8.1ubuntu3.3 No subscription required Medium CVE-2018-18065 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) Update Instructions: Run `sudo pro fix USN-3793-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-br - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-bn - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-be - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-bg - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ja - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-sl - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-sk - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-si - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-gnome-support - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-sv - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-sr - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-sq - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-hsb - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-cy - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-cs - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ca - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-pt-br - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-pa - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ka - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ko - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-kk - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-kab - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-pl - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-tw - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-pt - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-nn-no - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-nb-no - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-bn-bd - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-lt - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-en-gb - 1:60.2.1+build1-0ubuntu0.14.04.2 xul-ext-calendar-timezones - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-de - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-da - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-uk - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-globalmenu - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-testsuite - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-dev - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-el - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-en-us - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-rm - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ms - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ro - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-eu - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-et - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-hant - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-hans - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ru - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-mk - 1:60.2.1+build1-0ubuntu0.14.04.2 xul-ext-gdata-provider - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-fr - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-es-es - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ta-lk - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-fy - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-fi - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ast - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-nl - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-nn - 1:60.2.1+build1-0ubuntu0.14.04.2 xul-ext-lightning - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ga-ie - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-fy-nl - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-nb - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-en - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-zh-cn - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-gl - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ga - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-tr - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-gd - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ta - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-dsb - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-it - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-hy - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-sv-se - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-hr - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-hu - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-pa-in - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-he - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-ar - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-af - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-pt-pt - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-is - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-vi - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-mozsymbols - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-es - 1:60.2.1+build1-0ubuntu0.14.04.2 thunderbird-locale-id - 1:60.2.1+build1-0ubuntu0.14.04.2 No subscription required Medium CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 Ubuntu 14.04 LTS It was discovered that MoinMoin incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3794-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.7-1ubuntu2.2 No subscription required Medium CVE-2017-5934 Ubuntu 14.04 LTS Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3795-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.6.1-0ubuntu3.4 libssh-dev - 0.6.1-0ubuntu3.4 libssh-doc - 0.6.1-0ubuntu3.4 No subscription required Medium CVE-2018-10933 Ubuntu 14.04 LTS USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3795-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.6.1-0ubuntu3.5 libssh-dev - 0.6.1-0ubuntu3.5 libssh-doc - 0.6.1-0ubuntu3.5 No subscription required None https://launchpad.net/bugs/1805348 Ubuntu 14.04 LTS Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: paramiko-doc - 1.10.1-1git1ubuntu0.2 python-paramiko - 1.10.1-1git1ubuntu0.2 No subscription required Medium CVE-2018-1000805 Ubuntu 14.04 LTS USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that a integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363) Yves Younan discovered that the CIPSO labeling implementation in the Linux kernel did not properly handle IP header options in some situations. A remote attacker could use this to specially craft network traffic that could cause a denial of service (infinite loop). (CVE-2018-10938) Update Instructions: Run `sudo pro fix USN-3797-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1032-aws - 4.4.0-1032.35 No subscription required linux-image-4.4.0-138-powerpc-smp - 4.4.0-138.164~14.04.1 linux-image-4.4.0-138-powerpc64-emb - 4.4.0-138.164~14.04.1 linux-image-4.4.0-138-powerpc-e500mc - 4.4.0-138.164~14.04.1 linux-image-4.4.0-138-powerpc64-smp - 4.4.0-138.164~14.04.1 linux-image-extra-4.4.0-138-generic - 4.4.0-138.164~14.04.1 linux-image-4.4.0-138-generic - 4.4.0-138.164~14.04.1 linux-image-4.4.0-138-generic-lpae - 4.4.0-138.164~14.04.1 linux-image-4.4.0-138-lowlatency - 4.4.0-138.164~14.04.1 No subscription required Medium CVE-2018-10938 CVE-2018-14734 CVE-2018-16658 CVE-2018-9363 Ubuntu 14.04 LTS Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8539) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913) Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) discovered a race condition in the generic SCSI driver (sg) of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0794) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18216) Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock). (CVE-2018-1000004) 范龙飞 discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use- after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7566) It was discovered that a buffer overflow existed in the NFC Logical Link Control Protocol (llcp) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9518) Update Instructions: Run `sudo pro fix USN-3798-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-161-powerpc64-smp - 3.13.0-161.211 linux-image-3.13.0-161-generic-lpae - 3.13.0-161.211 linux-image-3.13.0-161-lowlatency - 3.13.0-161.211 linux-image-3.13.0-161-powerpc-e500 - 3.13.0-161.211 linux-image-3.13.0-161-generic - 3.13.0-161.211 linux-image-extra-3.13.0-161-generic - 3.13.0-161.211 linux-image-3.13.0-161-powerpc-smp - 3.13.0-161.211 linux-image-3.13.0-161-powerpc-e500mc - 3.13.0-161.211 linux-image-3.13.0-161-powerpc64-emb - 3.13.0-161.211 No subscription required Medium CVE-2015-8539 CVE-2016-7913 CVE-2017-0794 CVE-2017-15299 CVE-2017-18216 CVE-2018-1000004 CVE-2018-7566 CVE-2018-9518 Ubuntu 14.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Update Instructions: Run `sudo pro fix USN-3799-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-source-5.5 - 5.5.62-0ubuntu0.14.04.1 mysql-client - 5.5.62-0ubuntu0.14.04.1 libmysqlclient18 - 5.5.62-0ubuntu0.14.04.1 libmysqlclient-dev - 5.5.62-0ubuntu0.14.04.1 libmysqld-pic - 5.5.62-0ubuntu0.14.04.1 mysql-client-core-5.5 - 5.5.62-0ubuntu0.14.04.1 mysql-client-5.5 - 5.5.62-0ubuntu0.14.04.1 mysql-server-5.5 - 5.5.62-0ubuntu0.14.04.1 mysql-common - 5.5.62-0ubuntu0.14.04.1 mysql-server - 5.5.62-0ubuntu0.14.04.1 mysql-testsuite - 5.5.62-0ubuntu0.14.04.1 mysql-server-core-5.5 - 5.5.62-0ubuntu0.14.04.1 libmysqld-dev - 5.5.62-0ubuntu0.14.04.1 mysql-testsuite-5.5 - 5.5.62-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-3133 CVE-2018-3143 CVE-2018-3144 CVE-2018-3155 CVE-2018-3156 CVE-2018-3161 CVE-2018-3162 CVE-2018-3171 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3187 CVE-2018-3200 CVE-2018-3247 CVE-2018-3251 CVE-2018-3276 CVE-2018-3277 CVE-2018-3278 CVE-2018-3282 CVE-2018-3283 CVE-2018-3284 Ubuntu 14.04 LTS It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-13440) It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17095) Update Instructions: Run `sudo pro fix USN-3800-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools - 0.3.6-2ubuntu0.14.04.3 libaudiofile-dev - 0.3.6-2ubuntu0.14.04.3 libaudiofile1 - 0.3.6-2ubuntu0.14.04.3 No subscription required Medium CVE-2018-13440 CVE-2018-17095 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397) Update Instructions: Run `sudo pro fix USN-3801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-nn - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ne - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-nb - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-fa - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-fi - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-fr - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-fy - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-or - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-kab - 63.0+build2-0ubuntu0.14.04.2 firefox-testsuite - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-oc - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-cs - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ga - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-gd - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-gn - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-gl - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-gu - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-pa - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-pl - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-cy - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-pt - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-hi - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-uk - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-he - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-hy - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-hr - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-hu - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-as - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ar - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ia - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-az - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-id - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-mai - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-af - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-is - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-it - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-an - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-bs - 63.0+build2-0ubuntu0.14.04.2 firefox - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ro - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ja - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ru - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-br - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-zh-hant - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-zh-hans - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-bn - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-be - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-bg - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-sl - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-sk - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-si - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-sw - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-sv - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-sr - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-sq - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ko - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-kn - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-km - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-kk - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ka - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-xh - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ca - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ku - 63.0+build2-0ubuntu0.14.04.2 firefox-mozsymbols - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-lv - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-lt - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-th - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-hsb - 63.0+build2-0ubuntu0.14.04.2 firefox-dev - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-te - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-cak - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ta - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-lg - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-tr - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-nso - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-de - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-da - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ms - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-mr - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-my - 63.0+build2-0ubuntu0.14.04.2 firefox-globalmenu - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-uz - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ml - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-mn - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-mk - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ur - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-vi - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-eu - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-et - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-es - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-csb - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-el - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-eo - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-en - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-zu - 63.0+build2-0ubuntu0.14.04.2 firefox-locale-ast - 63.0+build2-0ubuntu0.14.04.2 No subscription required Medium CVE-2018-12388 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12398 CVE-2018-12399 CVE-2018-12401 CVE-2018-12402 CVE-2018-12403 Ubuntu 14.04 LTS USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397) Update Instructions: Run `sudo pro fix USN-3801-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nn - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ne - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nb - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fa - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fi - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fr - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fy - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-or - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kab - 63.0.3+build1-0ubuntu0.14.04.1 firefox-testsuite - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-oc - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cs - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ga - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gd - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gn - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gl - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gu - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pa - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pl - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cy - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pt - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hi - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uk - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-he - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hy - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hr - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hu - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-as - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ar - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ia - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-az - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-id - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mai - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-af - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-is - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-it - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-an - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bs - 63.0.3+build1-0ubuntu0.14.04.1 firefox - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ro - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ja - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ru - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-br - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bn - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-be - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bg - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sl - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sk - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-si - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sw - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sv - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sr - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sq - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ko - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kn - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-km - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kk - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ka - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-xh - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ca - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ku - 63.0.3+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lv - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lt - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-th - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 63.0.3+build1-0ubuntu0.14.04.1 firefox-dev - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-te - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cak - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ta - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lg - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-tr - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nso - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-de - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-da - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ms - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mr - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-my - 63.0.3+build1-0ubuntu0.14.04.1 firefox-globalmenu - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uz - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ml - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mn - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mk - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ur - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-vi - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eu - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-et - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-es - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-csb - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-el - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eo - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-en - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zu - 63.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ast - 63.0.3+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1804881 Ubuntu 14.04 LTS Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3803-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.25~dfsg+1-0ubuntu0.14.04.2 ghostscript-x - 9.25~dfsg+1-0ubuntu0.14.04.2 libgs-dev - 9.25~dfsg+1-0ubuntu0.14.04.2 ghostscript-doc - 9.25~dfsg+1-0ubuntu0.14.04.2 libgs9 - 9.25~dfsg+1-0ubuntu0.14.04.2 libgs9-common - 9.25~dfsg+1-0ubuntu0.14.04.2 No subscription required Medium CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Ubuntu 14.04 LTS Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840) Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842) Update Instructions: Run `sudo pro fix USN-3805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.19 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.19 libcurl4-openssl-dev - 7.35.0-1ubuntu2.19 libcurl3-gnutls - 7.35.0-1ubuntu2.19 libcurl3-udeb - 7.35.0-1ubuntu2.19 libcurl4-doc - 7.35.0-1ubuntu2.19 libcurl3-nss - 7.35.0-1ubuntu2.19 libcurl4-nss-dev - 7.35.0-1ubuntu2.19 libcurl3 - 7.35.0-1ubuntu2.19 curl - 7.35.0-1ubuntu2.19 No subscription required Medium CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 Ubuntu 14.04 LTS It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. (CVE-2018-16395) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16396) Update Instructions: Run `sudo pro fix USN-3808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.13 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.13 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.13 ruby1.9.1-full - 1.9.3.484-2ubuntu1.13 libruby1.9.1 - 1.9.3.484-2ubuntu1.13 ri1.9.1 - 1.9.3.484-2ubuntu1.13 ruby1.9.1 - 1.9.3.484-2ubuntu1.13 ruby1.9.3 - 1.9.3.484-2ubuntu1.13 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.11 libruby2.0 - 2.0.0.484-1ubuntu2.11 ruby2.0-doc - 2.0.0.484-1ubuntu2.11 ruby2.0 - 2.0.0.484-1ubuntu2.11 ruby2.0-dev - 2.0.0.484-1ubuntu2.11 No subscription required Medium CVE-2018-16395 CVE-2018-16396 Ubuntu 14.04 LTS Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update Instructions: Run `sudo pro fix USN-3809-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.11 openssh-client - 1:6.6p1-2ubuntu2.11 openssh-server - 1:6.6p1-2ubuntu2.11 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.11 ssh - 1:6.6p1-2ubuntu2.11 ssh-krb5 - 1:6.6p1-2ubuntu2.11 openssh-client-udeb - 1:6.6p1-2ubuntu2.11 openssh-sftp-server - 1:6.6p1-2ubuntu2.11 No subscription required Low CVE-2016-10708 CVE-2018-15473 Ubuntu 14.04 LTS Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication. Update Instructions: Run `sudo pro fix USN-3810-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.5-5.1ubuntu2.3 ppp - 2.4.5-5.1ubuntu2.3 ppp-dev - 2.4.5-5.1ubuntu2.3 No subscription required Medium CVE-2018-11574 Ubuntu 14.04 LTS It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-15705) It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-11780) It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2018-11781) Update Instructions: Run `sudo pro fix USN-3811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.14.04.1 sa-compile - 3.4.2-0ubuntu0.14.04.1 spamc - 3.4.2-0ubuntu0.14.04.1 No subscription required Medium CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Ubuntu 14.04 LTS It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844) It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845) Update Instructions: Run `sudo pro fix USN-3812-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.9 nginx-core - 1.4.6-1ubuntu3.9 nginx-common - 1.4.6-1ubuntu3.9 nginx-full - 1.4.6-1ubuntu3.9 nginx - 1.4.6-1ubuntu3.9 nginx-doc - 1.4.6-1ubuntu3.9 nginx-naxsi - 1.4.6-1ubuntu3.9 nginx-naxsi-ui - 1.4.6-1ubuntu3.9 nginx-light - 1.4.6-1ubuntu3.9 No subscription required Medium CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Ubuntu 14.04 LTS Updated: 2018-11-21: The embedded version of libmspack in ClamAV was found to not be affected by the listed vulnerabilities, therefore the following is not applicable. USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585) Update Instructions: Run `sudo pro fix USN-3814-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav-testfiles - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav-base - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav - 0.100.2+dfsg-1ubuntu0.14.04.2 libclamav7 - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav-daemon - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav-milter - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav-docs - 0.100.2+dfsg-1ubuntu0.14.04.2 clamav-freshclam - 0.100.2+dfsg-1ubuntu0.14.04.2 No subscription required Medium CVE-2018-18584 CVE-2018-18585 Ubuntu 14.04 LTS It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3815-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasprintf-dev - 0.18.3.1-1ubuntu3.1 gettext - 0.18.3.1-1ubuntu3.1 libasprintf0c2 - 0.18.3.1-1ubuntu3.1 gettext-el - 0.18.3.1-1ubuntu3.1 libgettextpo0 - 0.18.3.1-1ubuntu3.1 gettext-base - 0.18.3.1-1ubuntu3.1 libgettextpo-dev - 0.18.3.1-1ubuntu3.1 autopoint - 0.18.3.1-1ubuntu3.1 gettext-doc - 0.18.3.1-1ubuntu3.1 No subscription required Medium CVE-2018-18751 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat's hash salt. A remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647) Update Instructions: Run `sudo pro fix USN-3817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.5 python2.7-doc - 2.7.6-8ubuntu0.5 libpython2.7-stdlib - 2.7.6-8ubuntu0.5 libpython2.7-minimal - 2.7.6-8ubuntu0.5 libpython2.7-testsuite - 2.7.6-8ubuntu0.5 python2.7 - 2.7.6-8ubuntu0.5 idle-python2.7 - 2.7.6-8ubuntu0.5 python2.7-examples - 2.7.6-8ubuntu0.5 libpython2.7 - 2.7.6-8ubuntu0.5 libpython2.7-dev - 2.7.6-8ubuntu0.5 python2.7-minimal - 2.7.6-8ubuntu0.5 No subscription required python3.4-examples - 3.4.3-1ubuntu1~14.04.7 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7 python3.4-venv - 3.4.3-1ubuntu1~14.04.7 python3.4-doc - 3.4.3-1ubuntu1~14.04.7 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7 python3.4-dev - 3.4.3-1ubuntu1~14.04.7 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7 python3.4 - 3.4.3-1ubuntu1~14.04.7 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7 libpython3.4 - 3.4.3-1ubuntu1~14.04.7 No subscription required Medium CVE-2018-1000030 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 Ubuntu 14.04 LTS Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471) It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363) Update Instructions: Run `sudo pro fix USN-3820-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1031-azure - 4.15.0-1031.32~14.04.1 No subscription required High CVE-2017-13168 CVE-2018-15471 CVE-2018-16658 CVE-2018-9363 Ubuntu 14.04 LTS USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the f2fs filesystem implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096) Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem implementation in the Linux kernel did not properly handle relocations in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Update Instructions: Run `sudo pro fix USN-3821-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1034-aws - 4.4.0-1034.37 No subscription required linux-image-4.4.0-139-generic-lpae - 4.4.0-139.165~14.04.1 linux-image-4.4.0-139-lowlatency - 4.4.0-139.165~14.04.1 linux-image-4.4.0-139-generic - 4.4.0-139.165~14.04.1 linux-image-4.4.0-139-powerpc-e500mc - 4.4.0-139.165~14.04.1 linux-image-4.4.0-139-powerpc64-smp - 4.4.0-139.165~14.04.1 linux-image-4.4.0-139-powerpc64-emb - 4.4.0-139.165~14.04.1 linux-image-extra-4.4.0-139-generic - 4.4.0-139.165~14.04.1 linux-image-4.4.0-139-powerpc-smp - 4.4.0-139.165~14.04.1 No subscription required Medium CVE-2018-10880 CVE-2018-13053 CVE-2018-13096 CVE-2018-14609 CVE-2018-14617 CVE-2018-17972 CVE-2018-18021 Ubuntu 14.04 LTS Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363) Update Instructions: Run `sudo pro fix USN-3822-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-162-powerpc64-emb - 3.13.0-162.212 linux-image-3.13.0-162-generic - 3.13.0-162.212 linux-image-3.13.0-162-powerpc-e500mc - 3.13.0-162.212 linux-image-3.13.0-162-lowlatency - 3.13.0-162.212 linux-image-3.13.0-162-powerpc-e500 - 3.13.0-162.212 linux-image-3.13.0-162-generic-lpae - 3.13.0-162.212 linux-image-3.13.0-162-powerpc-smp - 3.13.0-162.212 linux-image-extra-3.13.0-162-generic - 3.13.0-162.212 linux-image-3.13.0-162-powerpc64-smp - 3.13.0-162.212 No subscription required Medium CVE-2016-9588 CVE-2017-13168 CVE-2017-16649 CVE-2018-16658 CVE-2018-9363 Ubuntu 14.04 LTS It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. (CVE-2018-3139) It was discovered that the Java Naming and Directory Interface (JNDI) implementation in OpenJDK did not properly enforce restrictions specified by system properties in some situations. An attacker could potentially use this to execute arbitrary code. (CVE-2018-3149) It was discovered that the Hotspot component of OpenJDK did not properly perform access checks in certain cases when performing field link resolution. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3169) Felix Dörre discovered that the Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information. (CVE-2018-3180) Update Instructions: Run `sudo pro fix USN-3824-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u181-2.6.14-0ubuntu0.3 openjdk-7-source - 7u181-2.6.14-0ubuntu0.3 icedtea-7-jre-jamvm - 7u181-2.6.14-0ubuntu0.3 openjdk-7-tests - 7u181-2.6.14-0ubuntu0.3 openjdk-7-jre-lib - 7u181-2.6.14-0ubuntu0.3 openjdk-7-jdk - 7u181-2.6.14-0ubuntu0.3 openjdk-7-jre-headless - 7u181-2.6.14-0ubuntu0.3 openjdk-7-jre - 7u181-2.6.14-0ubuntu0.3 openjdk-7-doc - 7u181-2.6.14-0ubuntu0.3 openjdk-7-demo - 7u181-2.6.14-0ubuntu0.3 No subscription required Medium CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 Ubuntu 14.04 LTS Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update Instructions: Run `sudo pro fix USN-3825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-perl2 - 2.0.8+httpd24-r1449661-6ubuntu2.1 libapache2-mod-perl2-doc - 2.0.8+httpd24-r1449661-6ubuntu2.1 libapache2-mod-perl2-dev - 2.0.8+httpd24-r1449661-6ubuntu2.1 No subscription required Medium CVE-2011-2767 Ubuntu 14.04 LTS Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-11806) Fakhri Zulkifli discovered that the QEMU guest agent incorrectly handled certain QMP commands. An attacker could possibly use this issue to crash the QEMU guest agent, resulting in a denial of service. (CVE-2018-12617) Li Qiang discovered that QEMU incorrectly handled NVM Express Controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled RTL8139 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled PCNET device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962) Daniel Shapira discovered that QEMU incorrectly handled large packet sizes. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17963) It was discovered that QEMU incorrectly handled LSI53C895A device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-18849) Moguofang discovered that QEMU incorrectly handled the IPowerNV LPC controller. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-18954) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19364) Update Instructions: Run `sudo pro fix USN-3826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.44 qemu-user-static - 2.0.0+dfsg-2ubuntu1.44 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.44 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.44 qemu-kvm - 2.0.0+dfsg-2ubuntu1.44 qemu-user - 2.0.0+dfsg-2ubuntu1.44 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.44 qemu-system - 2.0.0+dfsg-2ubuntu1.44 qemu-utils - 2.0.0+dfsg-2ubuntu1.44 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.44 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.44 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.44 qemu-common - 2.0.0+dfsg-2ubuntu1.44 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.44 qemu - 2.0.0+dfsg-2ubuntu1.44 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.44 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.44 No subscription required Medium CVE-2018-10839 CVE-2018-11806 CVE-2018-12617 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 Ubuntu 14.04 LTS Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-14629) Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16841) Garming Sam discovered that Samba incorrectly handled memory when processing LDAP searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16851) Update Instructions: Run `sudo pro fix USN-3827-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.19 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.19 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.19 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.19 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.19 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.19 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.19 No subscription required Medium CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 Ubuntu 14.04 LTS It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-19486) Update Instructions: Run `sudo pro fix USN-3829-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.10 gitweb - 1:1.9.1-1ubuntu0.10 git-gui - 1:1.9.1-1ubuntu0.10 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.10 git-arch - 1:1.9.1-1ubuntu0.10 git-bzr - 1:1.9.1-1ubuntu0.10 git-el - 1:1.9.1-1ubuntu0.10 gitk - 1:1.9.1-1ubuntu0.10 git-all - 1:1.9.1-1ubuntu0.10 git-mediawiki - 1:1.9.1-1ubuntu0.10 git-daemon-run - 1:1.9.1-1ubuntu0.10 git-man - 1:1.9.1-1ubuntu0.10 git-doc - 1:1.9.1-1ubuntu0.10 git-svn - 1:1.9.1-1ubuntu0.10 git-cvs - 1:1.9.1-1ubuntu0.10 git-core - 1:1.9.1-1ubuntu0.10 git-email - 1:1.9.1-1ubuntu0.10 No subscription required Medium CVE-2017-15298 CVE-2018-19486 Ubuntu 14.04 LTS It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3831-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.14.04.1 ghostscript-x - 9.26~dfsg+0-0ubuntu0.14.04.1 libgs-dev - 9.26~dfsg+0-0ubuntu0.14.04.1 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.14.04.1 libgs9 - 9.26~dfsg+0-0ubuntu0.14.04.1 libgs9-common - 9.26~dfsg+0-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Ubuntu 14.04 LTS USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory details: It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3831-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.14.04.3 ghostscript-x - 9.26~dfsg+0-0ubuntu0.14.04.3 libgs-dev - 9.26~dfsg+0-0ubuntu0.14.04.3 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.14.04.3 libgs9 - 9.26~dfsg+0-0ubuntu0.14.04.3 libgs9-common - 9.26~dfsg+0-0ubuntu0.14.04.3 No subscription required None https://launchpad.net/bugs/1806517 Ubuntu 14.04 LTS Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314) Update Instructions: Run `sudo pro fix USN-3834-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.7 perl-doc - 5.18.2-2ubuntu1.7 libperl5.18 - 5.18.2-2ubuntu1.7 perl-base - 5.18.2-2ubuntu1.7 perl-modules - 5.18.2-2ubuntu1.7 libcgi-fast-perl - 5.18.2-2ubuntu1.7 perl - 5.18.2-2ubuntu1.7 perl-debug - 5.18.2-2ubuntu1.7 No subscription required Medium CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 Ubuntu 14.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-19149) Update Instructions: Run `sudo pro fix USN-3837-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.13 libpoppler-qt5-1 - 0.24.5-2ubuntu4.13 libpoppler-cpp-dev - 0.24.5-2ubuntu4.13 libpoppler-cpp0 - 0.24.5-2ubuntu4.13 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.13 libpoppler-dev - 0.24.5-2ubuntu4.13 libpoppler-glib8 - 0.24.5-2ubuntu4.13 libpoppler-private-dev - 0.24.5-2ubuntu4.13 libpoppler-qt4-dev - 0.24.5-2ubuntu4.13 libpoppler-glib-dev - 0.24.5-2ubuntu4.13 libpoppler-qt4-4 - 0.24.5-2ubuntu4.13 libpoppler44 - 0.24.5-2ubuntu4.13 libpoppler-qt5-dev - 0.24.5-2ubuntu4.13 libpoppler-glib-doc - 0.24.5-2ubuntu4.13 No subscription required Medium CVE-2018-16646 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 Ubuntu 14.04 LTS USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-19149) Update Instructions: Run `sudo pro fix USN-3837-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.14 libpoppler-qt5-1 - 0.24.5-2ubuntu4.14 libpoppler-cpp-dev - 0.24.5-2ubuntu4.14 libpoppler-cpp0 - 0.24.5-2ubuntu4.14 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.14 libpoppler-dev - 0.24.5-2ubuntu4.14 libpoppler-glib8 - 0.24.5-2ubuntu4.14 libpoppler-private-dev - 0.24.5-2ubuntu4.14 libpoppler-qt4-dev - 0.24.5-2ubuntu4.14 libpoppler-glib-dev - 0.24.5-2ubuntu4.14 libpoppler-qt4-4 - 0.24.5-2ubuntu4.14 libpoppler44 - 0.24.5-2ubuntu4.14 libpoppler-qt5-dev - 0.24.5-2ubuntu4.14 libpoppler-glib-doc - 0.24.5-2ubuntu4.14 No subscription required Low CVE-2018-16646 CVE-2018-19149 Ubuntu 14.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3838-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw9 - 0.15.4-1ubuntu0.3 libraw-doc - 0.15.4-1ubuntu0.3 libraw-bin - 0.15.4-1ubuntu0.3 libraw-dev - 0.15.4-1ubuntu0.3 No subscription required Medium CVE-2018-5807 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 Ubuntu 14.04 LTS It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19840, CVE-2018-19841) Update Instructions: Run `sudo pro fix USN-3839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 4.70.0-1ubuntu0.2 libwavpack-dev - 4.70.0-1ubuntu0.2 wavpack - 4.70.0-1ubuntu0.2 No subscription required Medium CVE-2018-19840 CVE-2018-19841 Ubuntu 14.04 LTS Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407) Update Instructions: Run `sudo pro fix USN-3840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.27 libssl-dev - 1.0.1f-1ubuntu2.27 openssl - 1.0.1f-1ubuntu2.27 libssl-doc - 1.0.1f-1ubuntu2.27 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.27 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.27 No subscription required Low CVE-2018-0734 CVE-2018-0735 CVE-2018-5407 Ubuntu 14.04 LTS It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-3841-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.3.3-1ubuntu0.2 python-lxml - 3.3.3-1ubuntu0.2 python-lxml-doc - 3.3.3-1ubuntu0.2 No subscription required Medium CVE-2018-19787 Ubuntu 14.04 LTS Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery (CSRF) attacks. Update Instructions: Run `sudo pro fix USN-3842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 1.7.2-0ubuntu1.11 libcups2-dev - 1.7.2-0ubuntu1.11 cups-bsd - 1.7.2-0ubuntu1.11 libcupsmime1 - 1.7.2-0ubuntu1.11 cups-common - 1.7.2-0ubuntu1.11 cups-core-drivers - 1.7.2-0ubuntu1.11 cups-server-common - 1.7.2-0ubuntu1.11 libcupsimage2 - 1.7.2-0ubuntu1.11 cups-client - 1.7.2-0ubuntu1.11 libcupscgi1-dev - 1.7.2-0ubuntu1.11 libcups2 - 1.7.2-0ubuntu1.11 libcupsmime1-dev - 1.7.2-0ubuntu1.11 cups-ppdc - 1.7.2-0ubuntu1.11 libcupsppdc1 - 1.7.2-0ubuntu1.11 cups - 1.7.2-0ubuntu1.11 libcupsppdc1-dev - 1.7.2-0ubuntu1.11 libcupsimage2-dev - 1.7.2-0ubuntu1.11 cups-daemon - 1.7.2-0ubuntu1.11 No subscription required Medium CVE-2018-4700 Ubuntu 14.04 LTS It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpixman-1-0 - 0.30.2-2ubuntu1.2 libpixman-1-dev - 0.30.2-2ubuntu1.2 libpixman-1-0-udeb - 0.30.2-2ubuntu1.2 No subscription required Medium CVE-2015-5297 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. (CVE-2018-18495, CVE-2018-18497) Update Instructions: Run `sudo pro fix USN-3844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-nn - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ne - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-nb - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-fa - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-fi - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-fr - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-fy - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-or - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-kab - 64.0+build3-0ubuntu0.14.04.1 firefox-testsuite - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-oc - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-cs - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ga - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-gd - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-gn - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-gl - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-gu - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-pa - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-pl - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-cy - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-pt - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-hi - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-uk - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-he - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-hy - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-hr - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-hu - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-as - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ar - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ia - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-az - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-id - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-mai - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-af - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-is - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-it - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-an - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-bs - 64.0+build3-0ubuntu0.14.04.1 firefox - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ro - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ja - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ru - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-br - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hant - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-zh-hans - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-bn - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-be - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-bg - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-sl - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-sk - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-si - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-sw - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-sv - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-sr - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-sq - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ko - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-kn - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-km - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-kk - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ka - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-xh - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ca - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ku - 64.0+build3-0ubuntu0.14.04.1 firefox-mozsymbols - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-lv - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-lt - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-th - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-hsb - 64.0+build3-0ubuntu0.14.04.1 firefox-dev - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-te - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-cak - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ta - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-lg - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-tr - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-nso - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-de - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-da - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ms - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-mr - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-my - 64.0+build3-0ubuntu0.14.04.1 firefox-globalmenu - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-uz - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ml - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-mn - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-mk - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ur - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-vi - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-eu - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-et - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-es - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-csb - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-el - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-eo - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-en - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-zu - 64.0+build3-0ubuntu0.14.04.1 firefox-locale-ast - 64.0+build3-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 CVE-2018-18498 Ubuntu 14.04 LTS Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789) Update Instructions: Run `sudo pro fix USN-3845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp1 - 1.0.2-2ubuntu1.2 libfreerdp-plugins-standard - 1.0.2-2ubuntu1.2 freerdp-x11 - 1.0.2-2ubuntu1.2 libfreerdp-dev - 1.0.2-2ubuntu1.2 No subscription required Medium CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Ubuntu 14.04 LTS USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Update Instructions: Run `sudo pro fix USN-3847-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1036-azure - 4.15.0-1036.38~14.04.2 No subscription required Medium CVE-2018-10902 CVE-2018-12896 CVE-2018-14734 CVE-2018-16276 CVE-2018-18445 CVE-2018-18690 CVE-2018-18710 Ubuntu 14.04 LTS USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Update Instructions: Run `sudo pro fix USN-3848-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1037-aws - 4.4.0-1037.40 No subscription required linux-image-4.4.0-141-powerpc-smp - 4.4.0-141.167~14.04.1 linux-image-4.4.0-141-powerpc-e500mc - 4.4.0-141.167~14.04.1 linux-image-4.4.0-141-powerpc64-smp - 4.4.0-141.167~14.04.1 linux-image-4.4.0-141-powerpc64-emb - 4.4.0-141.167~14.04.1 linux-image-extra-4.4.0-141-generic - 4.4.0-141.167~14.04.1 linux-image-4.4.0-141-generic - 4.4.0-141.167~14.04.1 linux-image-4.4.0-141-generic-lpae - 4.4.0-141.167~14.04.1 linux-image-4.4.0-141-lowlatency - 4.4.0-141.167~14.04.1 No subscription required Medium CVE-2017-18174 CVE-2018-12896 CVE-2018-18690 CVE-2018-18710 Ubuntu 14.04 LTS It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2647) It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) Tetsuo Handa discovered a logic error in the TTY subsystem of the Linux kernel. A local attacker with access to pseudo terminal devices could use this to cause a denial of service. (CVE-2018-18386) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Update Instructions: Run `sudo pro fix USN-3849-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-164-powerpc-e500mc - 3.13.0-164.214 linux-image-3.13.0-164-powerpc-e500 - 3.13.0-164.214 linux-image-3.13.0-164-powerpc-smp - 3.13.0-164.214 linux-image-3.13.0-164-powerpc64-emb - 3.13.0-164.214 linux-image-3.13.0-164-lowlatency - 3.13.0-164.214 linux-image-3.13.0-164-generic - 3.13.0-164.214 linux-image-3.13.0-164-powerpc64-smp - 3.13.0-164.214 linux-image-extra-3.13.0-164-generic - 3.13.0-164.214 linux-image-3.13.0-164-generic-lpae - 3.13.0-164.214 No subscription required Medium CVE-2017-2647 CVE-2018-10902 CVE-2018-12896 CVE-2018-14734 CVE-2018-16276 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 Ubuntu 14.04 LTS Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404) Update Instructions: Run `sudo pro fix USN-3850-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.4 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.4 libnss3 - 2:3.28.4-0ubuntu0.14.04.4 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.4 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.4 No subscription required Medium CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 Ubuntu 14.04 LTS It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL. Update Instructions: Run `sudo pro fix USN-3851-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3 python-django - 1.6.11-0ubuntu1.3 No subscription required Medium CVE-2019-3498 Ubuntu 14.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669, CVE-2017-9239, CVE-2018-16336, CVE-2018-1758) Update Instructions: Run `sudo pro fix USN-3852-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.23-1ubuntu2.2 libexiv2-12 - 0.23-1ubuntu2.2 libexiv2-doc - 0.23-1ubuntu2.2 libexiv2-dev - 0.23-1ubuntu2.2 No subscription required Medium CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-9239 CVE-2018-16336 CVE-2018-17581 Ubuntu 14.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-14502) Update Instructions: Run `sudo pro fix USN-3859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.7 libarchive13 - 3.1.2-7ubuntu2.7 bsdtar - 3.1.2-7ubuntu2.7 libarchive-dev - 3.1.2-7ubuntu2.7 No subscription required Medium CVE-2017-14502 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880 Ubuntu 14.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20546, CVE-2018-20547) Update Instructions: Run `sudo pro fix USN-3860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta18-1ubuntu5.1 libcaca-dev - 0.99.beta18-1ubuntu5.1 libcaca0 - 0.99.beta18-1ubuntu5.1 No subscription required Medium CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 Ubuntu 14.04 LTS It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Update Instructions: Run `sudo pro fix USN-3861-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-4ubuntu3.14.04.5 policykit-1-doc - 0.105-4ubuntu3.14.04.5 libpolkit-gobject-1-dev - 0.105-4ubuntu3.14.04.5 libpolkit-agent-1-0 - 0.105-4ubuntu3.14.04.5 libpolkit-gobject-1-0 - 0.105-4ubuntu3.14.04.5 policykit-1 - 0.105-4ubuntu3.14.04.5 gir1.2-polkit-1.0 - 0.105-4ubuntu3.14.04.5 libpolkit-backend-1-dev - 0.105-4ubuntu3.14.04.5 libpolkit-agent-1-dev - 0.105-4ubuntu3.14.04.5 No subscription required Medium CVE-2018-19788 Ubuntu 14.04 LTS It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3862-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.15-5ubuntu3.6 irssi - 0.8.15-5ubuntu3.6 No subscription required Medium CVE-2019-5882 Ubuntu 14.04 LTS Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. Update Instructions: Run `sudo pro fix USN-3863-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.19 apt-doc - 1.0.1ubuntu2.19 apt-transport-https - 1.0.1ubuntu2.19 libapt-pkg-doc - 1.0.1ubuntu2.19 apt - 1.0.1ubuntu2.19 apt-utils - 1.0.1ubuntu2.19 libapt-pkg-dev - 1.0.1ubuntu2.19 libapt-pkg4.12 - 1.0.1ubuntu2.19 No subscription required High CVE-2019-3462 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3864-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.10 libtiffxx5 - 4.0.3-7ubuntu0.10 libtiff5-dev - 4.0.3-7ubuntu0.10 libtiff4-dev - 4.0.3-7ubuntu0.10 libtiff5-alt-dev - 4.0.3-7ubuntu0.10 libtiff5 - 4.0.3-7ubuntu0.10 libtiff-tools - 4.0.3-7ubuntu0.10 libtiff-doc - 4.0.3-7ubuntu0.10 No subscription required Medium CVE-2018-10963 CVE-2018-17100 CVE-2018-17101 CVE-2018-18557 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905 Ubuntu 14.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20481, CVE-2018-20650) Update Instructions: Run `sudo pro fix USN-3865-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.15 libpoppler-qt5-1 - 0.24.5-2ubuntu4.15 libpoppler-cpp-dev - 0.24.5-2ubuntu4.15 libpoppler-cpp0 - 0.24.5-2ubuntu4.15 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.15 libpoppler-dev - 0.24.5-2ubuntu4.15 libpoppler-glib8 - 0.24.5-2ubuntu4.15 libpoppler-private-dev - 0.24.5-2ubuntu4.15 libpoppler-qt4-dev - 0.24.5-2ubuntu4.15 libpoppler-glib-dev - 0.24.5-2ubuntu4.15 libpoppler-qt4-4 - 0.24.5-2ubuntu4.15 libpoppler44 - 0.24.5-2ubuntu4.15 libpoppler-qt5-dev - 0.24.5-2ubuntu4.15 libpoppler-glib-doc - 0.24.5-2ubuntu4.15 No subscription required Medium CVE-2018-20481 CVE-2018-20650 Ubuntu 14.04 LTS Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.14.04.4 ghostscript-x - 9.26~dfsg+0-0ubuntu0.14.04.4 libgs-dev - 9.26~dfsg+0-0ubuntu0.14.04.4 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.14.04.4 libgs9 - 9.26~dfsg+0-0ubuntu0.14.04.4 libgs9-common - 9.26~dfsg+0-0ubuntu0.14.04.4 No subscription required High CVE-2019-6116 Ubuntu 14.04 LTS USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.14.04.5 ghostscript-x - 9.26~dfsg+0-0ubuntu0.14.04.5 libgs-dev - 9.26~dfsg+0-0ubuntu0.14.04.5 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.14.04.5 libgs9 - 9.26~dfsg+0-0ubuntu0.14.04.5 libgs9-common - 9.26~dfsg+0-0ubuntu0.14.04.5 No subscription required None https://launchpad.net/bugs/1815339 Ubuntu 14.04 LTS USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.14.04.7 ghostscript-x - 9.26~dfsg+0-0ubuntu0.14.04.7 libgs-dev - 9.26~dfsg+0-0ubuntu0.14.04.7 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.14.04.7 libgs9 - 9.26~dfsg+0-0ubuntu0.14.04.7 libgs9-common - 9.26~dfsg+0-0ubuntu0.14.04.7 No subscription required None https://launchpad.net/bugs/1817308 Ubuntu 14.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-br - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-be - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-si - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-kk - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:60.4.0+build2-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-de - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-da - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-testsuite - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-dev - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-el - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ms - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-et - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:60.4.0+build2-0ubuntu0.14.04.1 xul-ext-gdata-provider - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:60.4.0+build2-0ubuntu0.14.04.1 xul-ext-lightning - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-en - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-it - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-he - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-af - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-is - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-es - 1:60.4.0+build2-0ubuntu0.14.04.1 thunderbird-locale-id - 1:60.4.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Ubuntu 14.04 LTS Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.8 libspice-server1 - 0.12.4-0nocelt2ubuntu1.8 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.8 No subscription required High CVE-2019-3813 Ubuntu 14.04 LTS Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1037-azure - 4.15.0-1037.39~14.04.2 No subscription required linux-image-azure - 4.15.0.1037.24 No subscription required Medium CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10882 CVE-2018-10883 CVE-2018-14625 CVE-2018-16882 CVE-2018-17972 CVE-2018-18281 CVE-2018-19407 CVE-2018-9516 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505) It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Update Instructions: Run `sudo pro fix USN-3874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-nn - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ne - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-nb - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-fa - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-fi - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-fr - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-fy - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-or - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-kab - 65.0+build2-0ubuntu0.14.04.1 firefox-testsuite - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-oc - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-cs - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ga - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-gd - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-gn - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-gl - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-gu - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-pa - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-pl - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-cy - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-pt - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-hi - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-uk - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-he - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-hy - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-hr - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-hu - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-as - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ar - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ia - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-az - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-id - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-mai - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-af - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-is - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-it - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-an - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-bs - 65.0+build2-0ubuntu0.14.04.1 firefox - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ro - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ja - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ru - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-br - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-bn - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-be - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-bg - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-sl - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-sk - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-si - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-sw - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-sv - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-sr - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-sq - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ko - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-kn - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-km - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-kk - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ka - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-xh - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ca - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ku - 65.0+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-lv - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-lt - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-th - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 65.0+build2-0ubuntu0.14.04.1 firefox-dev - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-te - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-cak - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ta - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-lg - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-tr - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-nso - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-de - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-da - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ms - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-mr - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-my - 65.0+build2-0ubuntu0.14.04.1 firefox-globalmenu - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-uz - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ml - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-mn - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-mk - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ur - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-vi - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-eu - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-et - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-es - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-csb - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-el - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-eo - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-en - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-zu - 65.0+build2-0ubuntu0.14.04.1 firefox-locale-ast - 65.0+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 Ubuntu 14.04 LTS Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update Instructions: Run `sudo pro fix USN-3876-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavahi-compat-libdnssd-dev - 0.6.31-4ubuntu1.3 libavahi-ui-gtk3-0 - 0.6.31-4ubuntu1.3 libavahi-core7-udeb - 0.6.31-4ubuntu1.3 libavahi-qt4-1 - 0.6.31-4ubuntu1.3 libavahi-core7 - 0.6.31-4ubuntu1.3 libavahi-client3 - 0.6.31-4ubuntu1.3 libavahi-core-dev - 0.6.31-4ubuntu1.3 libavahi-client-dev - 0.6.31-4ubuntu1.3 avahi-ui-utils - 0.6.31-4ubuntu1.3 libavahi-gobject-dev - 0.6.31-4ubuntu1.3 avahi-dnsconfd - 0.6.31-4ubuntu1.3 libavahi-compat-libdnssd1 - 0.6.31-4ubuntu1.3 libavahi-common3 - 0.6.31-4ubuntu1.3 avahi-daemon - 0.6.31-4ubuntu1.3 avahi-discover - 0.6.31-4ubuntu1.3 libavahi-common-dev - 0.6.31-4ubuntu1.3 libavahi-common-data - 0.6.31-4ubuntu1.3 avahi-utils - 0.6.31-4ubuntu1.3 libavahi-common3-udeb - 0.6.31-4ubuntu1.3 libavahi-ui-gtk3-dev - 0.6.31-4ubuntu1.3 libavahi-glib-dev - 0.6.31-4ubuntu1.3 libavahi-ui-dev - 0.6.31-4ubuntu1.3 libavahi-qt4-dev - 0.6.31-4ubuntu1.3 libavahi-gobject0 - 0.6.31-4ubuntu1.3 avahi-autoipd - 0.6.31-4ubuntu1.3 python-avahi - 0.6.31-4ubuntu1.3 libavahi-glib1 - 0.6.31-4ubuntu1.3 libavahi-ui0 - 0.6.31-4ubuntu1.3 No subscription required Medium CVE-2017-6519 CVE-2018-1000845 Ubuntu 14.04 LTS It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linuxvnc - 0.9.9+dfsg-1ubuntu1.4 libvncserver0 - 0.9.9+dfsg-1ubuntu1.4 libvncserver-config - 0.9.9+dfsg-1ubuntu1.4 libvncserver-dev - 0.9.9+dfsg-1ubuntu1.4 No subscription required Medium CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-6307 Ubuntu 14.04 LTS USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Update Instructions: Run `sudo pro fix USN-3879-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1038-aws - 4.4.0-1038.41 No subscription required linux-image-4.4.0-142-generic-lpae - 4.4.0-142.168~14.04.1 linux-image-4.4.0-142-powerpc-e500mc - 4.4.0-142.168~14.04.1 linux-image-4.4.0-142-lowlatency - 4.4.0-142.168~14.04.1 linux-image-4.4.0-142-generic - 4.4.0-142.168~14.04.1 linux-image-4.4.0-142-powerpc64-smp - 4.4.0-142.168~14.04.1 linux-image-4.4.0-142-powerpc64-emb - 4.4.0-142.168~14.04.1 linux-image-4.4.0-142-powerpc-smp - 4.4.0-142.168~14.04.1 No subscription required linux-image-aws - 4.4.0.1038.38 No subscription required linux-image-powerpc-smp-lts-xenial - 4.4.0.142.122 linux-image-lowlatency-lts-xenial - 4.4.0.142.122 linux-image-powerpc64-smp-lts-xenial - 4.4.0.142.122 linux-image-generic-lpae-lts-xenial - 4.4.0.142.122 linux-image-powerpc64-emb-lts-xenial - 4.4.0.142.122 linux-image-generic-lts-xenial - 4.4.0.142.122 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.142.122 linux-image-virtual-lts-xenial - 4.4.0.142.122 No subscription required Medium CVE-2018-10883 CVE-2018-16862 CVE-2018-19407 CVE-2018-19824 CVE-2018-20169 Ubuntu 14.04 LTS It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service (client system crash). (CVE-2018-1066) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) It was discovered that the socket implementation in the Linux kernel contained a type confusion error that could lead to memory corruption. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9568) Update Instructions: Run `sudo pro fix USN-3880-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-165-powerpc-e500mc - 3.13.0-165.215 linux-image-3.13.0-165-generic - 3.13.0-165.215 linux-image-3.13.0-165-powerpc-smp - 3.13.0-165.215 linux-image-3.13.0-165-powerpc-e500 - 3.13.0-165.215 linux-image-3.13.0-165-powerpc64-smp - 3.13.0-165.215 linux-image-3.13.0-165-lowlatency - 3.13.0-165.215 linux-image-3.13.0-165-generic-lpae - 3.13.0-165.215 linux-image-3.13.0-165-powerpc64-emb - 3.13.0-165.215 No subscription required linux-image-lowlatency-pae - 3.13.0.165.175 linux-image-generic-pae - 3.13.0.165.175 linux-image-powerpc-e500mc - 3.13.0.165.175 linux-image-generic-lpae-lts-trusty - 3.13.0.165.175 linux-image-generic-lts-quantal - 3.13.0.165.175 linux-image-virtual - 3.13.0.165.175 linux-image-powerpc-e500 - 3.13.0.165.175 linux-image-generic-lts-trusty - 3.13.0.165.175 linux-image-omap - 3.13.0.165.175 linux-image-powerpc64-emb - 3.13.0.165.175 linux-image-generic - 3.13.0.165.175 linux-image-highbank - 3.13.0.165.175 linux-image-generic-lts-saucy - 3.13.0.165.175 linux-image-powerpc-smp - 3.13.0.165.175 linux-image-generic-lpae - 3.13.0.165.175 linux-image-generic-lpae-lts-saucy - 3.13.0.165.175 linux-image-generic-lts-raring - 3.13.0.165.175 linux-image-powerpc64-smp - 3.13.0.165.175 linux-image-lowlatency - 3.13.0.165.175 No subscription required Medium CVE-2018-1066 CVE-2018-17972 CVE-2018-18281 CVE-2018-9568 Ubuntu 14.04 LTS It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Update Instructions: Run `sudo pro fix USN-3881-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.5 dovecot-mysql - 1:2.2.9-1ubuntu2.5 dovecot-sieve - 1:2.2.9-1ubuntu2.5 dovecot-core - 1:2.2.9-1ubuntu2.5 dovecot-ldap - 1:2.2.9-1ubuntu2.5 dovecot-sqlite - 1:2.2.9-1ubuntu2.5 dovecot-dev - 1:2.2.9-1ubuntu2.5 dovecot-pop3d - 1:2.2.9-1ubuntu2.5 dovecot-imapd - 1:2.2.9-1ubuntu2.5 dovecot-managesieved - 1:2.2.9-1ubuntu2.5 mail-stack-delivery - 1:2.2.9-1ubuntu2.5 dovecot-gssapi - 1:2.2.9-1ubuntu2.5 dovecot-solr - 1:2.2.9-1ubuntu2.5 dovecot-lmtpd - 1:2.2.9-1ubuntu2.5 No subscription required Medium CVE-2019-3814 Ubuntu 14.04 LTS Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890) Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822) Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823) Update Instructions: Run `sudo pro fix USN-3882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20 libcurl3-gnutls - 7.35.0-1ubuntu2.20 libcurl3-udeb - 7.35.0-1ubuntu2.20 libcurl4-doc - 7.35.0-1ubuntu2.20 libcurl3-nss - 7.35.0-1ubuntu2.20 libcurl4-nss-dev - 7.35.0-1ubuntu2.20 libcurl3 - 7.35.0-1ubuntu2.20 curl - 7.35.0-1ubuntu2.20 No subscription required Medium CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Ubuntu 14.04 LTS It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2018-10119, CVE-2018-10120, CVE-2018-11790) It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. (CVE-2018-10583) Alex Inführ discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2018-16858) Update Instructions: Run `sudo pro fix USN-3883-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO4.2.8-0ubuntu5.5 No subscription required libreoffice-wiki-publisher - 1.1.2+LibO4.2.8-0ubuntu5.5 No subscription required libreoffice-presentation-minimizer - 1:4.2.8-0ubuntu5.5 libreoffice-impress - 1:4.2.8-0ubuntu5.5 libreoffice-officebean - 1:4.2.8-0ubuntu5.5 libreoffice-base - 1:4.2.8-0ubuntu5.5 libreoffice-librelogo - 1:4.2.8-0ubuntu5.5 libreoffice-java-common - 1:4.2.8-0ubuntu5.5 browser-plugin-libreoffice - 1:4.2.8-0ubuntu5.5 libreoffice-subsequentcheckbase - 1:4.2.8-0ubuntu5.5 libreoffice-style-tango - 1:4.2.8-0ubuntu5.5 libreoffice-sdbc-postgresql - 1:4.2.8-0ubuntu5.5 libreoffice-style-crystal - 1:4.2.8-0ubuntu5.5 libreoffice-kde - 1:4.2.8-0ubuntu5.5 libreoffice-l10n-ku - 1:4.2.8-0ubuntu5.5 libreoffice-style-galaxy - 1:4.2.8-0ubuntu5.5 libreoffice-style-hicontrast - 1:4.2.8-0ubuntu5.5 libreoffice-core - 1:4.2.8-0ubuntu5.5 libreoffice-presenter-console - 1:4.2.8-0ubuntu5.5 libreoffice-script-provider-bsh - 1:4.2.8-0ubuntu5.5 libreoffice-avmedia-backend-gstreamer - 1:4.2.8-0ubuntu5.5 libreoffice-script-provider-python - 1:4.2.8-0ubuntu5.5 libreoffice-common - 1:4.2.8-0ubuntu5.5 libreoffice-gnome - 1:4.2.8-0ubuntu5.5 libreoffice-dev - 1:4.2.8-0ubuntu5.5 libreoffice-gtk3 - 1:4.2.8-0ubuntu5.5 libreoffice-report-builder - 1:4.2.8-0ubuntu5.5 libreoffice-base-core - 1:4.2.8-0ubuntu5.5 libreoffice-draw - 1:4.2.8-0ubuntu5.5 libreoffice-ogltrans - 1:4.2.8-0ubuntu5.5 libreoffice-sdbc-hsqldb - 1:4.2.8-0ubuntu5.5 libreoffice-gtk - 1:4.2.8-0ubuntu5.5 libreoffice-calc - 1:4.2.8-0ubuntu5.5 libreoffice-base-drivers - 1:4.2.8-0ubuntu5.5 libreoffice-style-oxygen - 1:4.2.8-0ubuntu5.5 libreoffice-emailmerge - 1:4.2.8-0ubuntu5.5 libreoffice-style-human - 1:4.2.8-0ubuntu5.5 libreoffice-sdbc-firebird - 1:4.2.8-0ubuntu5.5 libreoffice-pdfimport - 1:4.2.8-0ubuntu5.5 libreoffice-math - 1:4.2.8-0ubuntu5.5 libreoffice-writer - 1:4.2.8-0ubuntu5.5 libreoffice-report-builder-bin - 1:4.2.8-0ubuntu5.5 libreoffice-script-provider-js - 1:4.2.8-0ubuntu5.5 libreoffice - 1:4.2.8-0ubuntu5.5 libreoffice-style-sifr - 1:4.2.8-0ubuntu5.5 libreoffice-dev-doc - 1:4.2.8-0ubuntu5.5 libreoffice-l10n-in - 1:4.2.8-0ubuntu5.5 libreoffice-l10n-za - 1:4.2.8-0ubuntu5.5 python3-uno - 1:4.2.8-0ubuntu5.5 No subscription required openoffice.org-dtd-officedocument1.0 - 2:1.0+LibO4.2.8-0ubuntu5.5 No subscription required fonts-opensymbol - 2:102.6+LibO4.2.8-0ubuntu5.5 No subscription required uno-libs3 - 4.2.8-0ubuntu5.5 ure - 4.2.8-0ubuntu5.5 No subscription required Medium CVE-2018-10119 CVE-2018-10120 CVE-2018-10583 CVE-2018-11790 CVE-2018-16858 Ubuntu 14.04 LTS It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1000019, CVE-2019-1000020) Update Instructions: Run `sudo pro fix USN-3884-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.8 libarchive13 - 3.1.2-7ubuntu2.8 bsdtar - 3.1.2-7ubuntu2.8 libarchive-dev - 3.1.2-7ubuntu2.8 No subscription required Medium CVE-2019-1000019 CVE-2019-1000020 Ubuntu 14.04 LTS Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update Instructions: Run `sudo pro fix USN-3885-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.12 openssh-client - 1:6.6p1-2ubuntu2.12 openssh-server - 1:6.6p1-2ubuntu2.12 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.12 ssh - 1:6.6p1-2ubuntu2.12 ssh-krb5 - 1:6.6p1-2ubuntu2.12 openssh-client-udeb - 1:6.6p1-2ubuntu2.12 openssh-sftp-server - 1:6.6p1-2ubuntu2.12 No subscription required Medium CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Ubuntu 14.04 LTS USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update Instructions: Run `sudo pro fix USN-3885-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:6.6p1-2ubuntu2.13 openssh-client - 1:6.6p1-2ubuntu2.13 openssh-server - 1:6.6p1-2ubuntu2.13 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.13 ssh - 1:6.6p1-2ubuntu2.13 ssh-krb5 - 1:6.6p1-2ubuntu2.13 openssh-client-udeb - 1:6.6p1-2ubuntu2.13 openssh-sftp-server - 1:6.6p1-2ubuntu2.13 No subscription required Low CVE-2019-6111 Ubuntu 14.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20551, CVE-2019-7310) Update Instructions: Run `sudo pro fix USN-3886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.16 libpoppler-qt5-1 - 0.24.5-2ubuntu4.16 libpoppler-cpp-dev - 0.24.5-2ubuntu4.16 libpoppler-cpp0 - 0.24.5-2ubuntu4.16 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.16 libpoppler-dev - 0.24.5-2ubuntu4.16 libpoppler-glib8 - 0.24.5-2ubuntu4.16 libpoppler-private-dev - 0.24.5-2ubuntu4.16 libpoppler-qt4-dev - 0.24.5-2ubuntu4.16 libpoppler-glib-dev - 0.24.5-2ubuntu4.16 libpoppler-qt4-4 - 0.24.5-2ubuntu4.16 libpoppler44 - 0.24.5-2ubuntu4.16 libpoppler-qt5-dev - 0.24.5-2ubuntu4.16 libpoppler-glib-doc - 0.24.5-2ubuntu4.16 No subscription required Medium CVE-2018-20551 CVE-2019-7310 Ubuntu 14.04 LTS Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected. Update Instructions: Run `sudo pro fix USN-3887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.34.2~14.04.1 ubuntu-core-launcher - 2.34.2~14.04.1 snap-confine - 2.34.2~14.04.1 ubuntu-snappy-cli - 2.34.2~14.04.1 golang-github-snapcore-snapd-dev - 2.34.2~14.04.1 snapd-xdg-open - 2.34.2~14.04.1 snapd - 2.34.2~14.04.1 golang-github-ubuntu-core-snappy-dev - 2.34.2~14.04.1 ubuntu-snappy - 2.34.2~14.04.1 No subscription required High CVE-2019-7304 https://launchpad.net/bugs/1813365 Ubuntu 14.04 LTS Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2018-5745) It was discovered that Bind incorrectly handled certain controls for zone transfers, contrary to expectations. (CVE-2019-6465) Update Instructions: Run `sudo pro fix USN-3893-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19 host - 1:9.9.5.dfsg-3ubuntu0.19 lwresd - 1:9.9.5.dfsg-3ubuntu0.19 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19 bind9 - 1:9.9.5.dfsg-3ubuntu0.19 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19 No subscription required Medium CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 Ubuntu 14.04 LTS It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials. Update Instructions: Run `sudo pro fix USN-3894-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnome-keyring - 3.10.1-1ubuntu4.4 libpam-gnome-keyring - 3.10.1-1ubuntu4.4 libp11-kit-gnome-keyring - 3.10.1-1ubuntu4.4 No subscription required Medium CVE-2018-20781 Ubuntu 14.04 LTS It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldb-tools - 1:1.1.24-0ubuntu0.14.04.2 libldb-dev - 1:1.1.24-0ubuntu0.14.04.2 python-ldb-dev - 1:1.1.24-0ubuntu0.14.04.2 python-ldb - 1:1.1.24-0ubuntu0.14.04.2 libldb1 - 1:1.1.24-0ubuntu0.14.04.2 No subscription required Medium CVE-2019-3824 Ubuntu 14.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nn - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ne - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nb - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fa - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fi - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fr - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-fy - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-or - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kab - 65.0.1+build2-0ubuntu0.14.04.1 firefox-testsuite - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-oc - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cs - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ga - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gd - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gn - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gl - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-gu - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pa - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pl - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cy - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-pt - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hi - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uk - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-he - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hy - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hr - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hu - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-as - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ar - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ia - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-az - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-id - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mai - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-af - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-is - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-it - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-an - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bs - 65.0.1+build2-0ubuntu0.14.04.1 firefox - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ro - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ja - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ru - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-br - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hant - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zh-hans - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bn - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-be - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-bg - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sl - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sk - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-si - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sw - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sv - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sr - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-sq - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ko - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kn - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-km - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-kk - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ka - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-xh - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ca - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ku - 65.0.1+build2-0ubuntu0.14.04.1 firefox-mozsymbols - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lv - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lt - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-th - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-hsb - 65.0.1+build2-0ubuntu0.14.04.1 firefox-dev - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-te - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-cak - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ta - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-lg - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-csb - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-tr - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-nso - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-de - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-da - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ms - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mr - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-my - 65.0.1+build2-0ubuntu0.14.04.1 firefox-globalmenu - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-uz - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ml - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mn - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-mk - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ur - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eu - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-et - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-es - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-vi - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-el - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-eo - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-en - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-zu - 65.0.1+build2-0ubuntu0.14.04.1 firefox-locale-ast - 65.0.1+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-18356 CVE-2018-18511 CVE-2019-5785 Ubuntu 14.04 LTS A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18501, CVE-2018-18505) An issue was discovered with S/MIME signature verification in some circumstances. An attacker could potentially exploit this by spoofing signatures for arbitrary content. (CVE-2018-18509) Update Instructions: Run `sudo pro fix USN-3897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-br - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-be - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-si - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-kk - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:60.5.1+build2-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-de - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-da - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-testsuite - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-dev - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-el - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ms - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-et - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:60.5.1+build2-0ubuntu0.14.04.1 xul-ext-gdata-provider - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:60.5.1+build2-0ubuntu0.14.04.1 xul-ext-lightning - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-it - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-he - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-af - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-is - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es - 1:60.5.1+build2-0ubuntu0.14.04.1 thunderbird-locale-id - 1:60.5.1+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2016-5824 CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2019-5785 Ubuntu 14.04 LTS Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5 libnss3 - 2:3.28.4-0ubuntu0.14.04.5 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5 No subscription required Medium CVE-2018-18508 Ubuntu 14.04 LTS It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.11 libgd-dev - 2.1.0-3ubuntu0.11 libgd2-xpm-dev - 2.1.0-3ubuntu0.11 libgd-tools - 2.1.0-3ubuntu0.11 libgd2-noxpm-dev - 2.1.0-3ubuntu0.11 No subscription required Medium CVE-2019-6977 CVE-2019-6978 Ubuntu 14.04 LTS USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Update Instructions: Run `sudo pro fix USN-3901-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1040-azure - 4.15.0-1040.44~14.04.1 No subscription required linux-image-azure - 4.15.0.1040.27 No subscription required Medium CVE-2018-18397 CVE-2018-19854 CVE-2019-6133 Ubuntu 14.04 LTS It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024) It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9021) It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-9022) It was discovered that PHP incorrectly handled mbstring regular expressions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9023) Update Instructions: Run `sudo pro fix USN-3902-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.27 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.27 php5-curl - 5.5.9+dfsg-1ubuntu4.27 php5-intl - 5.5.9+dfsg-1ubuntu4.27 php5-snmp - 5.5.9+dfsg-1ubuntu4.27 php5-mysql - 5.5.9+dfsg-1ubuntu4.27 php5-odbc - 5.5.9+dfsg-1ubuntu4.27 php5-xsl - 5.5.9+dfsg-1ubuntu4.27 php5-gd - 5.5.9+dfsg-1ubuntu4.27 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.27 php5-tidy - 5.5.9+dfsg-1ubuntu4.27 php5-dev - 5.5.9+dfsg-1ubuntu4.27 php5-pgsql - 5.5.9+dfsg-1ubuntu4.27 php5-enchant - 5.5.9+dfsg-1ubuntu4.27 php5-readline - 5.5.9+dfsg-1ubuntu4.27 php5-gmp - 5.5.9+dfsg-1ubuntu4.27 php5-fpm - 5.5.9+dfsg-1ubuntu4.27 php5-cgi - 5.5.9+dfsg-1ubuntu4.27 php5-sqlite - 5.5.9+dfsg-1ubuntu4.27 php5-ldap - 5.5.9+dfsg-1ubuntu4.27 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.27 php5 - 5.5.9+dfsg-1ubuntu4.27 php5-cli - 5.5.9+dfsg-1ubuntu4.27 php-pear - 5.5.9+dfsg-1ubuntu4.27 php5-sybase - 5.5.9+dfsg-1ubuntu4.27 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.27 php5-pspell - 5.5.9+dfsg-1ubuntu4.27 php5-common - 5.5.9+dfsg-1ubuntu4.27 libphp5-embed - 5.5.9+dfsg-1ubuntu4.27 No subscription required Medium CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 Ubuntu 14.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: poppler-utils - 0.24.5-2ubuntu4.17 libpoppler-qt5-1 - 0.24.5-2ubuntu4.17 libpoppler-cpp-dev - 0.24.5-2ubuntu4.17 libpoppler-cpp0 - 0.24.5-2ubuntu4.17 gir1.2-poppler-0.18 - 0.24.5-2ubuntu4.17 libpoppler-dev - 0.24.5-2ubuntu4.17 libpoppler-glib8 - 0.24.5-2ubuntu4.17 libpoppler-private-dev - 0.24.5-2ubuntu4.17 libpoppler-qt4-dev - 0.24.5-2ubuntu4.17 libpoppler-glib-dev - 0.24.5-2ubuntu4.17 libpoppler-qt4-4 - 0.24.5-2ubuntu4.17 libpoppler44 - 0.24.5-2ubuntu4.17 libpoppler-qt5-dev - 0.24.5-2ubuntu4.17 libpoppler-glib-doc - 0.24.5-2ubuntu4.17 No subscription required Medium CVE-2019-9200 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3906-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11 libtiffxx5 - 4.0.3-7ubuntu0.11 libtiff5-dev - 4.0.3-7ubuntu0.11 libtiff4-dev - 4.0.3-7ubuntu0.11 libtiff5-alt-dev - 4.0.3-7ubuntu0.11 libtiff5 - 4.0.3-7ubuntu0.11 libtiff-tools - 4.0.3-7ubuntu0.11 libtiff-doc - 4.0.3-7ubuntu0.11 No subscription required Medium CVE-2018-10779 CVE-2018-12900 CVE-2018-17000 CVE-2018-19210 CVE-2019-6128 CVE-2019-7663 Ubuntu 14.04 LTS It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file. Update Instructions: Run `sudo pro fix USN-3907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: walinuxagent - 2.2.32-0ubuntu1~14.04.2 No subscription required Medium CVE-2019-0804 Ubuntu 14.04 LTS Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. Update Instructions: Run `sudo pro fix USN-3908-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-166-powerpc64-smp - 3.13.0-166.216 linux-image-3.13.0-166-powerpc-smp - 3.13.0-166.216 linux-image-3.13.0-166-powerpc-e500 - 3.13.0-166.216 linux-image-3.13.0-166-generic - 3.13.0-166.216 linux-image-3.13.0-166-powerpc64-emb - 3.13.0-166.216 linux-image-3.13.0-166-generic-lpae - 3.13.0-166.216 linux-image-3.13.0-166-lowlatency - 3.13.0-166.216 linux-image-3.13.0-166-powerpc-e500mc - 3.13.0-166.216 No subscription required linux-image-lowlatency-pae - 3.13.0.166.177 linux-image-generic-pae - 3.13.0.166.177 linux-image-powerpc-e500mc - 3.13.0.166.177 linux-image-generic-lpae-lts-trusty - 3.13.0.166.177 linux-image-generic-lts-quantal - 3.13.0.166.177 linux-image-virtual - 3.13.0.166.177 linux-image-powerpc-e500 - 3.13.0.166.177 linux-image-generic-lts-trusty - 3.13.0.166.177 linux-image-omap - 3.13.0.166.177 linux-image-powerpc64-emb - 3.13.0.166.177 linux-image-generic - 3.13.0.166.177 linux-image-highbank - 3.13.0.166.177 linux-image-generic-lts-saucy - 3.13.0.166.177 linux-image-powerpc-smp - 3.13.0.166.177 linux-image-generic-lpae - 3.13.0.166.177 linux-image-generic-lpae-lts-saucy - 3.13.0.166.177 linux-image-generic-lts-raring - 3.13.0.166.177 linux-image-powerpc64-smp - 3.13.0.166.177 linux-image-lowlatency - 3.13.0.166.177 No subscription required Medium CVE-2019-6133 Ubuntu 14.04 LTS USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) It was discovered that multiple integer overflows existed in the hugetlbfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7740) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Update Instructions: Run `sudo pro fix USN-3910-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1039-aws - 4.4.0-1039.42 No subscription required linux-image-4.4.0-143-generic - 4.4.0-143.169~14.04.2 linux-image-4.4.0-143-powerpc-smp - 4.4.0-143.169~14.04.2 linux-image-4.4.0-143-powerpc-e500mc - 4.4.0-143.169~14.04.2 linux-image-4.4.0-143-lowlatency - 4.4.0-143.169~14.04.2 linux-image-4.4.0-143-generic-lpae - 4.4.0-143.169~14.04.2 linux-image-4.4.0-143-powerpc64-smp - 4.4.0-143.169~14.04.2 linux-image-4.4.0-143-powerpc64-emb - 4.4.0-143.169~14.04.2 No subscription required linux-image-aws - 4.4.0.1039.40 No subscription required linux-image-powerpc-smp-lts-xenial - 4.4.0.143.125 linux-image-generic-lpae-lts-xenial - 4.4.0.143.125 linux-image-lowlatency-lts-xenial - 4.4.0.143.125 linux-image-generic-lts-xenial - 4.4.0.143.125 linux-image-powerpc64-smp-lts-xenial - 4.4.0.143.125 linux-image-powerpc64-emb-lts-xenial - 4.4.0.143.125 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.143.125 linux-image-virtual-lts-xenial - 4.4.0.143.125 No subscription required Medium CVE-2017-18241 CVE-2018-1120 CVE-2018-19985 CVE-2018-7740 CVE-2019-6133 Ubuntu 14.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3915-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.14.04.8 ghostscript-x - 9.26~dfsg+0-0ubuntu0.14.04.8 libgs-dev - 9.26~dfsg+0-0ubuntu0.14.04.8 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.14.04.8 libgs9 - 9.26~dfsg+0-0ubuntu0.14.04.8 libgs9-common - 9.26~dfsg+0-0ubuntu0.14.04.8 No subscription required Medium CVE-2019-3835 CVE-2019-3838 Ubuntu 14.04 LTS The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl() system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected. Update Instructions: Run `sudo pro fix USN-3917-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.37.4~14.04.1 ubuntu-core-launcher - 2.37.4~14.04.1 snap-confine - 2.37.4~14.04.1 ubuntu-snappy-cli - 2.37.4~14.04.1 golang-github-snapcore-snapd-dev - 2.37.4~14.04.1 snapd-xdg-open - 2.37.4~14.04.1 snapd - 2.37.4~14.04.1 golang-github-ubuntu-core-snappy-dev - 2.37.4~14.04.1 ubuntu-snappy - 2.37.4~14.04.1 No subscription required Medium CVE-2019-7303 https://launchpad.net/bugs/1812973 Ubuntu 14.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ne - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kab - 66.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ia - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 66.0.1+build1-0ubuntu0.14.04.1 firefox - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 66.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 66.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cak - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-my - 66.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uz - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ur - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 66.0.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-9803 CVE-2019-9805 CVE-2019-9806 CVE-2019-9807 CVE-2019-9808 CVE-2019-9809 Ubuntu 14.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nn - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ne - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nb - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fa - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fi - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fr - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-fy - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-or - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kab - 66.0.2+build1-0ubuntu0.14.04.1 firefox-testsuite - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-oc - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cs - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ga - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gd - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gn - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gl - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-gu - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pa - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pl - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cy - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-pt - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hi - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uk - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-he - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hy - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hr - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hu - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-as - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ar - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ia - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-az - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-id - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mai - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-af - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-is - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-it - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-an - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bs - 66.0.2+build1-0ubuntu0.14.04.1 firefox - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ro - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ja - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ru - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-br - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bn - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-be - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-bg - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sl - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sk - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-si - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sw - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sv - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sr - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-sq - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ko - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kn - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-km - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-kk - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ka - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-xh - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ca - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ku - 66.0.2+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lv - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lt - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-th - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 66.0.2+build1-0ubuntu0.14.04.1 firefox-dev - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-te - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-cak - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ta - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-lg - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-tr - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-nso - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-de - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-da - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ms - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mr - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-my - 66.0.2+build1-0ubuntu0.14.04.1 firefox-globalmenu - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-uz - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ml - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mn - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-mk - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ur - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-vi - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eu - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-et - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-es - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-csb - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-el - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-eo - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-en - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-zu - 66.0.2+build1-0ubuntu0.14.04.1 firefox-locale-ast - 66.0.2+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1822185 Ubuntu 14.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nn - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ne - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nb - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fa - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fi - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fr - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-fy - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-or - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kab - 66.0.3+build1-0ubuntu0.14.04.1 firefox-testsuite - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-oc - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cs - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ga - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gd - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gn - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gl - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-gu - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pa - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pl - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cy - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-pt - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hi - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uk - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-he - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hy - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hr - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hu - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-as - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ar - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ia - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-az - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-id - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mai - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-af - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-is - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-it - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-an - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bs - 66.0.3+build1-0ubuntu0.14.04.1 firefox - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ro - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ja - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ru - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-br - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bn - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-be - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-bg - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sl - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sk - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-si - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sw - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sv - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sr - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-sq - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ko - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kn - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-km - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-kk - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ka - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-xh - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ca - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ku - 66.0.3+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lv - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lt - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-th - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 66.0.3+build1-0ubuntu0.14.04.1 firefox-dev - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-te - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-cak - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ta - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-lg - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-tr - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-nso - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-de - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-da - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ms - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mr - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-my - 66.0.3+build1-0ubuntu0.14.04.1 firefox-globalmenu - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-uz - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ml - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mn - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-mk - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ur - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-vi - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eu - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-et - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-es - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-csb - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-el - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-eo - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-en - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-zu - 66.0.3+build1-0ubuntu0.14.04.1 firefox-locale-ast - 66.0.3+build1-0ubuntu0.14.04.1 No subscription required None https://launchpad.net/bugs/1825051 Ubuntu 14.04 LTS Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update Instructions: Run `sudo pro fix USN-3919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ne - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nb - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fa - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fi - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-fy - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-or - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kab - 66.0.1+build1-0ubuntu0.14.04.1 firefox-testsuite - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-oc - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cs - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ga - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gd - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-gu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pa - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cy - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-pt - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hi - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-he - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hy - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-as - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ar - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ia - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-az - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-id - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mai - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-af - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-is - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-it - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-an - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bs - 66.0.1+build1-0ubuntu0.14.04.1 firefox - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ro - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ja - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ru - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-br - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hant - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zh-hans - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-be - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-bg - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sl - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-si - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sw - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sv - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-sq - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ko - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-km - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-kk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ka - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-xh - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ca - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ku - 66.0.1+build1-0ubuntu0.14.04.1 firefox-mozsymbols - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lv - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lt - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-th - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-hsb - 66.0.1+build1-0ubuntu0.14.04.1 firefox-dev - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-te - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-cak - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ta - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-lg - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-csb - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-tr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-nso - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-de - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-da - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ms - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mr - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-my - 66.0.1+build1-0ubuntu0.14.04.1 firefox-globalmenu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-uz - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ml - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mn - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-mk - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ur - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-et - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-es - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-vi - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-el - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-eo - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-en - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-zu - 66.0.1+build1-0ubuntu0.14.04.1 firefox-locale-ast - 66.0.1+build1-0ubuntu0.14.04.1 No subscription required Medium CVE-2019-9810 CVE-2019-9813 Ubuntu 14.04 LTS It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmltooling-schemas - 1.5.3-2+deb8u3ubuntu0.1 libxmltooling6 - 1.5.3-2+deb8u3ubuntu0.1 libxmltooling-doc - 1.5.3-2+deb8u3ubuntu0.1 libxmltooling-dev - 1.5.3-2+deb8u3ubuntu0.1 No subscription required Medium CVE-2019-9628 Ubuntu 14.04 LTS USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-9022) It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-9675) Original advisory details: It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641) Update Instructions: Run `sudo pro fix USN-3922-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29 php5-cgi - 5.5.9+dfsg-1ubuntu4.29 php5-enchant - 5.5.9+dfsg-1ubuntu4.29 php5-intl - 5.5.9+dfsg-1ubuntu4.29 php5-snmp - 5.5.9+dfsg-1ubuntu4.29 php5-mysql - 5.5.9+dfsg-1ubuntu4.29 php5-odbc - 5.5.9+dfsg-1ubuntu4.29 php5-xsl - 5.5.9+dfsg-1ubuntu4.29 php5-gd - 5.5.9+dfsg-1ubuntu4.29 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29 php5-tidy - 5.5.9+dfsg-1ubuntu4.29 php5-dev - 5.5.9+dfsg-1ubuntu4.29 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29 php5-curl - 5.5.9+dfsg-1ubuntu4.29 php5 - 5.5.9+dfsg-1ubuntu4.29 php5-gmp - 5.5.9+dfsg-1ubuntu4.29 php5-fpm - 5.5.9+dfsg-1ubuntu4.29 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29 php5-ldap - 5.5.9+dfsg-1ubuntu4.29 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29 php5-readline - 5.5.9+dfsg-1ubuntu4.29 php5-cli - 5.5.9+dfsg-1ubuntu4.29 php-pear - 5.5.9+dfsg-1ubuntu4.29 php5-sybase - 5.5.9+dfsg-1ubuntu4.29 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29 php5-pspell - 5.5.9+dfsg-1ubuntu4.29 php5-common - 5.5.9+dfsg-1ubuntu4.29 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29 No subscription required Medium CVE-2019-9022 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 Ubuntu 14.04 LTS Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. (CVE-2018-16867) Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16872) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19489) Li Quang and Saar Amar discovered multiple issues in the QEMU PVRDMA device. An attacker inside the guest could use these issues to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. These issues were resolved by disabling PVRDMA support in Ubuntu 18.10. (CVE-2018-20123, CVE-2018-20124, CVE-2018-20125, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216) Michael Hanselmann discovered that QEMU incorrectly handled certain i2c commands. A local attacker could possibly use this issue to read QEMU process memory. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-3812) It was discovered that QEMU incorrectly handled the Slirp networking back-end. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2019-6778) Update Instructions: Run `sudo pro fix USN-3923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.45 qemu-user-static - 2.0.0+dfsg-2ubuntu1.45 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.45 qemu - 2.0.0+dfsg-2ubuntu1.45 qemu-kvm - 2.0.0+dfsg-2ubuntu1.45 qemu-user - 2.0.0+dfsg-2ubuntu1.45 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.45 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.45 qemu-system - 2.0.0+dfsg-2ubuntu1.45 qemu-utils - 2.0.0+dfsg-2ubuntu1.45 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.45 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.45 qemu-common - 2.0.0+dfsg-2ubuntu1.45 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.45 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.45 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.45 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.45 No subscription required Medium CVE-2018-16867 CVE-2018-16872 CVE-2018-19489 CVE-2018-20123 CVE-2018-20124 CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216 CVE-2019-3812 CVE-2019-6778 Ubuntu 14.04 LTS It was discovered that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution. Update Instructions: Run `sudo pro fix USN-3925-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeimage3 - 3.15.4-3ubuntu0.1 libfreeimage-dev - 3.15.4-3ubuntu0.1 No subscription required Medium CVE-2016-5684 Ubuntu 14.04 LTS It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website in a browsing context with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) Update Instructions: Run `sudo pro fix USN-3927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bn - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fr - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en-us - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es-es - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nb-no - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-br - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-dsb - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fy - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-kab - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-mk - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bn-bd - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hu - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es-ar - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-be - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-bg - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ja - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-lt - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sl - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en-gb - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sv-se - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-si - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-gnome-support - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hr - 1:60.6.1+build2-0ubuntu0.14.04.1 xul-ext-calendar-timezones - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-de - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-en - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-da - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nl - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nn - 1:60.6.1+build2-0ubuntu0.14.04.1 xul-ext-lightning - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ga-ie - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fy-nl - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sv - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pa-in - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-it - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sr - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sq - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-he - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hsb - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-kk - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ar - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-uk - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-globalmenu - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-cn - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ta-lk - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ru - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-cs - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-mozsymbols - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-fi - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ro - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-af - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-pt - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-sk - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-dev - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-cy - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-hy - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ca - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt-br - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-el - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nn-no - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pa - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-rm - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ms - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-gl - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ko - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ga - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ast - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-tr - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-vi - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pl - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-gd - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-tw - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-id - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ka - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-nb - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-pt - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-eu - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-et - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hant - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-zh-hans - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-is - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-es - 1:60.6.1+build2-0ubuntu0.14.04.1 thunderbird-locale-ta - 1:60.6.1+build2-0ubuntu0.14.04.1 No subscription required Medium CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 Ubuntu 14.04 LTS It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.6 dovecot-mysql - 1:2.2.9-1ubuntu2.6 dovecot-sieve - 1:2.2.9-1ubuntu2.6 dovecot-core - 1:2.2.9-1ubuntu2.6 dovecot-ldap - 1:2.2.9-1ubuntu2.6 dovecot-sqlite - 1:2.2.9-1ubuntu2.6 dovecot-dev - 1:2.2.9-1ubuntu2.6 dovecot-pop3d - 1:2.2.9-1ubuntu2.6 dovecot-imapd - 1:2.2.9-1ubuntu2.6 dovecot-managesieved - 1:2.2.9-1ubuntu2.6 mail-stack-delivery - 1:2.2.9-1ubuntu2.6 dovecot-gssapi - 1:2.2.9-1ubuntu2.6 dovecot-solr - 1:2.2.9-1ubuntu2.6 dovecot-lmtpd - 1:2.2.9-1ubuntu2.6 No subscription required Medium CVE-2019-7524 Ubuntu 14.04 LTS It was discovered that Firebird incorrectly handled certain malformed packets. A remote attacker could possibly use this issue with a specially crafted network packet to cause Firebird to crash, resulting in a denial of service. (CVE-2014-9323) It was discovered that Firebird incorrectly handled certain UDF libraries. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-6369) Update Instructions: Run `sudo pro fix USN-3929-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firebird2.5-doc - 2.5.2.26540.ds4-9ubuntu1.1 libfbclient2 - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-classic-common - 2.5.2.26540.ds4-9ubuntu1.1 libfbembed2.5 - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-server-common - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-common - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-classic - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-common-doc - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-superclassic - 2.5.2.26540.ds4-9ubuntu1.1 libib-util - 2.5.2.26540.ds4-9ubuntu1.1 firebird-dev - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-examples - 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-super - 2.5.2.26540.ds4-9ubuntu1.1 No subscription required Medium CVE-2014-9323 CVE-2017-6369 Ubuntu 14.04 LTS USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Update Instructions: Run `sudo pro fix USN-3931-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1041-azure - 4.15.0-1041.45~14.04.1 No subscription required linux-image-azure - 4.15.0.1041.28 No subscription required Medium CVE-2018-14678 CVE-2018-18021 CVE-2018-19824 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 Ubuntu 14.04 LTS USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-3932-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1040-aws - 4.4.0-1040.43 No subscription required linux-image-4.4.0-144-lowlatency - 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc-e500mc - 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc64-emb - 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-generic - 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc-smp - 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-generic-lpae - 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc64-smp - 4.4.0-144.170~14.04.1 No subscription required linux-image-aws - 4.4.0.1040.41 No subscription required linux-image-powerpc-smp-lts-xenial - 4.4.0.144.127 linux-image-lowlatency-lts-xenial - 4.4.0.144.127 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.144.127 linux-image-generic-lpae-lts-xenial - 4.4.0.144.127 linux-image-powerpc64-smp-lts-xenial - 4.4.0.144.127 linux-image-powerpc64-emb-lts-xenial - 4.4.0.144.127 linux-image-generic-lts-xenial - 4.4.0.144.127 linux-image-virtual-lts-xenial - 4.4.0.144.127 No subscription required Medium CVE-2017-18249 CVE-2018-13097 CVE-2018-13099 CVE-2018-13100 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14616 CVE-2018-16884 CVE-2018-9517 CVE-2019-3459 CVE-2019-3460 CVE-2019-3701 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 Ubuntu 14.04 LTS It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information (kernel memory). (CVE-2017-1000410) It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18360) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Update Instructions: Run `sudo pro fix USN-3933-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-168-powerpc64-emb - 3.13.0-168.218 linux-image-3.13.0-168-powerpc-e500 - 3.13.0-168.218 linux-image-3.13.0-168-generic - 3.13.0-168.218 linux-image-3.13.0-168-powerpc64-smp - 3.13.0-168.218 linux-image-3.13.0-168-powerpc-e500mc - 3.13.0-168.218 linux-image-3.13.0-168-generic-lpae - 3.13.0-168.218 linux-image-3.13.0-168-powerpc-smp - 3.13.0-168.218 linux-image-3.13.0-168-lowlatency - 3.13.0-168.218 No subscription required linux-image-powerpc-e500mc - 3.13.0.168.179 linux-image-generic-pae - 3.13.0.168.179 linux-image-generic-lpae-lts-trusty - 3.13.0.168.179 linux-image-generic-lts-quantal - 3.13.0.168.179 linux-image-lowlatency-pae - 3.13.0.168.179 linux-image-virtual - 3.13.0.168.179 linux-image-powerpc-e500 - 3.13.0.168.179 linux-image-generic-lts-trusty - 3.13.0.168.179 linux-image-omap - 3.13.0.168.179 linux-image-powerpc64-emb - 3.13.0.168.179 linux-image-generic - 3.13.0.168.179 linux-image-highbank - 3.13.0.168.179 linux-image-generic-lts-saucy - 3.13.0.168.179 linux-image-powerpc-smp - 3.13.0.168.179 linux-image-generic-lpae - 3.13.0.168.179 linux-image-generic-lpae-lts-saucy - 3.13.0.168.179 linux-image-generic-lts-raring - 3.13.0.168.179 linux-image-powerpc64-smp - 3.13.0.168.179 linux-image-lowlatency - 3.13.0.168.179 No subscription required Medium CVE-2017-1000410 CVE-2017-18360 CVE-2018-19824 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7222 CVE-2019-9213 Ubuntu 14.04 LTS It was discovered that PolicyKit incorrectly relied on the fork() system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Update Instructions: Run `sudo pro fix USN-3934-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-4ubuntu3.14.04.6 policykit-1-doc - 0.105-4ubuntu3.14.04.6 libpolkit-gobject-1-dev - 0.105-4ubuntu3.14.04.6 libpolkit-agent-1-0 - 0.105-4ubuntu3.14.04.6 libpolkit-gobject-1-0 - 0.105-4ubuntu3.14.04.6 policykit-1 - 0.105-4ubuntu3.14.04.6 gir1.2-polkit-1.0 - 0.105-4ubuntu3.14.04.6 libpolkit-backend-1-dev - 0.105-4ubuntu3.14.04.6 libpolkit-agent-1-dev - 0.105-4ubuntu3.14.04.6 No subscription required Medium CVE-2019-6133 Ubuntu 14.04 LTS Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325) Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645) It was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261) Nico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147) Nico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148) It was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873) It was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544) It was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517) It was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747) Update Instructions: Run `sudo pro fix USN-3935-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.21.0-1ubuntu1.4 udhcpc - 1:1.21.0-1ubuntu1.4 busybox-syslogd - 1:1.21.0-1ubuntu1.4 udhcpd - 1:1.21.0-1ubuntu1.4 busybox-initramfs - 1:1.21.0-1ubuntu1.4 busybox-udeb - 1:1.21.0-1ubuntu1.4 busybox-static - 1:1.21.0-1ubuntu1.4 No subscription required Medium CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-16544 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 Ubuntu 14.04 LTS It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3936-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 1.18-1ubuntu0.2 No subscription required Medium CVE-2019-9210 Ubuntu 14.04 LTS Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly handled session expiry times. When used with mod_session_cookie, this may result in the session expiry time to be ignored, contrary to expectations. (CVE-2018-17199) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to process requests incorrectly. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-0196) Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Bernhard Lorenz discovered that the Apache HTTP Server was inconsistent when processing requests containing multiple consecutive slashes. This could lead to directives such as LocationMatch and RewriteRule to perform contrary to expectations. (CVE-2019-0220) Update Instructions: Run `sudo pro fix USN-3937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22 No subscription required apache2-data - 2.4.7-1ubuntu4.22 apache2.2-bin - 2.4.7-1ubuntu4.22 apache2-utils - 2.4.7-1ubuntu4.22 apache2-dev - 2.4.7-1ubuntu4.22 apache2-mpm-worker - 2.4.7-1ubuntu4.22 apache2-suexec-custom - 2.4.7-1ubuntu4.22 apache2-suexec - 2.4.7-1ubuntu4.22 apache2 - 2.4.7-1ubuntu4.22 apache2-suexec-pristine - 2.4.7-1ubuntu4.22 apache2-doc - 2.4.7-1ubuntu4.22 apache2-mpm-prefork - 2.4.7-1ubuntu4.22 apache2-mpm-itk - 2.4.7-1ubuntu4.22 apache2-mpm-event - 2.4.7-1ubuntu4.22 apache2-bin - 2.4.7-1ubuntu4.22 No subscription required High CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Ubuntu 14.04 LTS Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update Instructions: Run `sudo pro fix USN-3938-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgudev-1.0-dev - 1:204-5ubuntu20.31 libgudev-1.0-0 - 1:204-5ubuntu20.31 gir1.2-gudev-1.0 - 1:204-5ubuntu20.31 No subscription required libsystemd-id128-dev - 204-5ubuntu20.31 systemd - 204-5ubuntu20.31 udev-udeb - 204-5ubuntu20.31 python-systemd - 204-5ubuntu20.31 libsystemd-journal0 - 204-5ubuntu20.31 libsystemd-journal-dev - 204-5ubuntu20.31 libsystemd-id128-0 - 204-5ubuntu20.31 libudev1 - 204-5ubuntu20.31 systemd-services - 204-5ubuntu20.31 libpam-systemd - 204-5ubuntu20.31 libudev-dev - 204-5ubuntu20.31 libsystemd-daemon0 - 204-5ubuntu20.31 libsystemd-login-dev - 204-5ubuntu20.31 udev - 204-5ubuntu20.31 libsystemd-daemon-dev - 204-5ubuntu20.31 libudev1-udeb - 204-5ubuntu20.31 libsystemd-login0 - 204-5ubuntu20.31 No subscription required Medium CVE-2019-3842 Ubuntu 14.04 LTS Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3939-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20 No subscription required Medium CVE-2019-3880 Ubuntu 14.04 LTS It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789) Update Instructions: Run `sudo pro fix USN-3940-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav-testfiles - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav-base - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav - 0.100.3+dfsg-0ubuntu0.14.04.1 libclamav7 - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav-daemon - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav-docs - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav-milter - 0.100.3+dfsg-0ubuntu0.14.04.1 clamav-freshclam - 0.100.3+dfsg-0ubuntu0.14.04.1 No subscription required Medium CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Ubuntu 14.04 LTS It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Update Instructions: Run `sudo pro fix USN-3942-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-7-jre-zero - 7u211-2.6.17-0ubuntu0.1 openjdk-7-source - 7u211-2.6.17-0ubuntu0.1 icedtea-7-jre-jamvm - 7u211-2.6.17-0ubuntu0.1 openjdk-7-tests - 7u211-2.6.17-0ubuntu0.1 openjdk-7-jre-lib - 7u211-2.6.17-0ubuntu0.1 openjdk-7-jdk - 7u211-2.6.17-0ubuntu0.1 openjdk-7-jre-headless - 7u211-2.6.17-0ubuntu0.1 openjdk-7-jre - 7u211-2.6.17-0ubuntu0.1 openjdk-7-doc - 7u211-2.6.17-0ubuntu0.1 openjdk-7-demo - 7u211-2.6.17-0ubuntu0.1 No subscription required Low CVE-2019-2422 Ubuntu 14.04 LTS It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update Instructions: Run `sudo pro fix USN-3943-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.15-1ubuntu1.14.04.5 wget-udeb - 1.15-1ubuntu1.14.04.5 No subscription required Medium CVE-2018-20483 CVE-2019-5953 Ubuntu 14.04 LTS It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499) It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn't available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743) Update Instructions: Run `sudo pro fix USN-3944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.7 No subscription required wpagui - 2.1-0ubuntu1.7 wpasupplicant - 2.1-0ubuntu1.7 wpasupplicant-udeb - 2.1-0ubuntu1.7 No subscription required Medium CVE-2016-10743 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 Ubuntu 14.04 LTS It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325) Update Instructions: Run `sudo pro fix USN-3945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby1.9.1-dev - 1.9.3.484-2ubuntu1.14 libtcltk-ruby1.9.1 - 1.9.3.484-2ubuntu1.14 ruby1.9.1-examples - 1.9.3.484-2ubuntu1.14 ruby1.9.1-full - 1.9.3.484-2ubuntu1.14 libruby1.9.1 - 1.9.3.484-2ubuntu1.14 ri1.9.1 - 1.9.3.484-2ubuntu1.14 ruby1.9.1 - 1.9.3.484-2ubuntu1.14 ruby1.9.3 - 1.9.3.484-2ubuntu1.14 No subscription required ruby2.0-tcltk - 2.0.0.484-1ubuntu2.13 libruby2.0 - 2.0.0.484-1ubuntu2.13 ruby2.0-doc - 2.0.0.484-1ubuntu2.13 ruby2.0 - 2.0.0.484-1ubuntu2.13 ruby2.0-dev - 2.0.0.484-1ubuntu2.13 No subscription required Medium CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Ubuntu 14.04 LTS It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands. Update Instructions: Run `sudo pro fix USN-3946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rssh - 2.3.4-4+deb8u2ubuntu0.14.04.2 No subscription required High CVE-2019-1000018 CVE-2019-3463 CVE-2019-3464 Ubuntu 14.04 LTS It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3947-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2ubuntu0.2 libxslt1-dev - 1.1.28-2ubuntu0.2 libxslt1.1 - 1.1.28-2ubuntu0.2 xsltproc - 1.1.28-2ubuntu0.2 No subscription required Medium CVE-2019-11068 Ubuntu 14.04 LTS USN-3953-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3953-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm1 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm1 php5 - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm1 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm1 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm1 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm1 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11034 CVE-2019-11035 Ubuntu 14.04 LTS USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3956-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm1 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm1 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm1 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm1 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 host - 1:9.9.5.dfsg-3ubuntu0.19+esm1 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm1 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm1 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-5743 Ubuntu 14.04 LTS USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-5564-changelog/ https://mariadb.com/kb/en/library/mariadb-5564-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Update Instructions: Run `sudo pro fix USN-3957-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-test-5.5 - 5.5.64-1ubuntu0.14.04.1 mariadb-server - 5.5.64-1ubuntu0.14.04.1 libmariadbd-dev - 5.5.64-1ubuntu0.14.04.1 mariadb-test - 5.5.64-1ubuntu0.14.04.1 mariadb-server-core-5.5 - 5.5.64-1ubuntu0.14.04.1 mariadb-common - 5.5.64-1ubuntu0.14.04.1 mariadb-client-core-5.5 - 5.5.64-1ubuntu0.14.04.1 mariadb-client-5.5 - 5.5.64-1ubuntu0.14.04.1 mariadb-server-5.5 - 5.5.64-1ubuntu0.14.04.1 libmariadbclient-dev - 5.5.64-1ubuntu0.14.04.1 libmariadbclient18 - 5.5.64-1ubuntu0.14.04.1 mariadb-client - 5.5.64-1ubuntu0.14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-2614 CVE-2019-2627 Ubuntu 14.04 LTS USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368) Update Instructions: Run `sudo pro fix USN-3968-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.5+esm1 sudo - 1.8.9p5-1ubuntu1.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-1000368 Ubuntu 14.04 LTS USN-3968-1 fixed several vulnerabilities in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. (CVE-2016-7076, CVE-2016-7032) Update Instructions: Run `sudo pro fix USN-3968-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.5+esm5 sudo - 1.8.9p5-1ubuntu1.5+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-7032 CVE-2016-7076 Ubuntu 14.04 LTS USN-3969-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3969-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2.1-0ubuntu1.7+esm1 wpagui - 2.1-0ubuntu1.7+esm1 wpasupplicant-udeb - 2.1-0ubuntu1.7+esm1 wpasupplicant - 2.1-0ubuntu1.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11555 Ubuntu 14.04 LTS USN-3976-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3976-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-16860 Ubuntu 14.04 LTS USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. Original advisory details: Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3976-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1827924 Ubuntu 14.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190514.0ubuntu0.14.04.1 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190514.0ubuntu0.14.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190618.0ubuntu0.14.04.1 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code. (CVE-2018-20815) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) It was discovered that a NULL pointer dereference existed in the sun4u power device implementation in QEMU. A local attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-5008) William Bowling discovered that an information leak existed in the SLiRP networking implementation of QEMU. An attacker could use this to expose sensitive information. (CVE-2019-9824) Update Instructions: Run `sudo pro fix USN-3978-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.46 qemu-user-static - 2.0.0+dfsg-2ubuntu1.46 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.46 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.46 qemu-kvm - 2.0.0+dfsg-2ubuntu1.46 qemu-user - 2.0.0+dfsg-2ubuntu1.46 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.46 qemu-system - 2.0.0+dfsg-2ubuntu1.46 qemu-utils - 2.0.0+dfsg-2ubuntu1.46 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.46 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.46 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.46 qemu-common - 2.0.0+dfsg-2ubuntu1.46 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.46 qemu - 2.0.0+dfsg-2ubuntu1.46 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.46 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.46 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-5008 CVE-2019-9824 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874) Alex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) Update Instructions: Run `sudo pro fix USN-3981-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1045-azure - 4.15.0-1045.49~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1045.32 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16884 CVE-2019-11091 CVE-2019-3874 CVE-2019-3882 CVE-2019-9500 CVE-2019-9503 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS USN-3982-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 for Ubuntu 14.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874) Alex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882) Update Instructions: Run `sudo pro fix USN-3982-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-148-powerpc64-smp - 4.4.0-148.174~14.04.1 linux-image-4.4.0-148-lowlatency - 4.4.0-148.174~14.04.1 linux-image-4.4.0-148-powerpc64-emb - 4.4.0-148.174~14.04.1 linux-image-4.4.0-148-generic-lpae - 4.4.0-148.174~14.04.1 linux-image-4.4.0-148-powerpc-smp - 4.4.0-148.174~14.04.1 linux-image-4.4.0-148-powerpc-e500mc - 4.4.0-148.174~14.04.1 linux-image-4.4.0-148-generic - 4.4.0-148.174~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.148.130 linux-image-generic-lpae-lts-xenial - 4.4.0.148.130 linux-image-generic-lts-xenial - 4.4.0.148.130 linux-image-lowlatency-lts-xenial - 4.4.0.148.130 linux-image-powerpc64-smp-lts-xenial - 4.4.0.148.130 linux-image-powerpc64-emb-lts-xenial - 4.4.0.148.130 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.148.130 linux-image-virtual-lts-xenial - 4.4.0.148.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3874 CVE-2019-3882 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3983-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-170-lowlatency - 3.13.0-170.220 linux-image-3.13.0-170-powerpc64-emb - 3.13.0-170.220 linux-image-3.13.0-170-powerpc-e500mc - 3.13.0-170.220 linux-image-3.13.0-170-powerpc-e500 - 3.13.0-170.220 linux-image-3.13.0-170-powerpc-smp - 3.13.0-170.220 linux-image-3.13.0-170-generic - 3.13.0-170.220 linux-image-3.13.0-170-generic-lpae - 3.13.0-170.220 linux-image-3.13.0-170-powerpc64-smp - 3.13.0-170.220 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-e500mc - 3.13.0.170.181 linux-image-lowlatency-pae - 3.13.0.170.181 linux-image-generic-pae - 3.13.0.170.181 linux-image-generic-lpae-lts-trusty - 3.13.0.170.181 linux-image-generic-lts-quantal - 3.13.0.170.181 linux-image-virtual - 3.13.0.170.181 linux-image-powerpc-e500 - 3.13.0.170.181 linux-image-generic-lts-trusty - 3.13.0.170.181 linux-image-omap - 3.13.0.170.181 linux-image-powerpc64-emb - 3.13.0.170.181 linux-image-generic - 3.13.0.170.181 linux-image-highbank - 3.13.0.170.181 linux-image-generic-lts-saucy - 3.13.0.170.181 linux-image-powerpc-smp - 3.13.0.170.181 linux-image-generic-lpae - 3.13.0.170.181 linux-image-generic-lpae-lts-saucy - 3.13.0.170.181 linux-image-generic-lts-raring - 3.13.0.170.181 linux-image-powerpc64-smp - 3.13.0.170.181 linux-image-lowlatency - 3.13.0.170.181 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3985-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.28 libvirt-bin - 1.2.2-0ubuntu13.1.28 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 14.04 LTS USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) Update Instructions: Run `sudo pro fix USN-3990-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.7.1-1ubuntu4.1+esm1 python-urllib3-whl - 1.7.1-1ubuntu4.1+esm1 python3-urllib3 - 1.7.1-1ubuntu4.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11236 Ubuntu 14.04 LTS USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update Instructions: Run `sudo pro fix USN-3993-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20+esm2 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm2 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm2 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm2 libcurl3-udeb - 7.35.0-1ubuntu2.20+esm2 libcurl4-doc - 7.35.0-1ubuntu2.20+esm2 libcurl3-nss - 7.35.0-1ubuntu2.20+esm2 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm2 libcurl3 - 7.35.0-1ubuntu2.20+esm2 curl - 7.35.0-1ubuntu2.20+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5436 Ubuntu 14.04 LTS USN-3995-1 fixed a vulnerability in keepalived. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3995-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: keepalived - 1:1.2.7-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-19115 Ubuntu 14.04 LTS Kuang-che Wu discovered that GNU Screen improperly handled certain input. An attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service or the execution of arbitrary code. Update Instructions: Run `sudo pro fix USN-3996-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.1.0~20120320gitdb59704-9ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-6806 Ubuntu 14.04 LTS USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Update Instructions: Run `sudo pro fix USN-4001-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libseccomp-dev - 2.4.1-0ubuntu0.14.04.2 libseccomp2 - 2.4.1-0ubuntu0.14.04.2 seccomp - 2.4.1-0ubuntu0.14.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-9893 Ubuntu 14.04 LTS USN-4004-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Update Instructions: Run `sudo pro fix USN-4004-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: db5.3-doc - 5.3.28-3ubuntu3.1+esm1 libdb5.3-java-jni - 5.3.28-3ubuntu3.1+esm1 libdb5.3++ - 5.3.28-3ubuntu3.1+esm1 libdb5.3-tcl - 5.3.28-3ubuntu3.1+esm1 libdb5.3-java-dev - 5.3.28-3ubuntu3.1+esm1 libdb5.3-dev - 5.3.28-3ubuntu3.1+esm1 db5.3-util - 5.3.28-3ubuntu3.1+esm1 libdb5.3-stl-dev - 5.3.28-3ubuntu3.1+esm1 libdb5.3-sql - 5.3.28-3ubuntu3.1+esm1 libdb5.3++-dev - 5.3.28-3ubuntu3.1+esm1 db5.3-sql-util - 5.3.28-3ubuntu3.1+esm1 libdb5.3 - 5.3.28-3ubuntu3.1+esm1 libdb5.3-stl - 5.3.28-3ubuntu3.1+esm1 libdb5.3-java-gcj - 5.3.28-3ubuntu3.1+esm1 libdb5.3-sql-dev - 5.3.28-3ubuntu3.1+esm1 libdb5.3-java - 5.3.28-3ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-8457 Ubuntu 14.04 LTS USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support. Update Instructions: Run `sudo pro fix USN-4008-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1045-aws - 4.4.0-1045.48 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-150-generic - 4.4.0-150.176~14.04.1 linux-image-4.4.0-150-powerpc-smp - 4.4.0-150.176~14.04.1 linux-image-4.4.0-150-powerpc-e500mc - 4.4.0-150.176~14.04.1 linux-image-4.4.0-150-lowlatency - 4.4.0-150.176~14.04.1 linux-image-4.4.0-150-generic-lpae - 4.4.0-150.176~14.04.1 linux-image-4.4.0-150-powerpc64-smp - 4.4.0-150.176~14.04.1 linux-image-4.4.0-150-powerpc64-emb - 4.4.0-150.176~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1045.46 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.150.132 linux-image-lowlatency-lts-xenial - 4.4.0.150.132 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.150.132 linux-image-generic-lpae-lts-xenial - 4.4.0.150.132 linux-image-powerpc64-smp-lts-xenial - 4.4.0.150.132 linux-image-powerpc64-emb-lts-xenial - 4.4.0.150.132 linux-image-generic-lts-xenial - 4.4.0.150.132 linux-image-virtual-lts-xenial - 4.4.0.150.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11190 CVE-2019-11191 CVE-2019-11810 CVE-2019-11815 Ubuntu 14.04 LTS USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-11039) It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-11040) Update Instructions: Run `sudo pro fix USN-4009-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm3 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm3 php5 - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm3 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm3 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm3 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm3 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11039 CVE-2019-11040 Ubuntu 14.04 LTS USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906) Update Instructions: Run `sudo pro fix USN-4011-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.7.2-2ubuntu0.1~esm1 python-jinja2-doc - 2.7.2-2ubuntu0.1~esm1 python3-jinja2 - 2.7.2-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-10745 CVE-2019-10906 Ubuntu 14.04 LTS USN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4014-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.40.2-0ubuntu1.1+esm1 libglib2.0-0-refdbg - 2.40.2-0ubuntu1.1+esm1 libglib2.0-data - 2.40.2-0ubuntu1.1+esm1 libglib2.0-udeb - 2.40.2-0ubuntu1.1+esm1 libglib2.0-tests - 2.40.2-0ubuntu1.1+esm1 libgio-fam - 2.40.2-0ubuntu1.1+esm1 libglib2.0-doc - 2.40.2-0ubuntu1.1+esm1 libglib2.0-bin - 2.40.2-0ubuntu1.1+esm1 libglib2.0-dev - 2.40.2-0ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12450 Ubuntu 14.04 LTS USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update Instructions: Run `sudo pro fix USN-4015-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.5+esm1 dbus-x11 - 1.6.18-0ubuntu4.5+esm1 libdbus-1-3 - 1.6.18-0ubuntu4.5+esm1 libdbus-1-dev - 1.6.18-0ubuntu4.5+esm1 dbus-1-doc - 1.6.18-0ubuntu4.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12749 Ubuntu 14.04 LTS USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Update Instructions: Run `sudo pro fix USN-4017-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-171-powerpc64-emb - 3.13.0-171.222 linux-image-3.13.0-171-generic-lpae - 3.13.0-171.222 linux-image-3.13.0-171-lowlatency - 3.13.0-171.222 linux-image-3.13.0-171-powerpc-e500mc - 3.13.0-171.222 linux-image-3.13.0-171-powerpc64-smp - 3.13.0-171.222 linux-image-3.13.0-171-powerpc-smp - 3.13.0-171.222 linux-image-3.13.0-171-powerpc-e500 - 3.13.0-171.222 linux-image-3.13.0-171-generic - 3.13.0-171.222 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-e500mc - 3.13.0.171.182 linux-image-lowlatency-pae - 3.13.0.171.182 linux-image-generic-pae - 3.13.0.171.182 linux-image-generic-lpae-lts-trusty - 3.13.0.171.182 linux-image-generic-lts-quantal - 3.13.0.171.182 linux-image-virtual - 3.13.0.171.182 linux-image-powerpc-e500 - 3.13.0.171.182 linux-image-generic-lts-trusty - 3.13.0.171.182 linux-image-generic - 3.13.0.171.182 linux-image-omap - 3.13.0.171.182 linux-image-powerpc64-emb - 3.13.0.171.182 linux-image-highbank - 3.13.0.171.182 linux-image-generic-lts-saucy - 3.13.0.171.182 linux-image-powerpc-smp - 3.13.0.171.182 linux-image-generic-lpae-lts-saucy - 3.13.0.171.182 linux-image-generic-lts-raring - 3.13.0.171.182 linux-image-powerpc64-smp - 3.13.0.171.182 linux-image-generic-lpae - 3.13.0.171.182 linux-image-lowlatency - 3.13.0.171.182 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1047-azure - 4.15.0-1047.51~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1047.34 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-1046-aws - 4.4.0-1046.50 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-151-generic-lpae - 4.4.0-151.178~14.04.1 linux-image-4.4.0-151-lowlatency - 4.4.0-151.178~14.04.1 linux-image-4.4.0-151-powerpc-e500mc - 4.4.0-151.178~14.04.1 linux-image-4.4.0-151-powerpc64-emb - 4.4.0-151.178~14.04.1 linux-image-4.4.0-151-generic - 4.4.0-151.178~14.04.1 linux-image-4.4.0-151-powerpc-smp - 4.4.0-151.178~14.04.1 linux-image-4.4.0-151-powerpc64-smp - 4.4.0-151.178~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1046.47 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lpae-lts-xenial - 4.4.0.151.133 linux-image-generic-lts-xenial - 4.4.0.151.133 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.151.133 linux-image-powerpc64-emb-lts-xenial - 4.4.0.151.133 linux-image-powerpc64-smp-lts-xenial - 4.4.0.151.133 linux-image-powerpc-smp-lts-xenial - 4.4.0.151.133 linux-image-lowlatency-lts-xenial - 4.4.0.151.133 linux-image-virtual-lts-xenial - 4.4.0.151.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-11477 CVE-2019-11478 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Ubuntu 14.04 LTS USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2017-2518) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13685) Update Instructions: Run `sudo pro fix USN-4019-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.8.2-1ubuntu2.2+esm1 sqlite3-doc - 3.8.2-1ubuntu2.2+esm1 libsqlite3-0 - 3.8.2-1ubuntu2.2+esm1 libsqlite3-tcl - 3.8.2-1ubuntu2.2+esm1 sqlite3 - 3.8.2-1ubuntu2.2+esm1 libsqlite3-dev - 3.8.2-1ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-6153 CVE-2017-10989 CVE-2017-13685 CVE-2017-2518 CVE-2018-20346 CVE-2018-20506 CVE-2019-8457 Ubuntu 14.04 LTS USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update Instructions: Run `sudo pro fix USN-4038-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzip2 - 1.0.6-5ubuntu0.1~esm1 bzip2-doc - 1.0.6-5ubuntu0.1~esm1 lib32bz2-1.0 - 1.0.6-5ubuntu0.1~esm1 lib32bz2-dev - 1.0.6-5ubuntu0.1~esm1 lib64bz2-1.0 - 1.0.6-5ubuntu0.1~esm1 libbz2-dev - 1.0.6-5ubuntu0.1~esm1 lib64bz2-dev - 1.0.6-5ubuntu0.1~esm1 libbz2-1.0 - 1.0.6-5ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-3189 CVE-2019-12900 Ubuntu 14.04 LTS USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4038-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzip2 - 1.0.6-5ubuntu0.1~esm2 bzip2-doc - 1.0.6-5ubuntu0.1~esm2 lib32bz2-1.0 - 1.0.6-5ubuntu0.1~esm2 lib32bz2-dev - 1.0.6-5ubuntu0.1~esm2 lib64bz2-1.0 - 1.0.6-5ubuntu0.1~esm2 libbz2-dev - 1.0.6-5ubuntu0.1~esm2 lib64bz2-dev - 1.0.6-5ubuntu0.1~esm2 libbz2-1.0 - 1.0.6-5ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1834494 Ubuntu 14.04 LTS USN-4040-1 fixed a vulnerability in expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4040-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1-udeb - 2.1.0-4ubuntu1.4+esm1 expat - 2.1.0-4ubuntu1.4+esm1 libexpat1-dev - 2.1.0-4ubuntu1.4+esm1 lib64expat1-dev - 2.1.0-4ubuntu1.4+esm1 libexpat1 - 2.1.0-4ubuntu1.4+esm1 lib64expat1 - 2.1.0-4ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-20843 Ubuntu 14.04 LTS USN-4041-1 provided updates for the Linux kernel in Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM. USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. (CVE-2019-11479) Update Instructions: Run `sudo pro fix USN-4041-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1049-azure - 4.15.0-1049.54~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1049.36 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-1048-aws - 4.4.0-1048.52 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-154-powerpc-smp - 4.4.0-154.181~14.04.1 linux-image-4.4.0-154-powerpc64-emb - 4.4.0-154.181~14.04.1 linux-image-4.4.0-154-generic-lpae - 4.4.0-154.181~14.04.1 linux-image-4.4.0-154-powerpc-e500mc - 4.4.0-154.181~14.04.1 linux-image-4.4.0-154-lowlatency - 4.4.0-154.181~14.04.1 linux-image-4.4.0-154-powerpc64-smp - 4.4.0-154.181~14.04.1 linux-image-4.4.0-154-generic - 4.4.0-154.181~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1048.49 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.154.135 linux-image-generic-lpae-lts-xenial - 4.4.0.154.135 linux-image-powerpc64-smp-lts-xenial - 4.4.0.154.135 linux-image-powerpc64-emb-lts-xenial - 4.4.0.154.135 linux-image-lowlatency-lts-xenial - 4.4.0.154.135 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.154.135 linux-image-generic-lts-xenial - 4.4.0.154.135 linux-image-virtual-lts-xenial - 4.4.0.154.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11479 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Ubuntu 14.04 LTS USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Update Instructions: Run `sudo pro fix USN-4047-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.2.2-0ubuntu13.1.28+esm1 libvirt-dev - 1.2.2-0ubuntu13.1.28+esm1 libvirt-doc - 1.2.2-0ubuntu13.1.28+esm1 libvirt-bin - 1.2.2-0ubuntu13.1.28+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-10161 Ubuntu 14.04 LTS USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4049-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.40.2-0ubuntu1.1+esm2 libglib2.0-0-refdbg - 2.40.2-0ubuntu1.1+esm2 libglib2.0-data - 2.40.2-0ubuntu1.1+esm2 libglib2.0-udeb - 2.40.2-0ubuntu1.1+esm2 libglib2.0-tests - 2.40.2-0ubuntu1.1+esm2 libgio-fam - 2.40.2-0ubuntu1.1+esm2 libglib2.0-doc - 2.40.2-0ubuntu1.1+esm2 libglib2.0-bin - 2.40.2-0ubuntu1.1+esm2 libglib2.0-dev - 2.40.2-0ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13012 Ubuntu 14.04 LTS USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4049-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.40.2-0ubuntu1.1+esm3 libglib2.0-0-refdbg - 2.40.2-0ubuntu1.1+esm3 libglib2.0-data - 2.40.2-0ubuntu1.1+esm3 libglib2.0-udeb - 2.40.2-0ubuntu1.1+esm3 libglib2.0-tests - 2.40.2-0ubuntu1.1+esm3 libgio-fam - 2.40.2-0ubuntu1.1+esm3 libglib2.0-doc - 2.40.2-0ubuntu1.1+esm3 libglib2.0-bin - 2.40.2-0ubuntu1.1+esm3 libglib2.0-dev - 2.40.2-0ubuntu1.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1838890 Ubuntu 14.04 LTS USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Update Instructions: Run `sudo pro fix USN-4051-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29+esm1 python3-problem-report - 2.14.1-0ubuntu3.29+esm1 apport-kde - 2.14.1-0ubuntu3.29+esm1 apport-retrace - 2.14.1-0ubuntu3.29+esm1 apport-valgrind - 2.14.1-0ubuntu3.29+esm1 python3-apport - 2.14.1-0ubuntu3.29+esm1 dh-apport - 2.14.1-0ubuntu3.29+esm1 apport-gtk - 2.14.1-0ubuntu3.29+esm1 apport - 2.14.1-0ubuntu3.29+esm1 python-problem-report - 2.14.1-0ubuntu3.29+esm1 apport-noui - 2.14.1-0ubuntu3.29+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-7307 Ubuntu 14.04 LTS USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Update Instructions: Run `sudo pro fix USN-4058-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.8+esm1 bash-doc - 4.3-7ubuntu1.8+esm1 bash - 4.3-7ubuntu1.8+esm1 bash-static - 4.3-7ubuntu1.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-9924 Ubuntu 14.04 LTS USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729) Update Instructions: Run `sudo pro fix USN-4060-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm1 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm1 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm1 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm1 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11719 CVE-2019-11729 Ubuntu 14.04 LTS USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4066-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 libclamav7 - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-1010305 Ubuntu 14.04 LTS USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-13636) It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-13638) Update Instructions: Run `sudo pro fix USN-4071-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: patch - 2.7.1-4ubuntu2.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13636 CVE-2019-13638 Ubuntu 14.04 LTS USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565) Update Instructions: Run `sudo pro fix USN-4078-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.5+esm1 libldap2-dev - 2.4.31-1+nmu2ubuntu8.5+esm1 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.5+esm1 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.5+esm1 slapd - 2.4.31-1+nmu2ubuntu8.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13057 CVE-2019-13565 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain regular expressions. An attacker could possibly use this issue to expose sensitive information, cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4088-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm4 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm4 php5 - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm4 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm4 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm4 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm4 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13224 Ubuntu 14.04 LTS USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Update Instructions: Run `sudo pro fix USN-4095-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1050-aws - 4.4.0-1050.54 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-159-powerpc64-emb - 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc-e500mc - 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-lowlatency - 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc-smp - 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc64-smp - 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-generic - 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-generic-lpae - 4.4.0-159.187~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1050.51 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.159.140 linux-image-generic-lpae-lts-xenial - 4.4.0.159.140 linux-image-virtual-lts-xenial - 4.4.0.159.140 linux-image-powerpc64-smp-lts-xenial - 4.4.0.159.140 linux-image-lowlatency-lts-xenial - 4.4.0.159.140 linux-image-powerpc64-emb-lts-xenial - 4.4.0.159.140 linux-image-generic-lts-xenial - 4.4.0.159.140 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.159.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-5383 CVE-2019-10126 CVE-2019-1125 CVE-2019-11833 CVE-2019-12614 CVE-2019-2054 CVE-2019-3846 Ubuntu 14.04 LTS USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042) Update Instructions: Run `sudo pro fix USN-4097-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm5 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm5 php5 - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm5 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm5 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm5 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm5 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11041 CVE-2019-11042 Ubuntu 14.04 LTS USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4110-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.6+esm1 dovecot-mysql - 1:2.2.9-1ubuntu2.6+esm1 dovecot-core - 1:2.2.9-1ubuntu2.6+esm1 dovecot-sieve - 1:2.2.9-1ubuntu2.6+esm1 dovecot-ldap - 1:2.2.9-1ubuntu2.6+esm1 dovecot-sqlite - 1:2.2.9-1ubuntu2.6+esm1 dovecot-dev - 1:2.2.9-1ubuntu2.6+esm1 dovecot-pop3d - 1:2.2.9-1ubuntu2.6+esm1 dovecot-imapd - 1:2.2.9-1ubuntu2.6+esm1 dovecot-managesieved - 1:2.2.9-1ubuntu2.6+esm1 mail-stack-delivery - 1:2.2.9-1ubuntu2.6+esm1 dovecot-gssapi - 1:2.2.9-1ubuntu2.6+esm1 dovecot-solr - 1:2.2.9-1ubuntu2.6+esm1 dovecot-lmtpd - 1:2.2.9-1ubuntu2.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-11500 Ubuntu 14.04 LTS USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4110-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.6+esm2 dovecot-mysql - 1:2.2.9-1ubuntu2.6+esm2 dovecot-core - 1:2.2.9-1ubuntu2.6+esm2 dovecot-sieve - 1:2.2.9-1ubuntu2.6+esm2 dovecot-ldap - 1:2.2.9-1ubuntu2.6+esm2 dovecot-sqlite - 1:2.2.9-1ubuntu2.6+esm2 dovecot-dev - 1:2.2.9-1ubuntu2.6+esm2 dovecot-pop3d - 1:2.2.9-1ubuntu2.6+esm2 dovecot-imapd - 1:2.2.9-1ubuntu2.6+esm2 dovecot-managesieved - 1:2.2.9-1ubuntu2.6+esm2 mail-stack-delivery - 1:2.2.9-1ubuntu2.6+esm2 dovecot-gssapi - 1:2.2.9-1ubuntu2.6+esm2 dovecot-solr - 1:2.2.9-1ubuntu2.6+esm2 dovecot-lmtpd - 1:2.2.9-1ubuntu2.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-11500 Ubuntu 14.04 LTS USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-4124-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-daemon-custom - 4.82-3ubuntu2.4+esm1 exim4-dev - 4.82-3ubuntu2.4+esm1 eximon4 - 4.82-3ubuntu2.4+esm1 exim4 - 4.82-3ubuntu2.4+esm1 exim4-base - 4.82-3ubuntu2.4+esm1 exim4-config - 4.82-3ubuntu2.4+esm1 exim4-daemon-heavy - 4.82-3ubuntu2.4+esm1 exim4-daemon-light - 4.82-3ubuntu2.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-15846 Ubuntu 14.04 LTS USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9381, CVE-2015-9382) Original advisory details: It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9383) Update Instructions: Run `sudo pro fix USN-4126-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.8+esm1 libfreetype6-udeb - 2.5.2-1ubuntu2.8+esm1 freetype2-demos - 2.5.2-1ubuntu2.8+esm1 libfreetype6 - 2.5.2-1ubuntu2.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-9381 CVE-2015-9382 CVE-2015-9383 Ubuntu 14.04 LTS USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blocklist meschanisms. (CVE-2019-9948) Update Instructions: Run `sudo pro fix USN-4127-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm2 python2.7-doc - 2.7.6-8ubuntu0.6+esm2 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm2 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm2 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm2 python2.7 - 2.7.6-8ubuntu0.6+esm2 idle-python2.7 - 2.7.6-8ubuntu0.6+esm2 python2.7-examples - 2.7.6-8ubuntu0.6+esm2 libpython2.7 - 2.7.6-8ubuntu0.6+esm2 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm2 python2.7-minimal - 2.7.6-8ubuntu0.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm2 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm2 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm2 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm2 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm2 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm2 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm2 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm2 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm2 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm2 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm2 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 Ubuntu 14.04 LTS USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4129-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20+esm3 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm3 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm3 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm3 libcurl3-udeb - 7.35.0-1ubuntu2.20+esm3 libcurl4-doc - 7.35.0-1ubuntu2.20+esm3 libcurl3-nss - 7.35.0-1ubuntu2.20+esm3 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm3 libcurl3 - 7.35.0-1ubuntu2.20+esm3 curl - 7.35.0-1ubuntu2.20+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5482 Ubuntu 14.04 LTS USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4132-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1-udeb - 2.1.0-4ubuntu1.4+esm2 expat - 2.1.0-4ubuntu1.4+esm2 libexpat1-dev - 2.1.0-4ubuntu1.4+esm2 lib64expat1-dev - 2.1.0-4ubuntu1.4+esm2 libexpat1 - 2.1.0-4ubuntu1.4+esm2 lib64expat1 - 2.1.0-4ubuntu1.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-15903 Ubuntu 14.04 LTS Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030) It was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15031) Update Instructions: Run `sudo pro fix USN-4135-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-173-generic - 3.13.0-173.224 linux-image-3.13.0-173-powerpc-smp - 3.13.0-173.224 linux-image-3.13.0-173-powerpc-e500 - 3.13.0-173.224 linux-image-3.13.0-173-powerpc-e500mc - 3.13.0-173.224 linux-image-3.13.0-173-powerpc64-emb - 3.13.0-173.224 linux-image-3.13.0-173-lowlatency - 3.13.0-173.224 linux-image-3.13.0-173-powerpc64-smp - 3.13.0-173.224 linux-image-3.13.0-173-generic-lpae - 3.13.0-173.224 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.173.184 linux-image-powerpc-e500mc - 3.13.0.173.184 linux-image-lowlatency-pae - 3.13.0.173.184 linux-image-generic-pae - 3.13.0.173.184 linux-image-generic-lpae-lts-trusty - 3.13.0.173.184 linux-image-generic-lts-raring - 3.13.0.173.184 linux-image-virtual - 3.13.0.173.184 linux-image-powerpc-e500 - 3.13.0.173.184 linux-image-generic-lts-trusty - 3.13.0.173.184 linux-image-omap - 3.13.0.173.184 linux-image-powerpc-smp - 3.13.0.173.184 linux-image-generic - 3.13.0.173.184 linux-image-highbank - 3.13.0.173.184 linux-image-generic-lts-saucy - 3.13.0.173.184 linux-image-generic-lpae - 3.13.0.173.184 linux-image-generic-lpae-lts-saucy - 3.13.0.173.184 linux-image-powerpc64-emb - 3.13.0.173.184 linux-image-generic-lts-quantal - 3.13.0.173.184 linux-image-powerpc64-smp - 3.13.0.173.184 linux-image-lowlatency - 3.13.0.173.184 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1059-azure - 4.15.0-1059.64~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1059.45 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-1054-aws - 4.4.0-1054.58 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-164-lowlatency - 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-generic-lpae - 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc-smp - 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc-e500mc - 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc64-emb - 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc64-smp - 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-generic - 4.4.0-164.192~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1054.55 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-virtual-lts-xenial - 4.4.0.164.143 linux-image-generic-lpae-lts-xenial - 4.4.0.164.143 linux-image-generic-lts-xenial - 4.4.0.164.143 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.164.143 linux-image-powerpc64-smp-lts-xenial - 4.4.0.164.143 linux-image-powerpc-smp-lts-xenial - 4.4.0.164.143 linux-image-lowlatency-lts-xenial - 4.4.0.164.143 linux-image-powerpc64-emb-lts-xenial - 4.4.0.164.143 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 Ubuntu 14.04 LTS USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4136-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.7+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro wpagui - 2.1-0ubuntu1.7+esm2 wpasupplicant - 2.1-0ubuntu1.7+esm2 wpasupplicant-udeb - 2.1-0ubuntu1.7+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16275 Ubuntu 14.04 LTS USN-4142-1 fixed a vulnerability in e2fsprogs. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4142-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.9-3ubuntu1.3+esm1 e2fslibs-dev - 1.42.9-3ubuntu1.3+esm1 e2fsprogs - 1.42.9-3ubuntu1.3+esm1 e2fsck-static - 1.42.9-3ubuntu1.3+esm1 e2fslibs - 1.42.9-3ubuntu1.3+esm1 e2fsprogs-udeb - 1.42.9-3ubuntu1.3+esm1 libcomerr2 - 1.42.9-3ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro ss-dev - 2.0-1.42.9-3ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro comerr-dev - 2.1-1.42.9-3ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5094 Ubuntu 14.04 LTS USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900) Update Instructions: Run `sudo pro fix USN-4146-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12625 CVE-2019-12900 Ubuntu 14.04 LTS USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Update Instructions: Run `sudo pro fix USN-4151-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm3 python2.7-doc - 2.7.6-8ubuntu0.6+esm3 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm3 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm3 libpython2.7 - 2.7.6-8ubuntu0.6+esm3 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm3 python2.7 - 2.7.6-8ubuntu0.6+esm3 idle-python2.7 - 2.7.6-8ubuntu0.6+esm3 python2.7-examples - 2.7.6-8ubuntu0.6+esm3 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm3 python2.7-minimal - 2.7.6-8ubuntu0.6+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm4 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm4 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm4 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm4 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm4 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm4 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm4 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm4 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm4 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm4 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm4 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16056 CVE-2019-16935 Ubuntu 14.04 LTS Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user. Update Instructions: Run `sudo pro fix USN-4154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.5+esm2 sudo - 1.8.9p5-1ubuntu1.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14287 Ubuntu 14.04 LTS It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information. Update Instructions: Run `sudo pro fix USN-4155-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaspell15 - 0.60.7~20110707-1ubuntu1+esm1 aspell-doc - 0.60.7~20110707-1ubuntu1+esm1 aspell - 0.60.7~20110707-1ubuntu1+esm1 libpspell-dev - 0.60.7~20110707-1ubuntu1+esm1 libaspell-dev - 0.60.7~20110707-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17544 Ubuntu 14.04 LTS USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code. Update Instructions: Run `sudo pro fix USN-4156-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15-8ubuntu1.1+esm1 libsdl1.2-dev - 1.2.15-8ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 Ubuntu 14.04 LTS USN-4162-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918) Update Instructions: Run `sudo pro fix USN-4162-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1061-azure - 4.15.0-1061.66~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1061.47 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902 CVE-2019-15918 Ubuntu 14.04 LTS USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) Update Instructions: Run `sudo pro fix USN-4163-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1056-aws - 4.4.0-1056.60 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-166-generic-lpae - 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-emb - 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-smp - 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-smp - 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-generic - 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-lowlatency - 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-e500mc - 4.4.0-166.195~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1056.57 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.166.145 linux-image-lowlatency-lts-xenial - 4.4.0.166.145 linux-image-generic-lpae-lts-xenial - 4.4.0.166.145 linux-image-generic-lts-xenial - 4.4.0.166.145 linux-image-powerpc64-smp-lts-xenial - 4.4.0.166.145 linux-image-powerpc64-emb-lts-xenial - 4.4.0.166.145 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.166.145 linux-image-virtual-lts-xenial - 4.4.0.166.145 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-10906 CVE-2017-18232 CVE-2018-21008 CVE-2019-14814 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902 Ubuntu 14.04 LTS It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118) It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-18197) Update Instructions: Run `sudo pro fix USN-4164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2ubuntu0.2+esm1 libxslt1-dev - 1.1.28-2ubuntu0.2+esm1 libxslt1.1 - 1.1.28-2ubuntu0.2+esm1 xsltproc - 1.1.28-2ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 Ubuntu 14.04 LTS USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4166-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm6 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm6 php5 - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm6 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm6 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm6 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm6 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11043 Ubuntu 14.04 LTS USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with "get changes" permissions could possibly use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-14847) Update Instructions: Run `sudo pro fix USN-4167-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-10218 CVE-2019-14847 Ubuntu 14.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-7ubuntu2.8+esm1 libarchive13 - 3.1.2-7ubuntu2.8+esm1 bsdtar - 3.1.2-7ubuntu2.8+esm1 libarchive-dev - 3.1.2-7ubuntu2.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-18408 Ubuntu 14.04 LTS USN-4171-1 fixed several vulnerabilities in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29+esm2 python3-problem-report - 2.14.1-0ubuntu3.29+esm2 apport-kde - 2.14.1-0ubuntu3.29+esm2 apport-retrace - 2.14.1-0ubuntu3.29+esm2 apport-valgrind - 2.14.1-0ubuntu3.29+esm2 python3-apport - 2.14.1-0ubuntu3.29+esm2 dh-apport - 2.14.1-0ubuntu3.29+esm2 apport-gtk - 2.14.1-0ubuntu3.29+esm2 apport - 2.14.1-0ubuntu3.29+esm2 python-problem-report - 2.14.1-0ubuntu3.29+esm2 apport-noui - 2.14.1-0ubuntu3.29+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11481 CVE-2019-11482 CVE-2019-11483 CVE-2019-11485 CVE-2019-15790 Ubuntu 14.04 LTS USN-4171-1 fixed a vulnerability in Apport. The update caused a regression in the Python Apport library. This update fixes the problem for Ubuntu 14.04 ESM. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29+esm3 python3-problem-report - 2.14.1-0ubuntu3.29+esm3 apport-kde - 2.14.1-0ubuntu3.29+esm3 apport-retrace - 2.14.1-0ubuntu3.29+esm3 apport-valgrind - 2.14.1-0ubuntu3.29+esm3 python3-apport - 2.14.1-0ubuntu3.29+esm3 dh-apport - 2.14.1-0ubuntu3.29+esm3 apport-gtk - 2.14.1-0ubuntu3.29+esm3 apport - 2.14.1-0ubuntu3.29+esm3 python-problem-report - 2.14.1-0ubuntu3.29+esm3 apport-noui - 2.14.1-0ubuntu3.29+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1850929 Ubuntu 14.04 LTS USN-4172-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM Ubuntu 14.04 ESM. Original advisory details: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4172-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.14-2ubuntu3.4+esm1 python-magic - 1:5.14-2ubuntu3.4+esm1 libmagic1 - 1:5.14-2ubuntu3.4+esm1 file - 1:5.14-2ubuntu3.4+esm1 python3-magic - 1:5.14-2ubuntu3.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-18218 Ubuntu 14.04 LTS Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation. Update Instructions: Run `sudo pro fix USN-4176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.11+dfsg-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14866 Ubuntu 14.04 LTS USN-4182-2 provided updates for Intel Microcode. This update provides the corresponding update for Ubuntu 14.04 ESM. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139) Update Instructions: Run `sudo pro fix USN-4182-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20191112-0ubuntu0.14.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-11135 CVE-2019-11139 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 14.04 LTS USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139) Update Instructions: Run `sudo pro fix USN-4182-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20191115.1ubuntu0.14.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1854764 Ubuntu 14.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Update Instructions: Run `sudo pro fix USN-4185-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1063-azure - 4.15.0-1063.68~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1063.49 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12207 CVE-2019-11135 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 14.04 LTS USN-4186-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4186-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1058-aws - 4.4.0-1058.62 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-168-powerpc64-emb - 4.4.0-168.197~14.04.1 linux-image-4.4.0-168-powerpc64-smp - 4.4.0-168.197~14.04.1 linux-image-4.4.0-168-generic - 4.4.0-168.197~14.04.1 linux-image-4.4.0-168-powerpc-smp - 4.4.0-168.197~14.04.1 linux-image-4.4.0-168-generic-lpae - 4.4.0-168.197~14.04.1 linux-image-4.4.0-168-powerpc-e500mc - 4.4.0-168.197~14.04.1 linux-image-4.4.0-168-lowlatency - 4.4.0-168.197~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1058.59 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.168.147 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.168.147 linux-image-generic-lpae-lts-xenial - 4.4.0.168.147 linux-image-lowlatency-lts-xenial - 4.4.0.168.147 linux-image-powerpc64-smp-lts-xenial - 4.4.0.168.147 linux-image-powerpc64-emb-lts-xenial - 4.4.0.168.147 linux-image-generic-lts-xenial - 4.4.0.168.147 linux-image-virtual-lts-xenial - 4.4.0.168.147 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-15098 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17666 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 14.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4187-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-175-powerpc-e500 - 3.13.0-175.226 linux-image-3.13.0-175-generic - 3.13.0-175.226 linux-image-3.13.0-175-lowlatency - 3.13.0-175.226 linux-image-3.13.0-175-generic-lpae - 3.13.0-175.226 linux-image-3.13.0-175-powerpc64-emb - 3.13.0-175.226 linux-image-3.13.0-175-powerpc-smp - 3.13.0-175.226 linux-image-3.13.0-175-powerpc64-smp - 3.13.0-175.226 linux-image-3.13.0-175-powerpc-e500mc - 3.13.0-175.226 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.175.186 linux-image-powerpc-e500mc - 3.13.0.175.186 linux-image-lowlatency-pae - 3.13.0.175.186 linux-image-generic-pae - 3.13.0.175.186 linux-image-generic-lpae-lts-trusty - 3.13.0.175.186 linux-image-generic-lts-quantal - 3.13.0.175.186 linux-image-virtual - 3.13.0.175.186 linux-image-powerpc-e500 - 3.13.0.175.186 linux-image-generic-lts-trusty - 3.13.0.175.186 linux-image-omap - 3.13.0.175.186 linux-image-powerpc64-emb - 3.13.0.175.186 linux-image-generic - 3.13.0.175.186 linux-image-highbank - 3.13.0.175.186 linux-image-generic-lts-saucy - 3.13.0.175.186 linux-image-powerpc-smp - 3.13.0.175.186 linux-image-generic-lpae - 3.13.0.175.186 linux-image-generic-lpae-lts-saucy - 3.13.0.175.186 linux-image-generic-lts-raring - 3.13.0.175.186 linux-image-powerpc64-smp - 3.13.0.175.186 linux-image-lowlatency - 3.13.0.175.186 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-11135 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 14.04 LTS USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164) It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378) It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890) Update Instructions: Run `sudo pro fix USN-4191-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.47 qemu-user-static - 2.0.0+dfsg-2ubuntu1.47 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.47 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.47 qemu-kvm - 2.0.0+dfsg-2ubuntu1.47 qemu-user - 2.0.0+dfsg-2ubuntu1.47 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.47 qemu-system - 2.0.0+dfsg-2ubuntu1.47 qemu-utils - 2.0.0+dfsg-2ubuntu1.47 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.47 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.47 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.47 qemu-common - 2.0.0+dfsg-2ubuntu1.47 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.47 qemu - 2.0.0+dfsg-2ubuntu1.47 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.47 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.47 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 Ubuntu 14.04 LTS USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4194-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-all - 154ubuntu1.1+esm1 postgresql-client-common - 154ubuntu1.1+esm1 postgresql-common - 154ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro postgresql - 9.3+154ubuntu1.1+esm1 postgresql-contrib - 9.3+154ubuntu1.1+esm1 postgresql-doc - 9.3+154ubuntu1.1+esm1 postgresql-client - 9.3+154ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-3466 Ubuntu 14.04 LTS USN-4199-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4199-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.3.0-2ubuntu0.1~esm1 libvpx1 - 1.3.0-2ubuntu0.1~esm1 libvpx-doc - 1.3.0-2ubuntu0.1~esm1 vpx-tools - 1.3.0-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-13194 CVE-2019-9232 CVE-2019-9433 Ubuntu 14.04 LTS USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4203-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm2 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm2 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm2 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm2 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11745 Ubuntu 14.04 LTS USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) Update Instructions: Run `sudo pro fix USN-4211-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1059-aws - 4.4.0-1059.63 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-170-generic - 4.4.0-170.199~14.04.1 linux-image-4.4.0-170-powerpc64-emb - 4.4.0-170.199~14.04.1 linux-image-4.4.0-170-lowlatency - 4.4.0-170.199~14.04.1 linux-image-4.4.0-170-powerpc64-smp - 4.4.0-170.199~14.04.1 linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199~14.04.1 linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199~14.04.1 linux-image-4.4.0-170-powerpc-e500mc - 4.4.0-170.199~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1059.60 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.170.149 linux-image-generic-lpae-lts-xenial - 4.4.0.170.149 linux-image-powerpc64-smp-lts-xenial - 4.4.0.170.149 linux-image-lowlatency-lts-xenial - 4.4.0.170.149 linux-image-generic-lts-xenial - 4.4.0.170.149 linux-image-powerpc64-emb-lts-xenial - 4.4.0.170.149 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.170.149 linux-image-virtual-lts-xenial - 4.4.0.170.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20784 CVE-2019-17133 CVE-2019-17075 Ubuntu 14.04 LTS It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4214-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librabbitmq1 - 0.4.1-1ubuntu0.1~esm1 amqp-tools - 0.4.1-1ubuntu0.1~esm1 librabbitmq-dev - 0.4.1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-18609 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled certain certificates. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm3 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm3 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm3 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm3 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17007 Ubuntu 14.04 LTS USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update Instructions: Run `sudo pro fix USN-4217-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14861 CVE-2019-14870 Ubuntu 14.04 LTS Jakub Wilk discovered that GNU C Library incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-4218-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-dev-powerpc - 2.19-0ubuntu6.15+esm1 libc6.1-pic - 2.19-0ubuntu6.15+esm1 libc6-i386 - 2.19-0ubuntu6.15+esm1 libc6-dev-mips64 - 2.19-0ubuntu6.15+esm1 libc0.1-pic - 2.19-0ubuntu6.15+esm1 libc0.3 - 2.19-0ubuntu6.15+esm1 libc6-dev-sparc64 - 2.19-0ubuntu6.15+esm1 libc0.3-dev - 2.19-0ubuntu6.15+esm1 libc6-ppc64 - 2.19-0ubuntu6.15+esm1 libc0.3-xen - 2.19-0ubuntu6.15+esm1 libc6-dev-s390 - 2.19-0ubuntu6.15+esm1 libc6-i686 - 2.19-0ubuntu6.15+esm1 libc-bin - 2.19-0ubuntu6.15+esm1 libc6-x32 - 2.19-0ubuntu6.15+esm1 libc6-s390 - 2.19-0ubuntu6.15+esm1 libc0.1-prof - 2.19-0ubuntu6.15+esm1 libc6-armel - 2.19-0ubuntu6.15+esm1 eglibc-source - 2.19-0ubuntu6.15+esm1 libc6-pic - 2.19-0ubuntu6.15+esm1 libc6-dev-ppc64 - 2.19-0ubuntu6.15+esm1 libc0.3-udeb - 2.19-0ubuntu6.15+esm1 libc6-sparc - 2.19-0ubuntu6.15+esm1 libc6-dev-armel - 2.19-0ubuntu6.15+esm1 libc0.1-dev - 2.19-0ubuntu6.15+esm1 libc0.1 - 2.19-0ubuntu6.15+esm1 libnss-files-udeb - 2.19-0ubuntu6.15+esm1 libc0.1-i386 - 2.19-0ubuntu6.15+esm1 glibc-doc - 2.19-0ubuntu6.15+esm1 libc6-armhf - 2.19-0ubuntu6.15+esm1 nscd - 2.19-0ubuntu6.15+esm1 libc6.1-alphaev67 - 2.19-0ubuntu6.15+esm1 libc0.1-i686 - 2.19-0ubuntu6.15+esm1 libc0.1-dev-i386 - 2.19-0ubuntu6.15+esm1 libc6-dev - 2.19-0ubuntu6.15+esm1 libc6-amd64 - 2.19-0ubuntu6.15+esm1 libc6.1-prof - 2.19-0ubuntu6.15+esm1 libc6-dev-amd64 - 2.19-0ubuntu6.15+esm1 libc6 - 2.19-0ubuntu6.15+esm1 libc6-sparc64 - 2.19-0ubuntu6.15+esm1 libc0.1-udeb - 2.19-0ubuntu6.15+esm1 libc6-dev-mipsn32 - 2.19-0ubuntu6.15+esm1 libnss-dns-udeb - 2.19-0ubuntu6.15+esm1 libc6-udeb - 2.19-0ubuntu6.15+esm1 multiarch-support - 2.19-0ubuntu6.15+esm1 libc6-loongson2f - 2.19-0ubuntu6.15+esm1 libc6-powerpc - 2.19-0ubuntu6.15+esm1 libc6-dev-i386 - 2.19-0ubuntu6.15+esm1 libc6-mipsn32 - 2.19-0ubuntu6.15+esm1 libc6.1-udeb - 2.19-0ubuntu6.15+esm1 libc6-dev-x32 - 2.19-0ubuntu6.15+esm1 libc6.1-dev - 2.19-0ubuntu6.15+esm1 libc0.3-i686 - 2.19-0ubuntu6.15+esm1 libc6-dev-sparc - 2.19-0ubuntu6.15+esm1 libc6.1 - 2.19-0ubuntu6.15+esm1 libc-dev-bin - 2.19-0ubuntu6.15+esm1 libc0.3-pic - 2.19-0ubuntu6.15+esm1 libc6-prof - 2.19-0ubuntu6.15+esm1 libc6-mips64 - 2.19-0ubuntu6.15+esm1 libc6-dev-armhf - 2.19-0ubuntu6.15+esm1 libc6-xen - 2.19-0ubuntu6.15+esm1 libc0.3-prof - 2.19-0ubuntu6.15+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-6485 Ubuntu 14.04 LTS It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion). Update Instructions: Run `sudo pro fix USN-4221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpcap-dev - 1.5.3-2ubuntu0.1 libpcap0.8-dev - 1.5.3-2ubuntu0.1 libpcap0.8 - 1.5.3-2ubuntu0.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-15165 Ubuntu 14.04 LTS USN-4227-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) Tristan Madani discovered that the ALSA timer implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19807) Update Instructions: Run `sudo pro fix USN-4227-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1066-azure - 4.15.0-1066.71~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1066.52 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-18660 CVE-2019-19083 CVE-2019-19807 CVE-2019-16231 CVE-2019-16233 CVE-2019-19045 CVE-2019-19052 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 Ubuntu 14.04 LTS USN-4228-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) Update Instructions: Run `sudo pro fix USN-4228-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1060-aws - 4.4.0-1060.64 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-171-powerpc-smp - 4.4.0-171.200~14.04.1 linux-image-4.4.0-171-generic-lpae - 4.4.0-171.200~14.04.1 linux-image-4.4.0-171-powerpc64-emb - 4.4.0-171.200~14.04.1 linux-image-4.4.0-171-powerpc64-smp - 4.4.0-171.200~14.04.1 linux-image-4.4.0-171-generic - 4.4.0-171.200~14.04.1 linux-image-4.4.0-171-lowlatency - 4.4.0-171.200~14.04.1 linux-image-4.4.0-171-powerpc-e500mc - 4.4.0-171.200~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1060.61 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.171.150 linux-image-powerpc64-emb-lts-xenial - 4.4.0.171.150 linux-image-generic-lpae-lts-xenial - 4.4.0.171.150 linux-image-lowlatency-lts-xenial - 4.4.0.171.150 linux-image-generic-lts-xenial - 4.4.0.171.150 linux-image-powerpc64-smp-lts-xenial - 4.4.0.171.150 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.171.150 linux-image-virtual-lts-xenial - 4.4.0.171.150 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-18660 CVE-2019-19524 CVE-2019-19534 CVE-2019-19052 Ubuntu 14.04 LTS It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute arbitrary code, or escalate to higher privileges. Update Instructions: Run `sudo pro fix USN-4229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1 ntp-doc - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1 ntpdate - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2018-12327 Ubuntu 14.04 LTS USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4230-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-15961 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm4 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm4 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm4 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm4 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17006 Ubuntu 14.04 LTS USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Update Instructions: Run `sudo pro fix USN-4235-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.9+esm1 nginx-core - 1.4.6-1ubuntu3.9+esm1 nginx-common - 1.4.6-1ubuntu3.9+esm1 nginx-full - 1.4.6-1ubuntu3.9+esm1 nginx - 1.4.6-1ubuntu3.9+esm1 nginx-doc - 1.4.6-1ubuntu3.9+esm1 nginx-naxsi - 1.4.6-1ubuntu3.9+esm1 nginx-naxsi-ui - 1.4.6-1ubuntu3.9+esm1 nginx-light - 1.4.6-1ubuntu3.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-20372 Ubuntu 14.04 LTS USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update Instructions: Run `sudo pro fix USN-4236-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-doc - 1.5.3-2ubuntu4.6+esm1 libgcrypt11-udeb - 1.5.3-2ubuntu4.6+esm1 libgcrypt11-dev - 1.5.3-2ubuntu4.6+esm1 libgcrypt11 - 1.5.3-2ubuntu4.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13627 Ubuntu 14.04 LTS USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. (CVE-2019-12420) Update Instructions: Run `sudo pro fix USN-4237-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.14.04.1+esm1 sa-compile - 3.4.2-0ubuntu0.14.04.1+esm1 spamc - 3.4.2-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-11805 CVE-2019-12420 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-11046) It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2019-11047, CVE-2019-11050) Update Instructions: Run `sudo pro fix USN-4239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm8 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm8 php5 - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm8 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm8 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm8 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm8 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Ubuntu 14.04 LTS It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090) It was discovered that libbsd incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information. (CVE-2019-20367) Update Instructions: Run `sudo pro fix USN-4243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbsd-dev - 0.6.0-2ubuntu1+esm1 libbsd0-udeb - 0.6.0-2ubuntu1+esm1 libbsd0 - 0.6.0-2ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-2090 CVE-2019-20367 Ubuntu 14.04 LTS USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update Instructions: Run `sudo pro fix USN-4247-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 0.9.3.5ubuntu3+esm2 python-apt - 0.9.3.5ubuntu3+esm2 python-apt-common - 0.9.3.5ubuntu3+esm2 python-apt-dev - 0.9.3.5ubuntu3+esm2 python-apt-doc - 0.9.3.5ubuntu3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-15795 CVE-2019-15796 Ubuntu 14.04 LTS It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4249-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.9-3ubuntu1.3+esm2 e2fslibs-dev - 1.42.9-3ubuntu1.3+esm2 e2fsprogs - 1.42.9-3ubuntu1.3+esm2 e2fsck-static - 1.42.9-3ubuntu1.3+esm2 e2fslibs - 1.42.9-3ubuntu1.3+esm2 e2fsprogs-udeb - 1.42.9-3ubuntu1.3+esm2 libcomerr2 - 1.42.9-3ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro ss-dev - 2.0-1.42.9-3ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro comerr-dev - 2.1-1.42.9-3ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5188 Ubuntu 14.04 LTS USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4252-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.3-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-19519 CVE-2019-1010220 CVE-2019-15166 CVE-2019-15167 Ubuntu 14.04 LTS USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4254-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1061-aws - 4.4.0-1061.65 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-173-powerpc-smp - 4.4.0-173.203~14.04.1 linux-image-4.4.0-173-generic-lpae - 4.4.0-173.203~14.04.1 linux-image-4.4.0-173-lowlatency - 4.4.0-173.203~14.04.1 linux-image-4.4.0-173-generic - 4.4.0-173.203~14.04.1 linux-image-4.4.0-173-powerpc64-emb - 4.4.0-173.203~14.04.1 linux-image-4.4.0-173-powerpc64-smp - 4.4.0-173.203~14.04.1 linux-image-4.4.0-173-powerpc-e500mc - 4.4.0-173.203~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1061.62 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.173.152 linux-image-powerpc64-smp-lts-xenial - 4.4.0.173.152 linux-image-generic-lpae-lts-xenial - 4.4.0.173.152 linux-image-lowlatency-lts-xenial - 4.4.0.173.152 linux-image-powerpc64-emb-lts-xenial - 4.4.0.173.152 linux-image-generic-lts-xenial - 4.4.0.173.152 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.173.152 linux-image-virtual-lts-xenial - 4.4.0.173.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14615 CVE-2019-19332 CVE-2019-18683 CVE-2019-18885 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19227 CVE-2019-15291 Ubuntu 14.04 LTS It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Update Instructions: Run `sudo pro fix USN-4256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsasl2-2 - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules-gssapi-heimdal - 2.1.25.dfsg1-17ubuntu0.1~esm1 sasl2-bin - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules-gssapi-mit - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-dev - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules-sql - 2.1.25.dfsg1-17ubuntu0.1~esm1 cyrus-sasl2-doc - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules-otp - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules-ldap - 2.1.25.dfsg1-17ubuntu0.1~esm1 libsasl2-modules-db - 2.1.25.dfsg1-17ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19906 Ubuntu 14.04 LTS USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Update Instructions: Run `sudo pro fix USN-4263-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.5+esm3 sudo - 1.8.9p5-1ubuntu1.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-18634 Ubuntu 14.04 LTS USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Update Instructions: Run `sudo pro fix USN-4265-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.14.04.1+esm2 sa-compile - 3.4.2-0ubuntu0.14.04.1+esm2 spamc - 3.4.2-0ubuntu0.14.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-1930 CVE-2020-1931 Ubuntu 14.04 LTS It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310) It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 and Ubuntu 19.10. (CVE-2020-5311) It was discovered that Pillow incorrectly handled certain PCX images. An attackter could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain Flip images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5313) Update Instructions: Run `sudo pro fix USN-4272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-imaging-tk - 2.3.0-1ubuntu3.4+esm1 python3-pil.imagetk - 2.3.0-1ubuntu3.4+esm1 python-imaging-compat - 2.3.0-1ubuntu3.4+esm1 python3-sane - 2.3.0-1ubuntu3.4+esm1 python-imaging-doc - 2.3.0-1ubuntu3.4+esm1 python-pil-doc - 2.3.0-1ubuntu3.4+esm1 python3-pil - 2.3.0-1ubuntu3.4+esm1 python-sane - 2.3.0-1ubuntu3.4+esm1 python-pil.imagetk - 2.3.0-1ubuntu3.4+esm1 python3-imaging - 2.3.0-1ubuntu3.4+esm1 python-imaging - 2.3.0-1ubuntu3.4+esm1 python-pil - 2.3.0-1ubuntu3.4+esm1 python-imaging-tk - 2.3.0-1ubuntu3.4+esm1 python-imaging-sane - 2.3.0-1ubuntu3.4+esm1 python3-imaging-sane - 2.3.0-1ubuntu3.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16865 CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Ubuntu 14.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) Update Instructions: Run `sudo pro fix USN-4274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-19956 CVE-2020-7595 Ubuntu 14.04 LTS Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-9278) Update Instructions: Run `sudo pro fix USN-4277-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-1ubuntu1+esm1 libexif12 - 0.6.21-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-6328 CVE-2017-7544 CVE-2019-9278 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060) Update Instructions: Run `sudo pro fix USN-4279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm10 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm10 php5 - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm10 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm10 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm10 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm10 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-9253 CVE-2020-7059 CVE-2020-7060 Ubuntu 14.04 LTS USN-4280-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled memory when the Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4280-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.102.2+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-3123 Ubuntu 14.04 LTS USN-4286-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Julien Grall discovered that the Xen balloon memory driver in the Linux kernel did not properly restrict the amount of memory set aside for page mappings in some situations. An attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-17351) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Update Instructions: Run `sudo pro fix USN-4286-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1062-aws - 4.4.0-1062.66 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-174-powerpc-e500mc - 4.4.0-174.204~14.04.1 linux-image-4.4.0-174-powerpc64-smp - 4.4.0-174.204~14.04.1 linux-image-4.4.0-174-powerpc-smp - 4.4.0-174.204~14.04.1 linux-image-4.4.0-174-powerpc64-emb - 4.4.0-174.204~14.04.1 linux-image-4.4.0-174-lowlatency - 4.4.0-174.204~14.04.1 linux-image-4.4.0-174-generic - 4.4.0-174.204~14.04.1 linux-image-4.4.0-174-generic-lpae - 4.4.0-174.204~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1062.63 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.174.153 linux-image-lowlatency-lts-xenial - 4.4.0.174.153 linux-image-generic-lpae-lts-xenial - 4.4.0.174.153 linux-image-generic-lts-xenial - 4.4.0.174.153 linux-image-powerpc64-smp-lts-xenial - 4.4.0.174.153 linux-image-powerpc64-emb-lts-xenial - 4.4.0.174.153 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.174.153 linux-image-virtual-lts-xenial - 4.4.0.174.153 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14615 CVE-2019-15217 CVE-2019-15220 CVE-2019-15221 CVE-2019-17351 CVE-2019-19051 CVE-2019-19056 CVE-2019-19066 CVE-2019-19068 CVE-2019-19965 CVE-2019-20096 CVE-2019-5108 Ubuntu 14.04 LTS USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4287-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1069-azure - 4.15.0-1069.74~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1069.55 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14615 CVE-2019-15099 CVE-2019-15291 CVE-2019-16229 CVE-2019-16232 CVE-2019-18683 CVE-2019-18786 CVE-2019-18809 CVE-2019-18885 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19071 CVE-2019-19078 CVE-2019-19082 CVE-2019-19227 CVE-2019-19332 CVE-2019-19767 CVE-2019-19965 CVE-2019-20096 CVE-2019-5108 CVE-2020-7053 Ubuntu 14.04 LTS USN-4288-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4288-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.5-5.1ubuntu2.3+esm1 ppp - 2.4.5-5.1ubuntu2.3+esm1 ppp-dev - 2.4.5-5.1ubuntu2.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8597 Ubuntu 14.04 LTS USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4290-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-radius-auth - 1.3.17-0ubuntu4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-9542 Ubuntu 14.04 LTS USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13752, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) Update Instructions: Run `sudo pro fix USN-4298-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.8.2-1ubuntu2.2+esm2 sqlite3-doc - 3.8.2-1ubuntu2.2+esm2 libsqlite3-0 - 3.8.2-1ubuntu2.2+esm2 libsqlite3-tcl - 3.8.2-1ubuntu2.2+esm2 sqlite3 - 3.8.2-1ubuntu2.2+esm2 libsqlite3-dev - 3.8.2-1ubuntu2.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13734 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-19926 Ubuntu 14.04 LTS Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. (CVE-2020-8832) It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) Update Instructions: Run `sudo pro fix USN-4302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1074-azure - 4.15.0-1074.79~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1074.60 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-15217 CVE-2019-19046 CVE-2019-19051 CVE-2019-19056 CVE-2019-19058 CVE-2019-19066 CVE-2019-19068 CVE-2020-2732 CVE-2020-8832 Ubuntu 14.04 LTS USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4303-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1064-aws - 4.4.0-1064.68 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-176-powerpc64-smp - 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-generic - 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc64-emb - 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc-smp - 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc-e500mc - 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-lowlatency - 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-generic-lpae - 4.4.0-176.206~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1064.65 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.176.155 linux-image-lowlatency-lts-xenial - 4.4.0.176.155 linux-image-generic-lpae-lts-xenial - 4.4.0.176.155 linux-image-generic-lts-xenial - 4.4.0.176.155 linux-image-powerpc64-smp-lts-xenial - 4.4.0.176.155 linux-image-powerpc64-emb-lts-xenial - 4.4.0.176.155 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.176.155 linux-image-virtual-lts-xenial - 4.4.0.176.155 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-2732 Ubuntu 14.04 LTS André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4305-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.8+esm1 libicu52 - 52.1-3ubuntu0.8+esm1 libicu-dev - 52.1-3ubuntu0.8+esm1 icu-doc - 52.1-3ubuntu0.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-10531 Ubuntu 14.04 LTS USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387) It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and obtain sensitive information. (CVE-2019-12855) Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109) Update Instructions: Run `sudo pro fix USN-4308-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 13.2.0-1ubuntu1.2+esm1 python-twisted-news - 13.2.0-1ubuntu1.2+esm1 python-twisted-lore - 13.2.0-1ubuntu1.2+esm1 python-twisted-names - 13.2.0-1ubuntu1.2+esm1 python-twisted-words - 13.2.0-1ubuntu1.2+esm1 python-twisted-runner - 13.2.0-1ubuntu1.2+esm1 python-twisted-core - 13.2.0-1ubuntu1.2+esm1 python-twisted-web - 13.2.0-1ubuntu1.2+esm1 python-twisted - 13.2.0-1ubuntu1.2+esm1 python-twisted-mail - 13.2.0-1ubuntu1.2+esm1 python-twisted-bin - 13.2.0-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python-twisted-conch - 1:13.2.0-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12387 CVE-2019-12855 CVE-2020-10108 CVE-2020-10109 Ubuntu 14.04 LTS It was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS (CVE-2017-11109) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-20079) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-6349, CVE-2017-6350) Update Instructions: Run `sudo pro fix USN-4309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm1 vim-gnome - 2:7.4.052-1ubuntu3.1+esm1 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm1 vim-athena - 2:7.4.052-1ubuntu3.1+esm1 vim-gtk - 2:7.4.052-1ubuntu3.1+esm1 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm1 vim - 2:7.4.052-1ubuntu3.1+esm1 vim-doc - 2:7.4.052-1ubuntu3.1+esm1 vim-tiny - 2:7.4.052-1ubuntu3.1+esm1 vim-runtime - 2:7.4.052-1ubuntu3.1+esm1 vim-nox - 2:7.4.052-1ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-11109 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2018-20786 CVE-2019-20079 Ubuntu 14.04 LTS Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4314-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-heimdal - 4.6-2ubuntu0.1~esm1 libpam-krb5 - 4.6-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-10595 Ubuntu 14.04 LTS USN-4315-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to read arbitrary files via a symlink attack. (CVE-2020-8833) Update Instructions: Run `sudo pro fix USN-4315-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29+esm4 python3-problem-report - 2.14.1-0ubuntu3.29+esm4 apport-kde - 2.14.1-0ubuntu3.29+esm4 apport-retrace - 2.14.1-0ubuntu3.29+esm4 apport-valgrind - 2.14.1-0ubuntu3.29+esm4 python3-apport - 2.14.1-0ubuntu3.29+esm4 dh-apport - 2.14.1-0ubuntu3.29+esm4 apport-gtk - 2.14.1-0ubuntu3.29+esm4 apport - 2.14.1-0ubuntu3.29+esm4 python-problem-report - 2.14.1-0ubuntu3.29+esm4 apport-noui - 2.14.1-0ubuntu3.29+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-8831 CVE-2020-8833 Ubuntu 14.04 LTS USN-4316-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service, or to disclose contents of the stack that has been left there by previous code. (CVE-2019-11038) Update Instructions: Run `sudo pro fix USN-4316-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.11+esm1 libgd-dev - 2.1.0-3ubuntu0.11+esm1 libgd2-xpm-dev - 2.1.0-3ubuntu0.11+esm1 libgd-tools - 2.1.0-3ubuntu0.11+esm1 libgd2-noxpm-dev - 2.1.0-3ubuntu0.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-14553 CVE-2019-11038 Ubuntu 14.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Update Instructions: Run `sudo pro fix USN-4320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1065-aws - 4.4.0-1065.69 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-177-generic - 4.4.0-177.207~14.04.1 linux-image-4.4.0-177-powerpc-e500mc - 4.4.0-177.207~14.04.1 linux-image-4.4.0-177-lowlatency - 4.4.0-177.207~14.04.1 linux-image-4.4.0-177-powerpc-smp - 4.4.0-177.207~14.04.1 linux-image-4.4.0-177-generic-lpae - 4.4.0-177.207~14.04.1 linux-image-4.4.0-177-powerpc64-emb - 4.4.0-177.207~14.04.1 linux-image-4.4.0-177-powerpc64-smp - 4.4.0-177.207~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1065.66 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lpae-lts-xenial - 4.4.0.177.156 linux-image-lowlatency-lts-xenial - 4.4.0.177.156 linux-image-generic-lts-xenial - 4.4.0.177.156 linux-image-powerpc64-smp-lts-xenial - 4.4.0.177.156 linux-image-powerpc64-emb-lts-xenial - 4.4.0.177.156 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.177.156 linux-image-virtual-lts-xenial - 4.4.0.177.156 linux-image-powerpc-smp-lts-xenial - 4.4.0.177.156 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8428 Ubuntu 14.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4324-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1077-azure - 4.15.0-1077.82~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1077.62 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8428 CVE-2020-8992 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062) It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063) It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7066) Update Instructions: Run `sudo pro fix USN-4330-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm11 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm11 php5 - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm11 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm11 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm11 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm11 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 Ubuntu 14.04 LTS It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348) It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8492) Update Instructions: Run `sudo pro fix USN-4333-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm5 python2.7-doc - 2.7.6-8ubuntu0.6+esm5 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm5 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm5 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm5 python2.7 - 2.7.6-8ubuntu0.6+esm5 idle-python2.7 - 2.7.6-8ubuntu0.6+esm5 python2.7-examples - 2.7.6-8ubuntu0.6+esm5 libpython2.7 - 2.7.6-8ubuntu0.6+esm5 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm5 python2.7-minimal - 2.7.6-8ubuntu0.6+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm6 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm6 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm6 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm6 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm6 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm6 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm6 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm6 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm6 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm6 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm6 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-18348 CVE-2020-8492 Ubuntu 14.04 LTS USN-4336-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4336-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.24-5ubuntu14.2+esm2 binutils-dev - 2.24-5ubuntu14.2+esm2 binutils-doc - 2.24-5ubuntu14.2+esm2 binutils-multiarch - 2.24-5ubuntu14.2+esm2 binutils-multiarch-dev - 2.24-5ubuntu14.2+esm2 binutils-source - 2.24-5ubuntu14.2+esm2 binutils-static - 2.24-5ubuntu14.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-9742 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9756 CVE-2018-6323 Ubuntu 14.04 LTS USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update Instructions: Run `sudo pro fix USN-4341-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-10704 Ubuntu 14.04 LTS It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update Instructions: Run `sudo pro fix USN-4346-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1066-aws - 4.4.0-1066.70 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-178-lowlatency - 4.4.0-178.208~14.04.1 linux-image-4.4.0-178-generic-lpae - 4.4.0-178.208~14.04.1 linux-image-4.4.0-178-generic - 4.4.0-178.208~14.04.1 linux-image-4.4.0-178-powerpc-e500mc - 4.4.0-178.208~14.04.1 linux-image-4.4.0-178-powerpc64-smp - 4.4.0-178.208~14.04.1 linux-image-4.4.0-178-powerpc64-emb - 4.4.0-178.208~14.04.1 linux-image-4.4.0-178-powerpc-smp - 4.4.0-178.208~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1066.67 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.178.157 linux-image-generic-lpae-lts-xenial - 4.4.0.178.157 linux-image-lowlatency-lts-xenial - 4.4.0.178.157 linux-image-generic-lts-xenial - 4.4.0.178.157 linux-image-powerpc64-smp-lts-xenial - 4.4.0.178.157 linux-image-powerpc64-emb-lts-xenial - 4.4.0.178.157 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.178.157 linux-image-virtual-lts-xenial - 4.4.0.178.157 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16233 CVE-2019-16234 CVE-2019-19768 CVE-2020-8648 CVE-2020-9383 Ubuntu 14.04 LTS USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4352-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.5+esm2 libldap2-dev - 2.4.31-1+nmu2ubuntu8.5+esm2 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.5+esm2 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.5+esm2 slapd - 2.4.31-1+nmu2ubuntu8.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12243 Ubuntu 14.04 LTS It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767) Update Instructions: Run `sudo pro fix USN-4358-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-1ubuntu1+esm2 libexif12 - 0.6.21-1ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20030 CVE-2020-12767 Ubuntu 14.04 LTS USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Update Instructions: Run `sudo pro fix USN-4359-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.24+esm1 apt-doc - 1.0.1ubuntu2.24+esm1 apt-transport-https - 1.0.1ubuntu2.24+esm1 libapt-pkg-doc - 1.0.1ubuntu2.24+esm1 apt - 1.0.1ubuntu2.24+esm1 apt-utils - 1.0.1ubuntu2.24+esm1 libapt-pkg-dev - 1.0.1ubuntu2.24+esm1 libapt-pkg4.12 - 1.0.1ubuntu2.24+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-3810 Ubuntu 14.04 LTS It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-3ubuntu1.2+esm1 libjson-c-doc - 0.11-3ubuntu1.2+esm1 libjson-c-dev - 0.11-3ubuntu1.2+esm1 libjson0 - 0.11-3ubuntu1.2+esm1 libjson0-dev - 0.11-3ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12762 Ubuntu 14.04 LTS USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-3ubuntu1.2+esm2 libjson-c-doc - 0.11-3ubuntu1.2+esm2 libjson-c-dev - 0.11-3ubuntu1.2+esm2 libjson0 - 0.11-3ubuntu1.2+esm2 libjson0-dev - 0.11-3ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1878723 Ubuntu 14.04 LTS USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-3ubuntu1.2+esm3 libjson-c-doc - 0.11-3ubuntu1.2+esm3 libjson-c-dev - 0.11-3ubuntu1.2+esm3 libjson0 - 0.11-3ubuntu1.2+esm3 libjson0-dev - 0.11-3ubuntu1.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12762 Ubuntu 14.04 LTS It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) Update Instructions: Run `sudo pro fix USN-4364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1067-aws - 4.4.0-1067.71 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-179-generic-lpae - 4.4.0-179.209~14.04.1 linux-image-4.4.0-179-powerpc-smp - 4.4.0-179.209~14.04.1 linux-image-4.4.0-179-powerpc-e500mc - 4.4.0-179.209~14.04.1 linux-image-4.4.0-179-powerpc64-emb - 4.4.0-179.209~14.04.1 linux-image-4.4.0-179-powerpc64-smp - 4.4.0-179.209~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-179-lowlatency - 4.4.0-179.209~14.04.1+signed1 linux-image-4.4.0-179-generic - 4.4.0-179.209~14.04.1+signed1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1067.68 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.179.158 linux-image-generic-lpae-lts-xenial - 4.4.0.179.158 linux-image-lowlatency-lts-xenial - 4.4.0.179.158 linux-image-generic-lts-xenial - 4.4.0.179.158 linux-image-powerpc64-smp-lts-xenial - 4.4.0.179.158 linux-image-powerpc64-emb-lts-xenial - 4.4.0.179.158 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.179.158 linux-image-virtual-lts-xenial - 4.4.0.179.158 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19060 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 Ubuntu 14.04 LTS USN-4365-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update Instructions: Run `sudo pro fix USN-4365-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm2 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm2 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm2 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm2 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 host - 1:9.9.5.dfsg-3ubuntu0.19+esm2 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm2 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm2 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8616 CVE-2020-8617 Ubuntu 14.04 LTS It was discovered that Exim incorrectly handled certain inputs. An remote attacker could possibly use this issue to access sensitive information or authentication bypass. Update Instructions: Run `sudo pro fix USN-4366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-daemon-custom - 4.82-3ubuntu2.4+esm2 exim4-dev - 4.82-3ubuntu2.4+esm2 eximon4 - 4.82-3ubuntu2.4+esm2 exim4 - 4.82-3ubuntu2.4+esm2 exim4-daemon-light - 4.82-3ubuntu2.4+esm2 exim4-config - 4.82-3ubuntu2.4+esm2 exim4-daemon-heavy - 4.82-3ubuntu2.4+esm2 exim4-base - 4.82-3ubuntu2.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12783 Ubuntu 14.04 LTS USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3341) Update Instructions: Run `sudo pro fix USN-4370-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.102.3+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-3327 CVE-2020-3341 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4375-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm12 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm12 php5 - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm12 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm12 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm12 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm12 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11048 Ubuntu 14.04 LTS USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563) Update Instructions: Run `sudo pro fix USN-4376-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm1 libssl-dev - 1.0.1f-1ubuntu2.27+esm1 openssl - 1.0.1f-1ubuntu2.27+esm1 libssl-doc - 1.0.1f-1ubuntu2.27+esm1 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.27+esm1 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.27+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-1547 CVE-2019-1559 CVE-2019-1563 Ubuntu 14.04 LTS USN-4377-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 12.04 ESM and Ubuntu 14.04 ESM, this update refreshes the included certificates to those contained in the 20190110 package. Update Instructions: Run `sudo pro fix USN-4377-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20190110~14.04.1~esm1 ca-certificates - 20190110~14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1881533 Ubuntu 14.04 LTS It was discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4378-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-flask-doc - 0.10.1-2ubuntu0.1~esm1 python-flask - 0.10.1-2ubuntu0.1~esm1 python3-flask - 0.10.1-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-1000656 Ubuntu 14.04 LTS USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596) Update Instructions: Run `sudo pro fix USN-4381-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3+esm1 python-django - 1.6.11-0ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-13254 CVE-2020-13596 Ubuntu 14.04 LTS It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549) Update Instructions: Run `sudo pro fix USN-4385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20200609.0ubuntu0.14.04.0 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 14.04 LTS USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549) Update Instructions: Run `sudo pro fix USN-4385-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20200609.0ubuntu0.14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1882890 https://launchpad.net/bugs/1883002 Ubuntu 14.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4386-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.3.0-0ubuntu2.1+esm1 libjpeg-turbo-test - 1.3.0-0ubuntu2.1+esm1 libjpeg-turbo8-dev - 1.3.0-0ubuntu2.1+esm1 libturbojpeg - 1.3.0-0ubuntu2.1+esm1 libjpeg-turbo-progs - 1.3.0-0ubuntu2.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-13790 Ubuntu 14.04 LTS It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) Update Instructions: Run `sudo pro fix USN-4390-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1089-azure - 4.15.0-1089.99~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1089.66 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-0067 CVE-2020-0543 CVE-2020-10751 CVE-2020-12114 CVE-2020-12464 CVE-2020-1749 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 14.04 LTS It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) It was discovered that the DesignWare SPI controller driver in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-12769) It was discovered that the exit signaling implementation in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (arbitrary application crash). (CVE-2020-12826) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) Update Instructions: Run `sudo pro fix USN-4391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1073-aws - 4.4.0-1073.77 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-184-lowlatency - 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc64-smp - 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc64-emb - 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc-smp - 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-generic-lpae - 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-generic - 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc-e500mc - 4.4.0-184.214~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1073.70 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.184.161 linux-image-lowlatency-lts-xenial - 4.4.0.184.161 linux-image-generic-lpae-lts-xenial - 4.4.0.184.161 linux-image-generic-lts-xenial - 4.4.0.184.161 linux-image-powerpc64-smp-lts-xenial - 4.4.0.184.161 linux-image-powerpc64-emb-lts-xenial - 4.4.0.184.161 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.184.161 linux-image-virtual-lts-xenial - 4.4.0.184.161 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19319 CVE-2020-0543 CVE-2020-10751 CVE-2020-12114 CVE-2020-12464 CVE-2020-12769 CVE-2020-12826 CVE-2020-1749 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 14.04 LTS It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. (CVE-2020-12654) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) Update Instructions: Run `sudo pro fix USN-4392-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-180-powerpc64-smp - 3.13.0-180.231 linux-image-3.13.0-180-powerpc-e500mc - 3.13.0-180.231 linux-image-3.13.0-180-generic - 3.13.0-180.231 linux-image-3.13.0-180-generic-lpae - 3.13.0-180.231 linux-image-3.13.0-180-powerpc-smp - 3.13.0-180.231 linux-image-3.13.0-180-lowlatency - 3.13.0-180.231 linux-image-3.13.0-180-powerpc64-emb - 3.13.0-180.231 linux-image-3.13.0-180-powerpc-e500 - 3.13.0-180.231 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.180.189 linux-image-powerpc-e500mc - 3.13.0.180.189 linux-image-lowlatency-pae - 3.13.0.180.189 linux-image-generic-pae - 3.13.0.180.189 linux-image-generic-lpae-lts-trusty - 3.13.0.180.189 linux-image-generic-lts-quantal - 3.13.0.180.189 linux-image-virtual - 3.13.0.180.189 linux-image-powerpc-e500 - 3.13.0.180.189 linux-image-generic-lts-trusty - 3.13.0.180.189 linux-image-omap - 3.13.0.180.189 linux-image-powerpc64-emb - 3.13.0.180.189 linux-image-generic - 3.13.0.180.189 linux-image-highbank - 3.13.0.180.189 linux-image-generic-lts-saucy - 3.13.0.180.189 linux-image-powerpc-smp - 3.13.0.180.189 linux-image-generic-lpae - 3.13.0.180.189 linux-image-generic-lpae-lts-saucy - 3.13.0.180.189 linux-image-generic-lts-raring - 3.13.0.180.189 linux-image-powerpc64-smp - 3.13.0.180.189 linux-image-lowlatency - 3.13.0.180.189 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-0543 CVE-2020-12114 CVE-2020-12654 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 14.04 LTS It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-0093, CVE-2020-0182) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote denial of service. (CVE-2020-0198) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2020-13112) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-13113) It was discovered libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-13114) Update Instructions: Run `sudo pro fix USN-4396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-1ubuntu1+esm5 libexif12 - 0.6.21-1ubuntu1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-0093 CVE-2020-0182 CVE-2020-0198 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Ubuntu 14.04 LTS USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399) Update Instructions: Run `sudo pro fix USN-4397-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm5 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm5 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm5 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm5 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12399 Ubuntu 14.04 LTS USN-4398-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4398-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.5+esm2 dbus-x11 - 1.6.18-0ubuntu4.5+esm2 libdbus-1-3 - 1.6.18-0ubuntu4.5+esm2 libdbus-1-dev - 1.6.18-0ubuntu4.5+esm2 dbus-1-doc - 1.6.18-0ubuntu4.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12049 Ubuntu 14.04 LTS Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169) It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177) Update Instructions: Run `sudo pro fix USN-4402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20+esm4 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm4 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm4 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm4 libcurl3-udeb - 7.35.0-1ubuntu2.20+esm4 libcurl4-doc - 7.35.0-1ubuntu2.20+esm4 libcurl3-nss - 7.35.0-1ubuntu2.20+esm4 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm4 libcurl3 - 7.35.0-1ubuntu2.20+esm4 curl - 7.35.0-1ubuntu2.20+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8169 CVE-2020-8177 Ubuntu 14.04 LTS Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10730) Douglas Bagnall discovered that Samba incorrectly handled certain queries. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-10745) Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10760) Update Instructions: Run `sudo pro fix USN-4409-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 Ubuntu 14.04 LTS It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036, CVE-2019-19318, CVE-2019-19813, CVE-2019-19816) It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2019-19039) Update Instructions: Run `sudo pro fix USN-4414-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1091-azure - 4.15.0-1091.101~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1091.68 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12380 CVE-2019-16089 CVE-2019-19036 CVE-2019-19039 CVE-2019-19318 CVE-2019-19377 CVE-2019-19462 CVE-2019-19813 CVE-2019-19816 CVE-2020-10711 CVE-2020-12770 CVE-2020-13143 Ubuntu 14.04 LTS USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Update Instructions: Run `sudo pro fix USN-4417-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm6 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm6 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm6 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm6 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12402 Ubuntu 14.04 LTS It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-10690) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4419-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1074-aws - 4.4.0-1074.78 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-185-generic - 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc-e500mc - 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-generic-lpae - 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-lowlatency - 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc-smp - 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc64-emb - 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc64-smp - 4.4.0-185.215~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1074.71 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.185.162 linux-image-generic-lpae-lts-xenial - 4.4.0.185.162 linux-image-lowlatency-lts-xenial - 4.4.0.185.162 linux-image-powerpc64-smp-lts-xenial - 4.4.0.185.162 linux-image-generic-lts-xenial - 4.4.0.185.162 linux-image-powerpc64-emb-lts-xenial - 4.4.0.185.162 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.185.162 linux-image-virtual-lts-xenial - 4.4.0.185.162 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-10690 CVE-2020-10711 CVE-2020-12770 CVE-2020-13143 CVE-2020-8992 Ubuntu 14.04 LTS It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) Update Instructions: Run `sudo pro fix USN-4427-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1075-aws - 4.4.0-1075.79 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-186-powerpc64-emb - 4.4.0-186.216~14.04.1 linux-image-4.4.0-186-powerpc64-smp - 4.4.0-186.216~14.04.1 linux-image-4.4.0-186-generic - 4.4.0-186.216~14.04.1 linux-image-4.4.0-186-powerpc-e500mc - 4.4.0-186.216~14.04.1 linux-image-4.4.0-186-powerpc-smp - 4.4.0-186.216~14.04.1 linux-image-4.4.0-186-generic-lpae - 4.4.0-186.216~14.04.1 linux-image-4.4.0-186-lowlatency - 4.4.0-186.216~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1075.72 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lts-xenial - 4.4.0.186.163 linux-image-generic-lpae-lts-xenial - 4.4.0.186.163 linux-image-lowlatency-lts-xenial - 4.4.0.186.163 linux-image-powerpc-smp-lts-xenial - 4.4.0.186.163 linux-image-powerpc64-smp-lts-xenial - 4.4.0.186.163 linux-image-powerpc64-emb-lts-xenial - 4.4.0.186.163 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.186.163 linux-image-virtual-lts-xenial - 4.4.0.186.163 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12380 CVE-2019-19947 CVE-2019-20810 CVE-2019-20908 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-11935 CVE-2020-13974 Ubuntu 14.04 LTS It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17514) It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-20907) It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9674) It was discovered that Python incorrectly handled certain IP values. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14422) Update Instructions: Run `sudo pro fix USN-4428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm6 python2.7-doc - 2.7.6-8ubuntu0.6+esm6 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm6 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm6 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm6 python2.7 - 2.7.6-8ubuntu0.6+esm6 idle-python2.7 - 2.7.6-8ubuntu0.6+esm6 python2.7-examples - 2.7.6-8ubuntu0.6+esm6 libpython2.7 - 2.7.6-8ubuntu0.6+esm6 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm6 python2.7-minimal - 2.7.6-8ubuntu0.6+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm7 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm7 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm7 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm7 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm7 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm7 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm7 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm7 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm7 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm7 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm7 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17514 CVE-2019-20907 CVE-2019-9674 CVE-2020-14422 Ubuntu 14.04 LTS Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. (CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707) Update Instructions: Run `sudo pro fix USN-4432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-amd64-signed - 1.34.22+2.02~beta2-9ubuntu1.20 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro grub-firmware-qemu - 2.02~beta2-9ubuntu1.20 grub-ieee1275 - 2.02~beta2-9ubuntu1.20 grub-efi-amd64 - 2.02~beta2-9ubuntu1.20 grub2-common - 2.02~beta2-9ubuntu1.20 grub-uboot-bin - 2.02~beta2-9ubuntu1.20 grub-common - 2.02~beta2-9ubuntu1.20 grub-efi-amd64-bin - 2.02~beta2-9ubuntu1.20 grub-pc-bin - 2.02~beta2-9ubuntu1.20 grub-theme-starfield - 2.02~beta2-9ubuntu1.20 grub-efi-arm - 2.02~beta2-9ubuntu1.20 grub2 - 2.02~beta2-9ubuntu1.20 grub-efi-arm64-bin - 2.02~beta2-9ubuntu1.20 grub-pc - 2.02~beta2-9ubuntu1.20 grub-emu - 2.02~beta2-9ubuntu1.20 grub-efi-arm-bin - 2.02~beta2-9ubuntu1.20 grub-linuxbios - 2.02~beta2-9ubuntu1.20 grub-xen - 2.02~beta2-9ubuntu1.20 grub-uboot - 2.02~beta2-9ubuntu1.20 grub-efi-ia32 - 2.02~beta2-9ubuntu1.20 grub-coreboot - 2.02~beta2-9ubuntu1.20 grub-efi-ia32-bin - 2.02~beta2-9ubuntu1.20 grub-ieee1275-bin - 2.02~beta2-9ubuntu1.20 grub-xen-bin - 2.02~beta2-9ubuntu1.20 grub-rescue-pc - 2.02~beta2-9ubuntu1.20 grub-mount-udeb - 2.02~beta2-9ubuntu1.20 grub-coreboot-bin - 2.02~beta2-9ubuntu1.20 grub-efi-arm64 - 2.02~beta2-9ubuntu1.20 grub-efi - 2.02~beta2-9ubuntu1.20 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Ubuntu 14.04 LTS USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. We apologize for the inconvenience. Original advisory details: Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. (CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707) Update Instructions: Run `sudo pro fix USN-4432-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-amd64-signed - 1.34.20+2.02~beta2-9ubuntu1.21 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro grub-firmware-qemu - 2.02~beta2-9ubuntu1.21 grub-ieee1275 - 2.02~beta2-9ubuntu1.21 grub-efi-amd64 - 2.02~beta2-9ubuntu1.21 grub2-common - 2.02~beta2-9ubuntu1.21 grub-uboot-bin - 2.02~beta2-9ubuntu1.21 grub-common - 2.02~beta2-9ubuntu1.21 grub-efi-amd64-bin - 2.02~beta2-9ubuntu1.21 grub-pc-bin - 2.02~beta2-9ubuntu1.21 grub-theme-starfield - 2.02~beta2-9ubuntu1.21 grub-efi-arm - 2.02~beta2-9ubuntu1.21 grub2 - 2.02~beta2-9ubuntu1.21 grub-efi-arm64-bin - 2.02~beta2-9ubuntu1.21 grub-pc - 2.02~beta2-9ubuntu1.21 grub-emu - 2.02~beta2-9ubuntu1.21 grub-efi-arm-bin - 2.02~beta2-9ubuntu1.21 grub-linuxbios - 2.02~beta2-9ubuntu1.21 grub-xen - 2.02~beta2-9ubuntu1.21 grub-uboot - 2.02~beta2-9ubuntu1.21 grub-efi-ia32 - 2.02~beta2-9ubuntu1.21 grub-coreboot - 2.02~beta2-9ubuntu1.21 grub-efi-ia32-bin - 2.02~beta2-9ubuntu1.21 grub-ieee1275-bin - 2.02~beta2-9ubuntu1.21 grub-xen-bin - 2.02~beta2-9ubuntu1.21 grub-rescue-pc - 2.02~beta2-9ubuntu1.21 grub-mount-udeb - 2.02~beta2-9ubuntu1.21 grub-coreboot-bin - 2.02~beta2-9ubuntu1.21 grub-efi-arm64 - 2.02~beta2-9ubuntu1.21 grub-efi - 2.02~beta2-9ubuntu1.21 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1889556 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Ubuntu 14.04 LTS USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Update Instructions: Run `sudo pro fix USN-4435-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 Ubuntu 14.04 LTS Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2018-1000550) It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. (CVE-2018-1000671) Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936) Update Instructions: Run `sudo pro fix USN-4442-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sympa - 6.1.17~dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-1000550 CVE-2018-1000671 CVE-2020-10936 Ubuntu 14.04 LTS USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701) Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702) Update Instructions: Run `sudo pro fix USN-4449-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29+esm5 python3-problem-report - 2.14.1-0ubuntu3.29+esm5 apport-kde - 2.14.1-0ubuntu3.29+esm5 apport-retrace - 2.14.1-0ubuntu3.29+esm5 apport-valgrind - 2.14.1-0ubuntu3.29+esm5 python3-apport - 2.14.1-0ubuntu3.29+esm5 dh-apport - 2.14.1-0ubuntu3.29+esm5 apport-gtk - 2.14.1-0ubuntu3.29+esm5 apport - 2.14.1-0ubuntu3.29+esm5 python-problem-report - 2.14.1-0ubuntu3.29+esm5 apport-noui - 2.14.1-0ubuntu3.29+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-11936 CVE-2020-15701 CVE-2020-15702 Ubuntu 14.04 LTS USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4451-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.5-5.1ubuntu2.3+esm2 ppp - 2.4.5-5.1ubuntu2.3+esm2 ppp-dev - 2.4.5-5.1ubuntu2.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-15704 Ubuntu 14.04 LTS USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4454-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14303 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) Update Instructions: Run `sudo pro fix USN-4455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm7 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm7 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm7 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm7 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12400 CVE-2020-12401 CVE-2020-6829 Ubuntu 14.04 LTS USN-4456-1 fixed several vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. (CVE-2020-12100) It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-12673) It was discovered that the Dovecot RPA mechanism incorrectly handled zero-length messages. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-12674) Update Instructions: Run `sudo pro fix USN-4456-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.6+esm3 dovecot-mysql - 1:2.2.9-1ubuntu2.6+esm3 dovecot-core - 1:2.2.9-1ubuntu2.6+esm3 dovecot-sieve - 1:2.2.9-1ubuntu2.6+esm3 dovecot-ldap - 1:2.2.9-1ubuntu2.6+esm3 dovecot-sqlite - 1:2.2.9-1ubuntu2.6+esm3 dovecot-dev - 1:2.2.9-1ubuntu2.6+esm3 dovecot-pop3d - 1:2.2.9-1ubuntu2.6+esm3 dovecot-imapd - 1:2.2.9-1ubuntu2.6+esm3 dovecot-managesieved - 1:2.2.9-1ubuntu2.6+esm3 mail-stack-delivery - 1:2.2.9-1ubuntu2.6+esm3 dovecot-gssapi - 1:2.2.9-1ubuntu2.6+esm3 dovecot-lmtpd - 1:2.2.9-1ubuntu2.6+esm3 dovecot-solr - 1:2.2.9-1ubuntu2.6+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 Ubuntu 14.04 LTS USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Update Instructions: Run `sudo pro fix USN-4457-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-software-properties - 0.92.37.8ubuntu0.1~esm1 software-properties-common - 0.92.37.8ubuntu0.1~esm1 software-properties-kde - 0.92.37.8ubuntu0.1~esm1 python3-software-properties - 0.92.37.8ubuntu0.1~esm1 software-properties-gtk - 0.92.37.8ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-15709 Ubuntu 14.04 LTS It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. (CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246) Update Instructions: Run `sudo pro fix USN-4460-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libonig2 - 5.9.1-1ubuntu1.1+esm2 libonig-dev - 5.9.1-1ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16163 CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Ubuntu 14.04 LTS It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) Update Instructions: Run `sudo pro fix USN-4463-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1076-aws - 4.4.0-1076.80 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-187-generic - 4.4.0-187.217~14.04.1 linux-image-4.4.0-187-powerpc64-smp - 4.4.0-187.217~14.04.1 linux-image-4.4.0-187-generic-lpae - 4.4.0-187.217~14.04.1 linux-image-4.4.0-187-lowlatency - 4.4.0-187.217~14.04.1 linux-image-4.4.0-187-powerpc-smp - 4.4.0-187.217~14.04.1 linux-image-4.4.0-187-powerpc-e500mc - 4.4.0-187.217~14.04.1 linux-image-4.4.0-187-powerpc64-emb - 4.4.0-187.217~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1076.73 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.187.164 linux-image-powerpc64-emb-lts-xenial - 4.4.0.187.164 linux-image-generic-lts-xenial - 4.4.0.187.164 linux-image-lowlatency-lts-xenial - 4.4.0.187.164 linux-image-generic-lpae-lts-xenial - 4.4.0.187.164 linux-image-powerpc64-smp-lts-xenial - 4.4.0.187.164 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.187.164 linux-image-virtual-lts-xenial - 4.4.0.187.164 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-12771 CVE-2020-15393 Ubuntu 14.04 LTS USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Update Instructions: Run `sudo pro fix USN-4466-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20+esm5 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm5 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm5 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm5 libcurl3-udeb - 7.35.0-1ubuntu2.20+esm5 libcurl4-doc - 7.35.0-1ubuntu2.20+esm5 libcurl3-nss - 7.35.0-1ubuntu2.20+esm5 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm5 libcurl3 - 7.35.0-1ubuntu2.20+esm5 curl - 7.35.0-1ubuntu2.20+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-8231 Ubuntu 14.04 LTS USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253) Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361) Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362) Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory space operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13659) Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754) Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2020-14364) Update Instructions: Run `sudo pro fix USN-4467-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-user-static - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-kvm - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-user - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-utils - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-common - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.47+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-13253 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-14364 Ubuntu 14.04 LTS USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8622) Update Instructions: Run `sudo pro fix USN-4468-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm3 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm3 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm3 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm3 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 host - 1:9.9.5.dfsg-3ubuntu0.19+esm3 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm3 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm3 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8622 Ubuntu 14.04 LTS Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Update Instructions: Run `sudo pro fix USN-4471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsnmp-perl - 5.7.2~dfsg-8.1ubuntu3.3+esm1 libsnmp-dev - 5.7.2~dfsg-8.1ubuntu3.3+esm1 libsnmp-base - 5.7.2~dfsg-8.1ubuntu3.3+esm1 snmp - 5.7.2~dfsg-8.1ubuntu3.3+esm1 libsnmp30 - 5.7.2~dfsg-8.1ubuntu3.3+esm1 tkmib - 5.7.2~dfsg-8.1ubuntu3.3+esm1 snmpd - 5.7.2~dfsg-8.1ubuntu3.3+esm1 python-netsnmp - 5.7.2~dfsg-8.1ubuntu3.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-15861 CVE-2020-15862 Ubuntu 14.04 LTS USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Original advisory details: Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Update Instructions: Run `sudo pro fix USN-4471-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsnmp-perl - 5.7.2~dfsg-8.1ubuntu3.3+esm2 libsnmp-dev - 5.7.2~dfsg-8.1ubuntu3.3+esm2 libsnmp-base - 5.7.2~dfsg-8.1ubuntu3.3+esm2 snmp - 5.7.2~dfsg-8.1ubuntu3.3+esm2 libsnmp30 - 5.7.2~dfsg-8.1ubuntu3.3+esm2 tkmib - 5.7.2~dfsg-8.1ubuntu3.3+esm2 snmpd - 5.7.2~dfsg-8.1ubuntu3.3+esm2 python-netsnmp - 5.7.2~dfsg-8.1ubuntu3.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1892980 Ubuntu 14.04 LTS It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm8 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm8 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm8 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm8 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12403 Ubuntu 14.04 LTS It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rsa - 3.1.2-1ubuntu0.1+esm1 python3-rsa - 3.1.2-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-13757 Ubuntu 14.04 LTS Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-20669) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2020-12656) Update Instructions: Run `sudo pro fix USN-4485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1093-azure - 4.15.0-1093.103~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1093.70 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20669 CVE-2019-19947 CVE-2019-20810 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10781 CVE-2020-12655 CVE-2020-12656 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393 CVE-2020-24394 Ubuntu 14.04 LTS Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-4486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1077-aws - 4.4.0-1077.81 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-189-powerpc64-emb - 4.4.0-189.219~14.04.1 linux-image-4.4.0-189-lowlatency - 4.4.0-189.219~14.04.1 linux-image-4.4.0-189-powerpc64-smp - 4.4.0-189.219~14.04.1 linux-image-4.4.0-189-generic-lpae - 4.4.0-189.219~14.04.1 linux-image-4.4.0-189-powerpc-smp - 4.4.0-189.219~14.04.1 linux-image-4.4.0-189-powerpc-e500mc - 4.4.0-189.219~14.04.1 linux-image-4.4.0-189-generic - 4.4.0-189.219~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1077.74 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.189.165 linux-image-generic-lpae-lts-xenial - 4.4.0.189.165 linux-image-lowlatency-lts-xenial - 4.4.0.189.165 linux-image-generic-lts-xenial - 4.4.0.189.165 linux-image-powerpc64-smp-lts-xenial - 4.4.0.189.165 linux-image-powerpc64-emb-lts-xenial - 4.4.0.189.165 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.189.165 linux-image-virtual-lts-xenial - 4.4.0.189.165 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-10323 Ubuntu 14.04 LTS USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14344) Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14363) Update Instructions: Run `sudo pro fix USN-4487-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.2-1ubuntu2.1+esm1 libx11-data - 2:1.6.2-1ubuntu2.1+esm1 libx11-xcb-dev - 2:1.6.2-1ubuntu2.1+esm1 libx11-xcb1 - 2:1.6.2-1ubuntu2.1+esm1 libx11-doc - 2:1.6.2-1ubuntu2.1+esm1 libx11-6-udeb - 2:1.6.2-1ubuntu2.1+esm1 libx11-dev - 2:1.6.2-1ubuntu2.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14344 CVE-2020-14363 Ubuntu 14.04 LTS USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14346) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14347) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14361) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14362) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14345) Update Instructions: Run `sudo pro fix USN-4488-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm2 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm2 xdmx - 2:1.15.1-0ubuntu2.11+esm2 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm2 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm2 xvfb - 2:1.15.1-0ubuntu2.11+esm2 xnest - 2:1.15.1-0ubuntu2.11+esm2 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm2 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm2 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.11+esm2 xserver-common - 2:1.15.1-0ubuntu2.11+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362 Ubuntu 14.04 LTS Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1095-azure - 4.15.0-1095.105~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1095.71 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-14386 Ubuntu 14.04 LTS It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.630-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14392 Ubuntu 14.04 LTS It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2013-7490) It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. (CVE-2014-10401) Update Instructions: Run `sudo pro fix USN-4509-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.630-1ubuntu0.1~esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2013-7490 CVE-2014-10401 Ubuntu 14.04 LTS USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Update Instructions: Run `sudo pro fix USN-4510-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-1472 Ubuntu 14.04 LTS It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808) It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061) It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067) It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074) It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445) It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356) It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166) Update Instructions: Run `sudo pro fix USN-4526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1096-azure - 4.15.0-1096.106~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1096.72 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-18808 CVE-2019-19054 CVE-2019-19061 CVE-2019-19067 CVE-2019-19073 CVE-2019-19074 CVE-2019-9445 CVE-2020-12888 CVE-2020-14356 CVE-2020-16166 Ubuntu 14.04 LTS It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074) Yue Haibing discovered that the Linux kernel did not properly handle reference counting in sysfs for network devices in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2019-20811) It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445) It was discovered that the F2FS file system in the Linux kernel did not properly validate xattr meta data in some situations, leading to an out-of- bounds read. An attacker could use this to construct a malicious F2FS image that, when mounted, could expose sensitive information (kernel memory). (CVE-2019-9453) It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) Update Instructions: Run `sudo pro fix USN-4527-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1078-aws - 4.4.0-1078.82 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-190-generic-lpae - 4.4.0-190.220~14.04.1 linux-image-4.4.0-190-powerpc-e500mc - 4.4.0-190.220~14.04.1 linux-image-4.4.0-190-lowlatency - 4.4.0-190.220~14.04.1 linux-image-4.4.0-190-powerpc-smp - 4.4.0-190.220~14.04.1 linux-image-4.4.0-190-powerpc64-emb - 4.4.0-190.220~14.04.1 linux-image-4.4.0-190-generic - 4.4.0-190.220~14.04.1 linux-image-4.4.0-190-powerpc64-smp - 4.4.0-190.220~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1078.75 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.190.166 linux-image-generic-lpae-lts-xenial - 4.4.0.190.166 linux-image-lowlatency-lts-xenial - 4.4.0.190.166 linux-image-generic-lts-xenial - 4.4.0.190.166 linux-image-powerpc64-smp-lts-xenial - 4.4.0.190.166 linux-image-powerpc64-emb-lts-xenial - 4.4.0.190.166 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.190.166 linux-image-virtual-lts-xenial - 4.4.0.190.166 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19054 CVE-2019-19073 CVE-2019-19074 CVE-2019-20811 CVE-2019-9445 CVE-2019-9453 CVE-2020-0067 CVE-2020-25212 Ubuntu 14.04 LTS It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.630-1ubuntu0.1~esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-20919 Ubuntu 14.04 LTS USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4572-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-client - 0.12.4-0nocelt2ubuntu1.8+esm1 libspice-server1 - 0.12.4-0nocelt2ubuntu1.8+esm1 libspice-server-dev - 0.12.4-0nocelt2ubuntu1.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14355 Ubuntu 14.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10322) It was discovered that the btrfs file system in the Linux kernel contained a use-after-free vulnerability when merging free space. An attacker could use this to construct a malicious btrfs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2019-19448) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) It was discovered that the NFC implementation in the Linux kernel did not properly perform permissions checks when opening raw sockets. A local attacker could use this to create or listen to NFC traffic. (CVE-2020-26088) Update Instructions: Run `sudo pro fix USN-4578-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1098-azure - 4.15.0-1098.109~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1098.74 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-10322 CVE-2019-19448 CVE-2020-14314 CVE-2020-16119 CVE-2020-16120 CVE-2020-25212 CVE-2020-26088 Ubuntu 14.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10322) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) Update Instructions: Run `sudo pro fix USN-4579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1081-aws - 4.4.0-1081.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-193-powerpc64-smp - 4.4.0-193.224~14.04.1 linux-image-4.4.0-193-powerpc-smp - 4.4.0-193.224~14.04.1 linux-image-4.4.0-193-powerpc-e500mc - 4.4.0-193.224~14.04.1 linux-image-4.4.0-193-generic-lpae - 4.4.0-193.224~14.04.1 linux-image-4.4.0-193-lowlatency - 4.4.0-193.224~14.04.1 linux-image-4.4.0-193-generic - 4.4.0-193.224~14.04.1 linux-image-4.4.0-193-powerpc64-emb - 4.4.0-193.224~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1081.78 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.193.169 linux-image-generic-lpae-lts-xenial - 4.4.0.193.169 linux-image-lowlatency-lts-xenial - 4.4.0.193.169 linux-image-generic-lts-xenial - 4.4.0.193.169 linux-image-powerpc64-smp-lts-xenial - 4.4.0.193.169 linux-image-powerpc64-emb-lts-xenial - 4.4.0.193.169 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.193.169 linux-image-virtual-lts-xenial - 4.4.0.193.169 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-10322 CVE-2020-14314 CVE-2020-16119 CVE-2020-25285 Ubuntu 14.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4580-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-182-powerpc64-emb - 3.13.0-182.233 linux-image-3.13.0-182-powerpc-e500 - 3.13.0-182.233 linux-image-3.13.0-182-generic - 3.13.0-182.233 linux-image-3.13.0-182-powerpc64-smp - 3.13.0-182.233 linux-image-3.13.0-182-powerpc-e500mc - 3.13.0-182.233 linux-image-3.13.0-182-generic-lpae - 3.13.0-182.233 linux-image-3.13.0-182-powerpc-smp - 3.13.0-182.233 linux-image-3.13.0-182-lowlatency - 3.13.0-182.233 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.182.191 linux-image-powerpc-e500mc - 3.13.0.182.191 linux-image-generic-pae - 3.13.0.182.191 linux-image-generic-lpae-lts-trusty - 3.13.0.182.191 linux-image-generic-lts-quantal - 3.13.0.182.191 linux-image-lowlatency-pae - 3.13.0.182.191 linux-image-virtual - 3.13.0.182.191 linux-image-powerpc-e500 - 3.13.0.182.191 linux-image-generic-lts-trusty - 3.13.0.182.191 linux-image-omap - 3.13.0.182.191 linux-image-powerpc64-emb - 3.13.0.182.191 linux-image-generic - 3.13.0.182.191 linux-image-highbank - 3.13.0.182.191 linux-image-generic-lts-saucy - 3.13.0.182.191 linux-image-powerpc-smp - 3.13.0.182.191 linux-image-generic-lpae - 3.13.0.182.191 linux-image-generic-lpae-lts-saucy - 3.13.0.182.191 linux-image-generic-lts-raring - 3.13.0.182.191 linux-image-powerpc64-smp - 3.13.0.182.191 linux-image-lowlatency - 3.13.0.182.191 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-16119 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Update Instructions: Run `sudo pro fix USN-4581-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm7 python2.7-doc - 2.7.6-8ubuntu0.6+esm7 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm7 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm7 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm7 python2.7 - 2.7.6-8ubuntu0.6+esm7 idle-python2.7 - 2.7.6-8ubuntu0.6+esm7 python2.7-examples - 2.7.6-8ubuntu0.6+esm7 libpython2.7 - 2.7.6-8ubuntu0.6+esm7 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm7 python2.7-minimal - 2.7.6-8ubuntu0.6+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm8 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm8 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm8 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm8 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm8 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm8 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm8 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm8 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm8 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm8 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm8 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-26116 Ubuntu 14.04 LTS It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069) It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070) Update Instructions: Run `sudo pro fix USN-4583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm13 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm13 php5 - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm13 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm13 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm13 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm13 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-7069 CVE-2020-7070 Ubuntu 14.04 LTS USN-4593-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4593-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.5.2-1ubuntu2.8+esm2 libfreetype6-udeb - 2.5.2-1ubuntu2.8+esm2 freetype2-demos - 2.5.2-1ubuntu2.8+esm2 libfreetype6 - 2.5.2-1ubuntu2.8+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-15999 Ubuntu 14.04 LTS USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update Instructions: Run `sudo pro fix USN-4602-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.7+esm3 perl-doc - 5.18.2-2ubuntu1.7+esm3 libperl5.18 - 5.18.2-2ubuntu1.7+esm3 perl-base - 5.18.2-2ubuntu1.7+esm3 perl-modules - 5.18.2-2ubuntu1.7+esm3 libcgi-fast-perl - 5.18.2-2ubuntu1.7+esm3 perl - 5.18.2-2ubuntu1.7+esm3 perl-debug - 5.18.2-2ubuntu1.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 Ubuntu 14.04 LTS USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-14036) Update Instructions: Run `sudo pro fix USN-4616-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-pin - 0.6.35-0ubuntu7.3+esm2 libaccountsservice0 - 0.6.35-0ubuntu7.3+esm2 accountsservice - 0.6.35-0ubuntu7.3+esm2 libaccountsservice-dev - 0.6.35-0ubuntu7.3+esm2 gir1.2-accountsservice-1.0 - 0.6.35-0ubuntu7.3+esm2 libaccountsservice-doc - 0.6.35-0ubuntu7.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-14036 CVE-2020-16126 Ubuntu 14.04 LTS USN-4622-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4622-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.5+esm3 libldap2-dev - 2.4.31-1+nmu2ubuntu8.5+esm3 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.5+esm3 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.5+esm3 slapd - 2.4.31-1+nmu2ubuntu8.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-25692 Ubuntu 14.04 LTS It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4624-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-1ubuntu1+esm6 libexif12 - 0.6.21-1ubuntu1+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-0452 Ubuntu 14.04 LTS Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-183-powerpc-smp - 3.13.0-183.234 linux-image-3.13.0-183-generic - 3.13.0-183.234 linux-image-3.13.0-183-powerpc64-smp - 3.13.0-183.234 linux-image-3.13.0-183-powerpc64-emb - 3.13.0-183.234 linux-image-3.13.0-183-generic-lpae - 3.13.0-183.234 linux-image-3.13.0-183-powerpc-e500mc - 3.13.0-183.234 linux-image-3.13.0-183-powerpc-e500 - 3.13.0-183.234 linux-image-3.13.0-183-lowlatency - 3.13.0-183.234 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.183.192 linux-image-powerpc-e500mc - 3.13.0.183.192 linux-image-lowlatency-pae - 3.13.0.183.192 linux-image-generic-pae - 3.13.0.183.192 linux-image-generic-lpae-lts-saucy - 3.13.0.183.192 linux-image-generic-lpae-lts-trusty - 3.13.0.183.192 linux-image-generic-lts-quantal - 3.13.0.183.192 linux-image-virtual - 3.13.0.183.192 linux-image-powerpc-e500 - 3.13.0.183.192 linux-image-generic-lts-trusty - 3.13.0.183.192 linux-image-omap - 3.13.0.183.192 linux-image-generic - 3.13.0.183.192 linux-image-highbank - 3.13.0.183.192 linux-image-generic-lts-saucy - 3.13.0.183.192 linux-image-powerpc-smp - 3.13.0.183.192 linux-image-generic-lpae - 3.13.0.183.192 linux-image-powerpc64-emb - 3.13.0.183.192 linux-image-generic-lts-raring - 3.13.0.183.192 linux-image-powerpc64-smp - 3.13.0.183.192 linux-image-lowlatency - 3.13.0.183.192 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-194-powerpc-smp - 4.4.0-194.226~14.04.1 linux-image-4.4.0-194-powerpc-e500mc - 4.4.0-194.226~14.04.1 linux-image-4.4.0-194-generic-lpae - 4.4.0-194.226~14.04.1 linux-image-4.4.0-194-lowlatency - 4.4.0-194.226~14.04.1 linux-image-4.4.0-194-generic - 4.4.0-194.226~14.04.1 linux-image-4.4.0-194-powerpc64-emb - 4.4.0-194.226~14.04.1 linux-image-4.4.0-194-powerpc64-smp - 4.4.0-194.226~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lpae-lts-xenial - 4.4.0.194.170 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.194.170 linux-image-powerpc64-smp-lts-xenial - 4.4.0.194.170 linux-image-powerpc-smp-lts-xenial - 4.4.0.194.170 linux-image-lowlatency-lts-xenial - 4.4.0.194.170 linux-image-generic-lts-xenial - 4.4.0.194.170 linux-image-powerpc64-emb-lts-xenial - 4.4.0.194.170 linux-image-virtual-lts-xenial - 4.4.0.194.170 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8694 Ubuntu 14.04 LTS Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20201110.0ubuntu0.14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 Ubuntu 14.04 LTS USN-4628-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20201110.0ubuntu0.14.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1903883 Ubuntu 14.04 LTS USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4634-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.5+esm4 libldap2-dev - 2.4.31-1+nmu2ubuntu8.5+esm4 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.5+esm4 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.5+esm4 slapd - 2.4.31-1+nmu2ubuntu8.5+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-25709 CVE-2020-25710 Ubuntu 14.04 LTS Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4635-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.12+dfsg-2ubuntu5.4+esm2 libkadm5srv-mit8 - 1.12+dfsg-2ubuntu5.4+esm2 libk5crypto3 - 1.12+dfsg-2ubuntu5.4+esm2 krb5-user - 1.12+dfsg-2ubuntu5.4+esm2 libgssrpc4 - 1.12+dfsg-2ubuntu5.4+esm2 libkrb5support0 - 1.12+dfsg-2ubuntu5.4+esm2 krb5-doc - 1.12+dfsg-2ubuntu5.4+esm2 libkrb5-dev - 1.12+dfsg-2ubuntu5.4+esm2 krb5-pkinit - 1.12+dfsg-2ubuntu5.4+esm2 libkrb5-3 - 1.12+dfsg-2ubuntu5.4+esm2 krb5-kdc-ldap - 1.12+dfsg-2ubuntu5.4+esm2 krb5-otp - 1.12+dfsg-2ubuntu5.4+esm2 libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu5.4+esm2 krb5-gss-samples - 1.12+dfsg-2ubuntu5.4+esm2 krb5-multidev - 1.12+dfsg-2ubuntu5.4+esm2 krb5-locales - 1.12+dfsg-2ubuntu5.4+esm2 libgssapi-krb5-2 - 1.12+dfsg-2ubuntu5.4+esm2 krb5-kdc - 1.12+dfsg-2ubuntu5.4+esm2 libkrad-dev - 1.12+dfsg-2ubuntu5.4+esm2 libkrad0 - 1.12+dfsg-2ubuntu5.4+esm2 libkdb5-7 - 1.12+dfsg-2ubuntu5.4+esm2 krb5-admin-server - 1.12+dfsg-2ubuntu5.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-28196 Ubuntu 14.04 LTS USN-4656-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4656-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm3 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm3 xdmx - 2:1.15.1-0ubuntu2.11+esm3 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm3 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm3 xvfb - 2:1.15.1-0ubuntu2.11+esm3 xnest - 2:1.15.1-0ubuntu2.11+esm3 xserver-common - 2:1.15.1-0ubuntu2.11+esm3 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm3 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.11+esm3 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14360 CVE-2020-25712 Ubuntu 14.04 LTS Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-0427) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4657-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1082-aws - 4.4.0-1082.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-197-lowlatency - 4.4.0-197.229~14.04.1 linux-image-4.4.0-197-powerpc64-emb - 4.4.0-197.229~14.04.1 linux-image-4.4.0-197-powerpc-smp - 4.4.0-197.229~14.04.1 linux-image-4.4.0-197-generic-lpae - 4.4.0-197.229~14.04.1 linux-image-4.4.0-197-generic - 4.4.0-197.229~14.04.1 linux-image-4.4.0-197-powerpc64-smp - 4.4.0-197.229~14.04.1 linux-image-4.4.0-197-powerpc-e500mc - 4.4.0-197.229~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1082.79 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.197.172 linux-image-lowlatency-lts-xenial - 4.4.0.197.172 linux-image-generic-lpae-lts-xenial - 4.4.0.197.172 linux-image-generic-lts-xenial - 4.4.0.197.172 linux-image-powerpc64-smp-lts-xenial - 4.4.0.197.172 linux-image-powerpc64-emb-lts-xenial - 4.4.0.197.172 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.197.172 linux-image-virtual-lts-xenial - 4.4.0.197.172 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-0427 CVE-2020-10135 CVE-2020-12352 CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25705 CVE-2020-28915 CVE-2020-4788 Ubuntu 14.04 LTS It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1100-azure - 4.15.0-1100.111~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1100.75 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-28915 CVE-2020-4788 Ubuntu 14.04 LTS USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) Update Instructions: Run `sudo pro fix USN-4665-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20+esm6 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm6 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm6 libcurl3-udeb - 7.35.0-1ubuntu2.20+esm6 libcurl4-doc - 7.35.0-1ubuntu2.20+esm6 libcurl3-nss - 7.35.0-1ubuntu2.20+esm6 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm6 libcurl3 - 7.35.0-1ubuntu2.20+esm6 curl - 7.35.0-1ubuntu2.20+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8284 CVE-2020-8285 Ubuntu 14.04 LTS It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4666-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.3.3-1ubuntu0.2+esm1 python-lxml - 3.3.3-1ubuntu0.2+esm1 python-lxml-doc - 3.3.3-1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27783 Ubuntu 14.04 LTS USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4666-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.3.3-1ubuntu0.2+esm2 python-lxml - 3.3.3-1ubuntu0.2+esm2 python-lxml-doc - 3.3.3-1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27783 Ubuntu 14.04 LTS USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4667-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapt-inst1.5 - 1.0.1ubuntu2.24+esm3 apt-doc - 1.0.1ubuntu2.24+esm3 apt-transport-https - 1.0.1ubuntu2.24+esm3 libapt-pkg-doc - 1.0.1ubuntu2.24+esm3 apt - 1.0.1ubuntu2.24+esm3 apt-utils - 1.0.1ubuntu2.24+esm3 libapt-pkg-dev - 1.0.1ubuntu2.24+esm3 libapt-pkg4.12 - 1.0.1ubuntu2.24+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27350 Ubuntu 14.04 LTS USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4668-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 0.9.3.5ubuntu3+esm4 python-apt - 0.9.3.5ubuntu3+esm4 python-apt-common - 0.9.3.5ubuntu3+esm4 python-apt-dev - 0.9.3.5ubuntu3+esm4 python-apt-doc - 0.9.3.5ubuntu3+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27351 Ubuntu 14.04 LTS Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. (CVE-2018-1000035) Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2018-18384) It was discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause resource consumption, resulting in a denial of service. (CVE-2019-13232) Martin Carpenter discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2014-9913) Alexis Vanden Eijnde discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-9844) Update Instructions: Run `sudo pro fix USN-4672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2014-9913 CVE-2016-9844 CVE-2018-1000035 CVE-2018-18384 CVE-2019-13232 Ubuntu 14.04 LTS USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-25275) Update Instructions: Run `sudo pro fix USN-4674-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.9-1ubuntu2.6+esm4 dovecot-mysql - 1:2.2.9-1ubuntu2.6+esm4 dovecot-core - 1:2.2.9-1ubuntu2.6+esm4 dovecot-sieve - 1:2.2.9-1ubuntu2.6+esm4 dovecot-ldap - 1:2.2.9-1ubuntu2.6+esm4 dovecot-sqlite - 1:2.2.9-1ubuntu2.6+esm4 dovecot-dev - 1:2.2.9-1ubuntu2.6+esm4 dovecot-pop3d - 1:2.2.9-1ubuntu2.6+esm4 dovecot-imapd - 1:2.2.9-1ubuntu2.6+esm4 dovecot-managesieved - 1:2.2.9-1ubuntu2.6+esm4 mail-stack-delivery - 1:2.2.9-1ubuntu2.6+esm4 dovecot-gssapi - 1:2.2.9-1ubuntu2.6+esm4 dovecot-lmtpd - 1:2.2.9-1ubuntu2.6+esm4 dovecot-solr - 1:2.2.9-1ubuntu2.6+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-25275 Ubuntu 14.04 LTS USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4677-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libp11-kit0 - 0.20.2-2ubuntu2+esm1 libp11-kit-dev - 0.20.2-2ubuntu2+esm1 p11-kit-modules - 0.20.2-2ubuntu2+esm1 p11-kit - 0.20.2-2ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-29361 Ubuntu 14.04 LTS It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19770) It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) Update Instructions: Run `sudo pro fix USN-4680-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1103-azure - 4.15.0-1103.114~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1103.78 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19770 CVE-2020-0423 CVE-2020-10135 CVE-2020-25656 CVE-2020-25668 CVE-2020-25705 CVE-2020-27675 CVE-2020-27777 CVE-2020-28974 Ubuntu 14.04 LTS Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-0148) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1083-aws - 4.4.0-1083.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-198-powerpc64-emb - 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-generic - 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-smp - 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-e500mc - 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-lowlatency - 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-generic-lpae - 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-smp - 4.4.0-198.230~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1083.80 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.198.173 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.198.173 linux-image-lowlatency-lts-xenial - 4.4.0.198.173 linux-image-generic-lts-xenial - 4.4.0.198.173 linux-image-generic-lpae-lts-xenial - 4.4.0.198.173 linux-image-powerpc64-smp-lts-xenial - 4.4.0.198.173 linux-image-powerpc64-emb-lts-xenial - 4.4.0.198.173 linux-image-virtual-lts-xenial - 4.4.0.198.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-0148 CVE-2020-25656 CVE-2020-25668 CVE-2020-27675 CVE-2020-28974 CVE-2020-4788 Ubuntu 14.04 LTS Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20482) Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. (CVE-2019-9923) Update Instructions: Run `sudo pro fix USN-4692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.27.1-1ubuntu0.1+esm1 tar - 1.27.1-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-20482 CVE-2019-9923 Ubuntu 14.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update Instructions: Run `sudo pro fix USN-4694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-200-generic-lpae - 4.4.0-200.232~14.04.1 linux-image-4.4.0-200-powerpc64-emb - 4.4.0-200.232~14.04.1 linux-image-4.4.0-200-generic - 4.4.0-200.232~14.04.1 linux-image-4.4.0-200-powerpc-smp - 4.4.0-200.232~14.04.1 linux-image-4.4.0-200-powerpc-e500mc - 4.4.0-200.232~14.04.1 linux-image-4.4.0-200-lowlatency - 4.4.0-200.232~14.04.1 linux-image-4.4.0-200-powerpc64-smp - 4.4.0-200.232~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.200.175 linux-image-generic-lpae-lts-xenial - 4.4.0.200.175 linux-image-generic-lts-xenial - 4.4.0.200.175 linux-image-lowlatency-lts-xenial - 4.4.0.200.175 linux-image-powerpc64-smp-lts-xenial - 4.4.0.200.175 linux-image-powerpc64-emb-lts-xenial - 4.4.0.200.175 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.200.175 linux-image-virtual-lts-xenial - 4.4.0.200.175 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-28374 Ubuntu 14.04 LTS USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. (CVE-2020-35653) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. (CVE-2020-10177) Update Instructions: Run `sudo pro fix USN-4697-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-imaging-tk - 2.3.0-1ubuntu3.4+esm2 python3-pil.imagetk - 2.3.0-1ubuntu3.4+esm2 python-imaging-compat - 2.3.0-1ubuntu3.4+esm2 python-imaging - 2.3.0-1ubuntu3.4+esm2 python-imaging-doc - 2.3.0-1ubuntu3.4+esm2 python-pil-doc - 2.3.0-1ubuntu3.4+esm2 python3-pil - 2.3.0-1ubuntu3.4+esm2 python-sane - 2.3.0-1ubuntu3.4+esm2 python-pil.imagetk - 2.3.0-1ubuntu3.4+esm2 python3-imaging - 2.3.0-1ubuntu3.4+esm2 python3-sane - 2.3.0-1ubuntu3.4+esm2 python-pil - 2.3.0-1ubuntu3.4+esm2 python-imaging-tk - 2.3.0-1ubuntu3.4+esm2 python-imaging-sane - 2.3.0-1ubuntu3.4+esm2 python3-imaging-sane - 2.3.0-1ubuntu3.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-10177 CVE-2020-35653 Ubuntu 14.04 LTS Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-xdg - 0.25-4ubuntu0.14.04.1~esm1 python-xdg - 0.25-4ubuntu0.14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-12761 Ubuntu 14.04 LTS It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12562) It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832) Update Instructions: Run `sudo pro fix USN-4704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-7ubuntu2.2+esm1 libsndfile1-dev - 1.0.25-7ubuntu2.2+esm1 sndfile-programs - 1.0.25-7ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-12562 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832 Ubuntu 14.04 LTS USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156) Update Instructions: Run `sudo pro fix USN-4705-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.5+esm6 sudo - 1.8.9p5-1ubuntu1.5+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3156 Ubuntu 14.04 LTS Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19813, CVE-2019-19816) Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Update Instructions: Run `sudo pro fix USN-4708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-201-powerpc64-emb - 4.4.0-201.233~14.04.1 linux-image-4.4.0-201-powerpc-e500mc - 4.4.0-201.233~14.04.1 linux-image-4.4.0-201-powerpc-smp - 4.4.0-201.233~14.04.1 linux-image-4.4.0-201-powerpc64-smp - 4.4.0-201.233~14.04.1 linux-image-4.4.0-201-lowlatency - 4.4.0-201.233~14.04.1 linux-image-4.4.0-201-generic - 4.4.0-201.233~14.04.1 linux-image-4.4.0-201-generic-lpae - 4.4.0-201.233~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.201.176 linux-image-generic-lpae-lts-xenial - 4.4.0.201.176 linux-image-lowlatency-lts-xenial - 4.4.0.201.176 linux-image-generic-lts-xenial - 4.4.0.201.176 linux-image-powerpc64-smp-lts-xenial - 4.4.0.201.176 linux-image-powerpc64-emb-lts-xenial - 4.4.0.201.176 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.201.176 linux-image-virtual-lts-xenial - 4.4.0.201.176 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-13093 CVE-2019-19813 CVE-2019-19816 CVE-2020-25669 CVE-2020-27777 Ubuntu 14.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19813, CVE-2019-19816) Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) Update Instructions: Run `sudo pro fix USN-4709-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1085-aws - 4.4.0-1085.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1085.82 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-13093 CVE-2019-19813 CVE-2019-19816 CVE-2020-25669 CVE-2020-28374 Ubuntu 14.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) Update Instructions: Run `sudo pro fix USN-4711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1106-azure - 4.15.0-1106.118~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1106.79 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-25704 CVE-2020-28374 Ubuntu 14.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update Instructions: Run `sudo pro fix USN-4713-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-184-powerpc64-smp - 3.13.0-184.235 linux-image-3.13.0-184-generic - 3.13.0-184.235 linux-image-3.13.0-184-powerpc-smp - 3.13.0-184.235 linux-image-3.13.0-184-powerpc-e500mc - 3.13.0-184.235 linux-image-3.13.0-184-lowlatency - 3.13.0-184.235 linux-image-3.13.0-184-powerpc-e500 - 3.13.0-184.235 linux-image-3.13.0-184-powerpc64-emb - 3.13.0-184.235 linux-image-3.13.0-184-generic-lpae - 3.13.0-184.235 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.184.193 linux-image-powerpc-e500mc - 3.13.0.184.193 linux-image-lowlatency-pae - 3.13.0.184.193 linux-image-generic-pae - 3.13.0.184.193 linux-image-generic-lpae-lts-trusty - 3.13.0.184.193 linux-image-generic-lts-quantal - 3.13.0.184.193 linux-image-virtual - 3.13.0.184.193 linux-image-powerpc-e500 - 3.13.0.184.193 linux-image-omap - 3.13.0.184.193 linux-image-powerpc64-emb - 3.13.0.184.193 linux-image-generic-lts-trusty - 3.13.0.184.193 linux-image-generic - 3.13.0.184.193 linux-image-highbank - 3.13.0.184.193 linux-image-generic-lts-saucy - 3.13.0.184.193 linux-image-powerpc-smp - 3.13.0.184.193 linux-image-generic-lpae - 3.13.0.184.193 linux-image-generic-lpae-lts-saucy - 3.13.0.184.193 linux-image-generic-lts-raring - 3.13.0.184.193 linux-image-powerpc64-smp - 3.13.0.184.193 linux-image-lowlatency - 3.13.0.184.193 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-28374 Ubuntu 14.04 LTS USN-4715-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Update Instructions: Run `sudo pro fix USN-4715-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3+esm2 python-django - 1.6.11-0ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3281 Ubuntu 14.04 LTS USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683) Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service. (CVE-2021-25684) Update Instructions: Run `sudo pro fix USN-4720-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.14.1-0ubuntu3.29+esm6 python3-problem-report - 2.14.1-0ubuntu3.29+esm6 apport-kde - 2.14.1-0ubuntu3.29+esm6 apport-retrace - 2.14.1-0ubuntu3.29+esm6 apport-valgrind - 2.14.1-0ubuntu3.29+esm6 python3-apport - 2.14.1-0ubuntu3.29+esm6 dh-apport - 2.14.1-0ubuntu3.29+esm6 apport-gtk - 2.14.1-0ubuntu3.29+esm6 python-apport - 2.14.1-0ubuntu3.29+esm6 python-problem-report - 2.14.1-0ubuntu3.29+esm6 apport-noui - 2.14.1-0ubuntu3.29+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25682 CVE-2021-25683 CVE-2021-25684 Ubuntu 14.04 LTS USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695) Update Instructions: Run `sudo pro fix USN-4734-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro wpagui - 2.1-0ubuntu1.7+esm3 wpasupplicant - 2.1-0ubuntu1.7+esm3 wpasupplicant-udeb - 2.1-0ubuntu1.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-12695 CVE-2021-0326 Ubuntu 14.04 LTS USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Update Instructions: Run `sudo pro fix USN-4737-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm4 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm4 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm4 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm4 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 host - 1:9.9.5.dfsg-3ubuntu0.19+esm4 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm4 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm4 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-8625 Ubuntu 14.04 LTS David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2020-1971) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841) Update Instructions: Run `sudo pro fix USN-4745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm2 libssl-dev - 1.0.1f-1ubuntu2.27+esm2 openssl - 1.0.1f-1ubuntu2.27+esm2 libssl-doc - 1.0.1f-1ubuntu2.27+esm2 libcrypto1.0.0-udeb - 1.0.1f-1ubuntu2.27+esm2 libssl1.0.0-udeb - 1.0.1f-1ubuntu2.27+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-1971 CVE-2021-23841 Ubuntu 14.04 LTS USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4747-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.1.0~20120320gitdb59704-9ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-26937 Ubuntu 14.04 LTS It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Update Instructions: Run `sudo pro fix USN-4748-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1086-aws - 4.4.0-1086.90 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-203-lowlatency - 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc-e500mc - 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc64-smp - 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc64-emb - 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-generic - 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-generic-lpae - 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc-smp - 4.4.0-203.235~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1086.83 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.203.177 linux-image-generic-lpae-lts-xenial - 4.4.0.203.177 linux-image-lowlatency-lts-xenial - 4.4.0.203.177 linux-image-generic-lts-xenial - 4.4.0.203.177 linux-image-powerpc64-smp-lts-xenial - 4.4.0.203.177 linux-image-powerpc64-emb-lts-xenial - 4.4.0.203.177 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.203.177 linux-image-virtual-lts-xenial - 4.4.0.203.177 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-27815 CVE-2020-29374 CVE-2020-29568 CVE-2020-29660 CVE-2020-29661 Ubuntu 14.04 LTS Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Update Instructions: Run `sudo pro fix USN-4749-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1108-azure - 4.15.0-1108.120~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1108.81 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-25669 CVE-2020-27815 CVE-2020-27830 CVE-2020-28941 CVE-2020-29374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm8 python2.7-doc - 2.7.6-8ubuntu0.6+esm8 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm8 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm8 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm8 python2.7 - 2.7.6-8ubuntu0.6+esm8 idle-python2.7 - 2.7.6-8ubuntu0.6+esm8 python2.7-examples - 2.7.6-8ubuntu0.6+esm8 libpython2.7 - 2.7.6-8ubuntu0.6+esm8 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm8 python2.7-minimal - 2.7.6-8ubuntu0.6+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm10 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm10 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm10 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm10 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm10 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm10 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm10 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm10 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm10 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm10 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm10 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27619 CVE-2021-3177 Ubuntu 14.04 LTS USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm9 libpython2.7 - 2.7.6-8ubuntu0.6+esm9 python2.7 - 2.7.6-8ubuntu0.6+esm9 idle-python2.7 - 2.7.6-8ubuntu0.6+esm9 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm9 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm9 python2.7-minimal - 2.7.6-8ubuntu0.6+esm9 python2.7-doc - 2.7.6-8ubuntu0.6+esm9 python2.7-dev - 2.7.6-8ubuntu0.6+esm9 python2.7-examples - 2.7.6-8ubuntu0.6+esm9 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1916893 Ubuntu 14.04 LTS USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm10 libpython2.7 - 2.7.6-8ubuntu0.6+esm10 python2.7 - 2.7.6-8ubuntu0.6+esm10 python2.7-minimal - 2.7.6-8ubuntu0.6+esm10 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm10 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm10 idle-python2.7 - 2.7.6-8ubuntu0.6+esm10 python2.7-doc - 2.7.6-8ubuntu0.6+esm10 python2.7-dev - 2.7.6-8ubuntu0.6+esm10 python2.7-examples - 2.7.6-8ubuntu0.6+esm10 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3177 Ubuntu 14.04 LTS USN-4757-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4757-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.1-0ubuntu1.7+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro wpagui - 2.1-0ubuntu1.7+esm4 wpasupplicant-udeb - 2.1-0ubuntu1.7+esm4 wpasupplicant - 2.1-0ubuntu1.7+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-27803 Ubuntu 14.04 LTS It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. (CVE-2012-5619) It was discovered that The Sleuth Kit mishandled certain crafted ISO 9660 images. If an analyst were tricked into opening a malicious image, an attacker could cause a denial of service (crash). (CVE-2017-13755) Update Instructions: Run `sudo pro fix USN-4765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtsk3-3 - 3.2.3-2.2ubuntu0.1~esm1 sleuthkit - 3.2.3-2.2ubuntu0.1~esm1 libtsk-dev - 3.2.3-2.2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2012-5619 CVE-2017-13755 Ubuntu 14.04 LTS It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-beanutils-java - 1.9.1-1ubuntu0.1~esm1 libcommons-beanutils-java-doc - 1.9.1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-0114 CVE-2019-10086 Ubuntu 14.04 LTS Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-11800) It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-2824, CVE-2017-2825) It was discovered that Zabbix incorrectly handled certain XML files. A remote attacker could possibly use this issue to read arbitrary files or potentially execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3005) It was discovered that Zabbix incorrectly handled certain inputs. A remote attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338) It was discovered that Zabbix incorrectly handled the request parameter. A remote attacker could possibly use this issue to redirect requests to external links. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2016-10742) It was discovered that Zabbix incorrectly handled failed login attempts. A remote attacker could possibly use this issue to enumerate users. (CVE-2019-15132) It was discovered that Zabbix did not properly validate input. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15803) Update Instructions: Run `sudo pro fix USN-4767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zabbix-java-gateway - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-frontend-php - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-proxy-mysql - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-server-pgsql - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-server-mysql - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-proxy-pgsql - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-proxy-sqlite3 - 1:2.2.2+dfsg-1ubuntu1+esm4 zabbix-agent - 1:2.2.2+dfsg-1ubuntu1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2014-3005 CVE-2016-10134 CVE-2016-10742 CVE-2016-4338 CVE-2017-2824 CVE-2017-2825 CVE-2019-15132 CVE-2020-11800 CVE-2020-15803 Ubuntu 14.04 LTS It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2018-1000001) It was discovered that musl did not properly handle the parsing of DNS response codes. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3484) It was discovered that musl did not properly handle the parsing of DNS response codes. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15650) It was discovered that musl did not properly handle the parsing of ipv6 addresses. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-1817) It was discovered that TRE library, used by musl, did not properly handle certain inputs. An attacker could use this vulnerability to cause a denial of service (crash). (CVE-2016-8859) Update Instructions: Run `sudo pro fix USN-4768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: musl-dev - 0.9.15-1ubuntu0.1~esm1 musl-tools - 0.9.15-1ubuntu0.1~esm1 musl - 0.9.15-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2014-3484 CVE-2015-1817 CVE-2016-8859 CVE-2017-15650 CVE-2018-1000001 Ubuntu 14.04 LTS It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563) Andreas Stieger discovered that Salt exposed git usernames and passwords in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918). It was discovered that Salt exposed password authentication credentials in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6941) It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this issue to cause a DoS or possibly execute arbitrary code. (CVE-2017-12791, CVE-2017-14695, CVE-2017-14696) It was discovered that Salt allowed remote attackers to determine which files exist on the server. An attacker could use this issue to extract sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15750) It was discovered that Salt allowed users to bypass authentication. An attacker could use this issue to extract sensitive information, execute arbitrary code or crash the server. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15751) Update Instructions: Run `sudo pro fix USN-4769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: salt-doc - 0.17.5+ds-1ubuntu0.1~esm1 salt-minion - 0.17.5+ds-1ubuntu0.1~esm1 salt-syndic - 0.17.5+ds-1ubuntu0.1~esm1 salt-ssh - 0.17.5+ds-1ubuntu0.1~esm1 salt-common - 0.17.5+ds-1ubuntu0.1~esm1 salt-master - 0.17.5+ds-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-3563 CVE-2015-6918 CVE-2015-6941 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 Ubuntu 14.04 LTS It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3619) It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker could possibly use this to add himself to a trusted storage pool and perform privileged operations on volumes. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10841) It was discovered that GlusterFS incorrectly handled mounting gluster volumes. An attacker could possibly use this issue to also mount shared gluster volumes and escalate privileges through malicious cronjobs. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1088) It was discovered that GlusterFS incorrectly handled file paths. An attacker could possibly use this issue to create arbitrary files and execute arbitrary code. (CVE-2018-10904) It was discovered that GlusterFS incorrectly handled mounting volumes. An attacker could possibly use this issue to cause a denial of service or run arbitrary code. (CVE-2018-10907) It was discovered that GlusterFS incorrectly handled negative key length values. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-10911) It was discovered that GlusterFS incorrectly handled FUSE requests. An attacker could use this issue to obtain sensitive information. (CVE-2018-10913, CVE-2018-10914) It was discovered that GlusterFS incorrectly handled the file creation process. An authenticated attacker could possibly use this issue to create arbitrary files and obtain sensitive information. (CVE-2018-10923) It was discovered that GlusterFS incorrectly handled certain inputs. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-10924) It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write files to an arbitrary location and execute arbitrary code. (CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930) It was discovered that the fix for CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 was incomplete. A remote authenticated attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2018-14651) It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2018-14652) It was discovered that GlusterFS incorrectly handled RPC requests. A remote authenticated attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-14653) It was discovered that GlusterFS incorrectly handled mount volumes operation. A remote attacker could possibly use this issue to create arbitrary files. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-14654) It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to create arbitrary files. (CVE-2018-14659) It was discovered that GlusterFS incorrectly handled certain inputs. A remote authenticated attacker could possibly use this is issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-14660) It was discovered that GlusterFS incorrectly handled strings. A remote authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2018-14661) Update Instructions: Run `sudo pro fix USN-4770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glusterfs-client - 3.4.2-1ubuntu1+esm1 glusterfs-server - 3.4.2-1ubuntu1+esm1 glusterfs-common - 3.4.2-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-3619 CVE-2018-10841 CVE-2018-1088 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10924 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Ubuntu 14.04 LTS It was discovered that HTCondor incorrectly invoked the mailx utility. An attacker could use this vulnerability to execute arbitrary commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-8126) It was discovered that HTCondor mishandled certain crafted input. An attacker could use this vulnerability to cause HTCondor to crash. (CVE-2017-16816) Update Instructions: Run `sudo pro fix USN-4771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclassad-dev - 8.0.5~dfsg.1-1ubuntu1+esm1 htcondor-doc - 8.0.5~dfsg.1-1ubuntu1+esm1 htcondor - 8.0.5~dfsg.1-1ubuntu1+esm1 htcondor-dev - 8.0.5~dfsg.1-1ubuntu1+esm1 libclassad5 - 8.0.5~dfsg.1-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2014-8126 CVE-2017-16816 Ubuntu 14.04 LTS USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-0255) USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-1283) Original advisory details: Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283) Update Instructions: Run `sudo pro fix USN-4772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xvnc4viewer - 4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1 vnc4server - 4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-0255 CVE-2015-1283 Ubuntu 14.04 LTS It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely compromise a Drupal site. (CVE-2018-7600, CVE-2018-7602) It was discovered that password reset URLs in Drupal could be forged. An attacker could use this vulnerability to gain access to another user's account. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2559) It was discovered that Drupal did not properly protect against open redirects. An attacker could use this vulnerability to send unsuspecting users to 3rd party sites and potentially carry out phishing attacks. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2749, CVE-2015-2750) Update Instructions: Run `sudo pro fix USN-4773-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: drupal7 - 7.26-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2015-2559 CVE-2015-2749 CVE-2015-2750 CVE-2018-7600 CVE-2018-7602 Ubuntu 14.04 LTS Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cause a denial of service. (CVE-2015-3192) Alvaro Muñoz discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could possibly use this issue to cause a reflected file download. (CVE-2015-5211) It was discovered that Spring Framework did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack (CVE-2016-9878) It was discovered that Spring Framework incorrectly handled XML documents. An attacker could possibly use this issue to generate an XML external entity attack, resulting in a denial of service, disclosure of information or other unspecified impact. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-0225) It was discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3625, CVE-2014-3578) Update Instructions: Run `sudo pro fix USN-4774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspring-aop-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-web-struts-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-core-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-oxm-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-beans-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-jms-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-web-portlet-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-transaction-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-orm-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-context-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-expression-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-web-servlet-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-instrument-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-context-support-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-jdbc-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-web-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 libspring-test-java - 3.0.6.RELEASE-13ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 CVE-2014-0225 CVE-2014-3625 CVE-2014-3578 Ubuntu 14.04 LTS It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-3200) It was discovered that Lighttpd did not properly sanitized the string used in alias. A remote attacker could use this to access the content of the directory above the alias and obtain sensitive information. (CVE-2018-19052) Update Instructions: Run `sudo pro fix USN-4775-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lighttpd-mod-mysql-vhost - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd-doc - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd-mod-magnet - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd-dev - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd-mod-cml - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd-mod-webdav - 1.4.33-1+nmu2ubuntu2.1+esm1 lighttpd-mod-trigger-b4-dl - 1.4.33-1+nmu2ubuntu2.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-3200 CVE-2018-19052 Ubuntu 14.04 LTS It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4776-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-semver - 2.1.0-2ubuntu0.0.1~esm1 node-semver - 2.1.0-2ubuntu0.0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-8855 Ubuntu 14.04 LTS It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4777-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-tar - 0.1.18-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-8860 Ubuntu 14.04 LTS It was discovered that OCaml mishandled sign extensions. A remote attacker could use this vulnerability to steal sensitive information, cause a denial of service (crash), or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2015-8869) It was discovered that OCaml mishandled crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. (CVE-2018-9838) Update Instructions: Run `sudo pro fix USN-4778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ocaml-mode - 4.01.0-3ubuntu3.1+esm1 ocaml-base-nox - 4.01.0-3ubuntu3.1+esm1 ocaml-nox - 4.01.0-3ubuntu3.1+esm1 camlp4 - 4.01.0-3ubuntu3.1+esm1 ocaml - 4.01.0-3ubuntu3.1+esm1 camlp4-extra - 4.01.0-3ubuntu3.1+esm1 ocaml-source - 4.01.0-3ubuntu3.1+esm1 ocaml-native-compilers - 4.01.0-3ubuntu3.1+esm1 ocaml-compiler-libs - 4.01.0-3ubuntu3.1+esm1 ocaml-interp - 4.01.0-3ubuntu3.1+esm1 ocaml-base - 4.01.0-3ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-8869 CVE-2018-9838 Ubuntu 14.04 LTS Danilo Segan discovered that Gettext mishandled certain input. An attacker could use this vulnerability to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4779-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-gettext - 1.0.11-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-8980 Ubuntu 14.04 LTS It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. Eight vulnerabilities (CVE-2015-9099, CVE-2015-9100, CVE-2015-9101, CVE-2017-15018, CVE-2017-11720, CVE-2017-8419, CVE-2017-9412, CVE-2017-15045) only affected Ubuntu 14.04 ESM, two vulnerabilities (CVE-2017-9410 and CVE-2017-9411) only affected Ubuntu 16.04 ESM, and one vulnerability (CVE-2017-15019) affected both Ubuntu 14.04 ESM and Ubuntu 16.04. Update Instructions: Run `sudo pro fix USN-4780-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmp3lame0 - 3.99.5+repack1-3ubuntu1+esm3 libmp3lame-dev - 3.99.5+repack1-3ubuntu1+esm3 lame-doc - 3.99.5+repack1-3ubuntu1+esm3 lame - 3.99.5+repack1-3ubuntu1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-9099 CVE-2015-9100 CVE-2015-9101 CVE-2017-13712 CVE-2017-15018 CVE-2017-11720 CVE-2017-9411 CVE-2017-8419 CVE-2017-9412 CVE-2017-9410 CVE-2017-15045 CVE-2017-15019 Ubuntu 14.04 LTS It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030) It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566) It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033) It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995) It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438) It was discovered that Slurm incorrectly handled certain inputs when Message Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693) It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745) Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746) It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215) Update Instructions: Run `sudo pro fix USN-4781-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslurmdb26 - 2.6.5-1ubuntu0.1~esm5 libslurm26 - 2.6.5-1ubuntu0.1~esm5 libpmi0-dev - 2.6.5-1ubuntu0.1~esm5 libslurm-dev - 2.6.5-1ubuntu0.1~esm5 slurm-llnl-doc - 2.6.5-1ubuntu0.1~esm5 libslurmdb-dev - 2.6.5-1ubuntu0.1~esm5 slurm-llnl-basic-plugins-dev - 2.6.5-1ubuntu0.1~esm5 slurm-llnl-basic-plugins - 2.6.5-1ubuntu0.1~esm5 libpam-slurm - 2.6.5-1ubuntu0.1~esm5 libslurm-perl - 2.6.5-1ubuntu0.1~esm5 slurm-llnl - 2.6.5-1ubuntu0.1~esm5 libslurmdb-perl - 2.6.5-1ubuntu0.1~esm5 slurm-llnl-slurmdbd - 2.6.5-1ubuntu0.1~esm5 libpmi0 - 2.6.5-1ubuntu0.1~esm5 slurm-llnl-torque - 2.6.5-1ubuntu0.1~esm5 slurm-llnl-sview - 2.6.5-1ubuntu0.1~esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2016-10030 CVE-2017-15566 CVE-2018-7033 CVE-2018-10995 CVE-2019-6438 CVE-2020-12693 CVE-2020-27745 CVE-2020-27746 CVE-2021-31215 Ubuntu 14.04 LTS USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM (CVE-2016-10030) and Ubuntu 16.04 ESM (CVE-2018-10995). Original advisory details: It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030) It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566) It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033) It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995) It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438) It was discovered that Slurm incorrectly handled certain inputs when Message Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693) It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745) Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746) It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215) Update Instructions: Run `sudo pro fix USN-4781-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslurmdb26 - 2.6.5-1ubuntu0.1~esm6 libslurm26 - 2.6.5-1ubuntu0.1~esm6 libpmi0-dev - 2.6.5-1ubuntu0.1~esm6 libslurm-dev - 2.6.5-1ubuntu0.1~esm6 slurm-llnl-doc - 2.6.5-1ubuntu0.1~esm6 libslurmdb-dev - 2.6.5-1ubuntu0.1~esm6 slurm-llnl-basic-plugins-dev - 2.6.5-1ubuntu0.1~esm6 slurm-llnl-basic-plugins - 2.6.5-1ubuntu0.1~esm6 libpam-slurm - 2.6.5-1ubuntu0.1~esm6 libslurm-perl - 2.6.5-1ubuntu0.1~esm6 slurm-llnl - 2.6.5-1ubuntu0.1~esm6 libslurmdb-perl - 2.6.5-1ubuntu0.1~esm6 slurm-llnl-slurmdbd - 2.6.5-1ubuntu0.1~esm6 libpmi0 - 2.6.5-1ubuntu0.1~esm6 slurm-llnl-torque - 2.6.5-1ubuntu0.1~esm6 slurm-llnl-sview - 2.6.5-1ubuntu0.1~esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-10030 CVE-2018-10995 Ubuntu 14.04 LTS It was discovered that minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4783-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-minimatch - 0.2.12-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-10540 Ubuntu 14.04 LTS It was discovered that jq did not perform sufficient bounds checking, resulting in unbounded resource consumption. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4787-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jq - 1.3-1.1ubuntu1.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-4074 Ubuntu 14.04 LTS It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2016-5017) It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-5637) It was discovered that Apache Zookeeper incorrectly handled clusters. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-8012) Update Instructions: Run `sudo pro fix USN-4789-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzookeeper-java - 3.4.5+dfsg-1ubuntu0.1~esm1 libzookeeper-java-doc - 3.4.5+dfsg-1ubuntu0.1~esm1 libzookeeper2 - 3.4.5+dfsg-1ubuntu0.1~esm1 zookeeper - 3.4.5+dfsg-1ubuntu0.1~esm1 zookeeperd - 3.4.5+dfsg-1ubuntu0.1~esm1 libzookeeper-st-dev - 3.4.5+dfsg-1ubuntu0.1~esm1 zookeeper-bin - 3.4.5+dfsg-1ubuntu0.1~esm1 libzookeeper-mt-dev - 3.4.5+dfsg-1ubuntu0.1~esm1 libzookeeper-mt2 - 3.4.5+dfsg-1ubuntu0.1~esm1 libzookeeper-st2 - 3.4.5+dfsg-1ubuntu0.1~esm1 python-zookeeper - 3.4.5+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-5017 CVE-2017-5637 CVE-2018-8012 Ubuntu 14.04 LTS It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-libtorrent - 0.16.13-1ubuntu2.1+esm1 libtorrent-rasterbar7 - 0.16.13-1ubuntu2.1+esm1 libtorrent-rasterbar-doc - 0.16.13-1ubuntu2.1+esm1 libtorrent-rasterbar-dev - 0.16.13-1ubuntu2.1+esm1 python-libtorrent - 0.16.13-1ubuntu2.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-5301 Ubuntu 14.04 LTS It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates This issue only affected Ubuntu 16.04 ESM. (CVE-2016-5404) It was discovered that FreeIPA incorrectly handled authentication attempts. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-7030) It was discovered that FreeIPA incorrectly handled user's permissions. An authenticated attacker could possibly use this issue to modify other user's profiles or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-9575) Update Instructions: Run `sudo pro fix USN-4792-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freeipa-client - 3.3.4-0ubuntu3.1+esm1 python-freeipa - 3.3.4-0ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-5404 CVE-2016-7030 CVE-2016-9575 Ubuntu 14.04 LTS It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerability to cause collectd to crash or possibly execute arbitrary code. (CVE-2016-6254) It was discovered that collectd failed to handle certain input. An attacker could use this vulnerability to cause collectd to crash. (CVE-2017-16820) It was discovered that collectd mishandles certain malformed network packets. A remote attacker could use this vulnerability to cause a Denial of Service or consume system resources. (CVE-2017-7401) Update Instructions: Run `sudo pro fix USN-4793-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcollectdclient1 - 5.4.0-3ubuntu2.2+esm1 collectd - 5.4.0-3ubuntu2.2+esm1 collectd-core - 5.4.0-3ubuntu2.2+esm1 collectd-dev - 5.4.0-3ubuntu2.2+esm1 collectd-utils - 5.4.0-3ubuntu2.2+esm1 libcollectdclient-dev - 5.4.0-3ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-6254 CVE-2017-16820 CVE-2017-7401 Ubuntu 14.04 LTS Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. (CVE-2016-7099) It was discovered that Node.js incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using Node.js to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000381) Nikita Skovoroda discovered that Node.js mishandled certain input, leading to an out of bounds write. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12115) Arkadiy Tetelman discovered that Node.js improperly handled certain malformed HTTP requests. An attacker could use this vulnerability to inject unexpected HTTP requests. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12116) Jan Maybach discovered that Node.js did not time out if incomplete HTTP/HTTPS headers were received. An attacker could use this vulnerability to cause a denial of service by keeping HTTP/HTTPS connections alive for a long period of time. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12122) Martin Bajanik discovered that the url.parse() method would return incorrect results if it received specially crafted input. An attacker could use this vulnerability to spoof the hostname and bypass hostname-specific security controls. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12123) It was discovered that Node.js is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser with network access to the system running the Node.js process. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7160) It was discovered that the Buffer.fill() and Buffer.alloc() methods improperly handled certain inputs. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7167) Marco Pracucci discovered that Node.js mishandled HTTP and HTTPS connections. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-5737) Update Instructions: Run `sudo pro fix USN-4796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs-dev - 0.10.25~dfsg2-2ubuntu1.2+esm1 nodejs-legacy - 0.10.25~dfsg2-2ubuntu1.2+esm1 nodejs - 0.10.25~dfsg2-2ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-7099 CVE-2017-1000381 CVE-2018-12115 CVE-2018-12116 CVE-2018-12122 CVE-2018-12123 CVE-2018-7160 CVE-2018-7167 CVE-2019-5737 Ubuntu 14.04 LTS It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. One of the issues, CVE-2016-7970, only affected Ubuntu 16.04 ESM. (CVE-2016-7969, CVE-2016-7970, CVE-2016-7972) It was discovered that LibASS incorrectly handled parsing operations for specific nested character strings. An attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 16.04 LTS. (CVE-2020-24994) Update Instructions: Run `sudo pro fix USN-4797-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libass-dev - 0.10.1-3ubuntu1+esm1 libass4 - 0.10.1-3ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-7969 CVE-2016-7970 CVE-2016-7972 CVE-2020-24994 Ubuntu 14.04 LTS It was discovered that libgit2 mishandled certain malformed git objects. A remote attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4798-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgit2-0 - 0.19.0-2ubuntu0.4+esm1 libgit2-dev - 0.19.0-2ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-8568 CVE-2016-8569 Ubuntu 14.04 LTS It was discovered that a buffer overflow in R causes memory corruption. An attacker could possibly use this to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4799-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: r-base-html - 3.0.2-1ubuntu1.1~esm2 r-base-core - 3.0.2-1ubuntu1.1~esm2 r-doc-pdf - 3.0.2-1ubuntu1.1~esm2 r-base - 3.0.2-1ubuntu1.1~esm2 r-recommended - 3.0.2-1ubuntu1.1~esm2 r-doc-html - 3.0.2-1ubuntu1.1~esm2 r-doc-info - 3.0.2-1ubuntu1.1~esm2 r-mathlib - 3.0.2-1ubuntu1.1~esm2 r-base-dev - 3.0.2-1ubuntu1.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-8714 Ubuntu 14.04 LTS It was discovered that ROOT incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libroot-misc-table-dev - 5.34.14-1ubuntu0.1~esm1 libroot-misc-minicern-dev - 5.34.14-1ubuntu0.1~esm1 libroot-graf2d-postscript5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-sql-odbc - 5.34.14-1ubuntu0.1~esm1 libroot-net-auth5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-misc-memstat5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-math-minuit2 - 5.34.14-1ubuntu0.1~esm1 libroot-core-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-foam5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-tree-treeplayer-dev - 5.34.14-1ubuntu0.1~esm1 libroot-net5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-core5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-graf2d-asimage - 5.34.14-1ubuntu0.1~esm1 root-plugin-hist-spectrumpainter - 5.34.14-1ubuntu0.1~esm1 libroot-misc-memstat-dev - 5.34.14-1ubuntu0.1~esm1 libroot-net-auth-dev - 5.34.14-1ubuntu0.1~esm1 libroot-montecarlo-eg-dev - 5.34.14-1ubuntu0.1~esm1 root-system-proofd - 5.34.14-1ubuntu0.1~esm1 libroot-hist-spectrum-dev - 5.34.14-1ubuntu0.1~esm1 libroot-hist-spectrum5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-math-mathcore-dev - 5.34.14-1ubuntu0.1~esm1 libroot-tree-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-montecarlo-pythia8 - 5.34.14-1ubuntu0.1~esm1 libroot-math-mathmore-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-gui-qt - 5.34.14-1ubuntu0.1~esm1 libroot-math-mlp5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-graf3d-gl-dev - 5.34.14-1ubuntu0.1~esm1 libroot-net-ldap5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-gui-fitpanel - 5.34.14-1ubuntu0.1~esm1 libroot-math-mathcore5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-net-bonjour-dev - 5.34.14-1ubuntu0.1~esm1 libroot-tree-treeplayer5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-html-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-net-krb5 - 5.34.14-1ubuntu0.1~esm1 libroot-montecarlo-eg5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-bindings-ruby-dev - 5.34.14-1ubuntu0.1~esm1 libroot-proof-proofplayer5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-sql-pgsql - 5.34.14-1ubuntu0.1~esm1 libroot-montecarlo-vmc5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-geom-dev - 5.34.14-1ubuntu0.1~esm1 libroot-hist-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-genvector-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-mathmore5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-montecarlo-vmc-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-foam-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-physics5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-geom5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-tree-treeviewer - 5.34.14-1ubuntu0.1~esm1 libroot-io-xmlparser5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-graf3d-x3d - 5.34.14-1ubuntu0.1~esm1 libroot-graf3d-eve5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-net-globus - 5.34.14-1ubuntu0.1~esm1 libroot-math-minuit5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-math-smatrix-dev - 5.34.14-1ubuntu0.1~esm1 libroot-proof-proofplayer-dev - 5.34.14-1ubuntu0.1~esm1 libroot-net-ldap-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-io-xml - 5.34.14-1ubuntu0.1~esm1 root-plugin-gui-sessionviewer - 5.34.14-1ubuntu0.1~esm1 libroot-graf3d-eve-dev - 5.34.14-1ubuntu0.1~esm1 root-system - 5.34.14-1ubuntu0.1~esm1 libroot-misc-table5.34 - 5.34.14-1ubuntu0.1~esm1 root-system-rootd - 5.34.14-1ubuntu0.1~esm1 root-plugin-graf2d-qt - 5.34.14-1ubuntu0.1~esm1 libroot-net-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-math-fumili - 5.34.14-1ubuntu0.1~esm1 libroot-roofit-dev - 5.34.14-1ubuntu0.1~esm1 libroot-gui5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-geom-gdml - 5.34.14-1ubuntu0.1~esm1 root-plugin-graf2d-x11 - 5.34.14-1ubuntu0.1~esm1 root-system-common - 5.34.14-1ubuntu0.1~esm1 libroot-graf2d-graf-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-matrix5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-gui-dev - 5.34.14-1ubuntu0.1~esm1 libroot-tree5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-geom-geompainter - 5.34.14-1ubuntu0.1~esm1 libroot-math-mlp-dev - 5.34.14-1ubuntu0.1~esm1 libroot-bindings-python-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-hist-histpainter - 5.34.14-1ubuntu0.1~esm1 ttf-root-installer - 5.34.14-1ubuntu0.1~esm1 libroot-roofit5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-gui-ged5.34 - 5.34.14-1ubuntu0.1~esm1 root-system-doc - 5.34.14-1ubuntu0.1~esm1 libroot-graf2d-postscript-dev - 5.34.14-1ubuntu0.1~esm1 libroot-graf3d-g3d5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-gui-guibuilder - 5.34.14-1ubuntu0.1~esm1 root-plugin-io-sql - 5.34.14-1ubuntu0.1~esm1 libroot-math-quadp5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-tmva5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-math-genvector5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-bindings-ruby5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-bindings-python5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-gui-ged-dev - 5.34.14-1ubuntu0.1~esm1 libroot-io-xmlparser-dev - 5.34.14-1ubuntu0.1~esm1 libroot-graf2d-gpad5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-graf3d-gl5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-net-bonjour5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-html5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-math-unuran5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-graf2d-gpad-dev - 5.34.14-1ubuntu0.1~esm1 root-plugin-sql-mysql - 5.34.14-1ubuntu0.1~esm1 libroot-math-matrix-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-smatrix5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-math-fftw3 - 5.34.14-1ubuntu0.1~esm1 libroot-graf2d-graf5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-math-unuran-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-physics-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-splot5.34 - 5.34.14-1ubuntu0.1~esm1 root-plugin-hist-hbook - 5.34.14-1ubuntu0.1~esm1 libroot-math-splot-dev - 5.34.14-1ubuntu0.1~esm1 libroot-io-dev - 5.34.14-1ubuntu0.1~esm1 libroot-misc-minicern5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-proof5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-graf3d-g3d-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-minuit-dev - 5.34.14-1ubuntu0.1~esm1 libroot-static - 5.34.14-1ubuntu0.1~esm1 libroot-hist5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-io5.34 - 5.34.14-1ubuntu0.1~esm1 libroot-tmva-dev - 5.34.14-1ubuntu0.1~esm1 libroot-math-quadp-dev - 5.34.14-1ubuntu0.1~esm1 root-system-bin - 5.34.14-1ubuntu0.1~esm1 root-plugin-geom-geombuilder - 5.34.14-1ubuntu0.1~esm1 libroot-proof-dev - 5.34.14-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-1000203 Ubuntu 14.04 LTS It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. (CVE-2017-1000206) It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-13845) Update Instructions: Run `sudo pro fix USN-4802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhts-dev - 0.2.0~rc3-1ubuntu0.1~esm1 htslib-test - 0.2.0~rc3-1ubuntu0.1~esm1 libhts0 - 0.2.0~rc3-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-1000206 CVE-2018-13845 Ubuntu 14.04 LTS It was discovered that Gifsicle did not properly handle certain input. If a user were tricked into opening a malicious GIF, an attacker could potentially execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4803-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gifsicle - 1.78-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-1000421 CVE-2017-18120 Ubuntu 14.04 LTS It was discovered that VLC mishandled certain crafted media files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-10699) It was discovered that VLC mishandled certain crafted MKV files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2018-11529) Update Instructions: Run `sudo pro fix USN-4805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vlc-plugin-notify - 2.1.6-0ubuntu14.04.5+esm1 vlc-plugin-pulse - 2.1.6-0ubuntu14.04.5+esm1 vlc-plugin-svg - 2.1.6-0ubuntu14.04.5+esm1 libvlc-dev - 2.1.6-0ubuntu14.04.5+esm1 libvlccore7 - 2.1.6-0ubuntu14.04.5+esm1 vlc - 2.1.6-0ubuntu14.04.5+esm1 vlc-data - 2.1.6-0ubuntu14.04.5+esm1 vlc-plugin-fluidsynth - 2.1.6-0ubuntu14.04.5+esm1 libvlc5 - 2.1.6-0ubuntu14.04.5+esm1 vlc-plugin-jack - 2.1.6-0ubuntu14.04.5+esm1 vlc-plugin-zvbi - 2.1.6-0ubuntu14.04.5+esm1 libvlccore-dev - 2.1.6-0ubuntu14.04.5+esm1 vlc-nox - 2.1.6-0ubuntu14.04.5+esm1 vlc-plugin-sdl - 2.1.6-0ubuntu14.04.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-10699 CVE-2018-11529 Ubuntu 14.04 LTS It was discovered that mpg123 failed to handle certain malformed mp3 files. An attacker could use this vulnerability to potentially leak sensitive information or cause a crash. Update Instructions: Run `sudo pro fix USN-4806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mpg123 - 1.16.0-1ubuntu1.1+esm2 libmpg123-dev - 1.16.0-1ubuntu1.1+esm2 libmpg123-0 - 1.16.0-1ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-12839 CVE-2017-12797 CVE-2017-9545 CVE-2017-11126 Ubuntu 14.04 LTS It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tinyproxy - 1.8.3-3ubuntu14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-11747 Ubuntu 14.04 LTS It was discovered that xrdp did not properly validate certain input in the session manager. A local attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2017-16927) It was discovered that xrdp did not properly initialize PAM session modules. A remote attacker could possibly use this issue to escalate privileges. (CVE-2017-6967) Update Instructions: Run `sudo pro fix USN-4815-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xrdp - 0.6.0-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-16927 CVE-2017-6967 Ubuntu 14.04 LTS It was discovered that game-music-emu mishandled certain crafted input. A remote attacker could use this vulnerability to cause game-music-emu to crash. Update Instructions: Run `sudo pro fix USN-4816-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgme0 - 0.5.5-2ubuntu0.14.04.1+esm1 libgme-dev - 0.5.5-2ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17446 Ubuntu 14.04 LTS It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhdf5-doc - 1.8.11-5ubuntu7.1+esm1 libhdf5-mpich2-7 - 1.8.11-5ubuntu7.1+esm1 hdf5-helpers - 1.8.11-5ubuntu7.1+esm1 libhdf5-7 - 1.8.11-5ubuntu7.1+esm1 libhdf5-dev - 1.8.11-5ubuntu7.1+esm1 libhdf5-openmpi-dev - 1.8.11-5ubuntu7.1+esm1 libhdf5-mpich2-dev - 1.8.11-5ubuntu7.1+esm1 libhdf5-mpi-dev - 1.8.11-5ubuntu7.1+esm1 libhdf5-serial-dev - 1.8.11-5ubuntu7.1+esm1 libhdf5-openmpi-7 - 1.8.11-5ubuntu7.1+esm1 hdf5-tools - 1.8.11-5ubuntu7.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 Ubuntu 14.04 LTS It was discovered that OpenCV did not properly manage certain objects, leading to a divide-by-zero. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15939) It was discovered that OpenCV did not properly manage certain files, leading to an out of bounds read. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 18.04 ESM. (CVE-2019-14491, CVE-2019-14492) It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-14493) It was discovered that OpenCV did not properly manage certain files, leading to a heap-based buffer overflow. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2017-18009) Update Instructions: Run `sudo pro fix USN-4818-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopencv-ocl-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-superres2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-ts2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-features2d-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-photo-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-videostab-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-video2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-flann-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-flann2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-ts-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-gpu-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-gpu2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-stitching2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libcvaux-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-imgproc2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-superres-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libcvaux2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-stitching-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-imgproc-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-ml-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 opencv-doc - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-contrib2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-calib3d-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 python-opencv - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-objdetect2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 opencv-data - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-ml2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv2.4-jni - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-contrib-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libcv2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-calib3d2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-video-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv2.4-java - 2.4.8+dfsg1-2ubuntu1.2+esm1 libcv-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-highgui2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-photo2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-highgui-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-features2d2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-legacy2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-objdetect-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-core2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libhighgui-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-ocl2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-core-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libhighgui2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-legacy-dev - 2.4.8+dfsg1-2ubuntu1.2+esm1 libopencv-videostab2.4 - 2.4.8+dfsg1-2ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-15939 CVE-2019-14491 CVE-2017-18009 CVE-2019-14492 CVE-2019-14493 Ubuntu 14.04 LTS It was discovered that Leptonica incorrectly handled path names. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-18196) It was discovered that Leptonica incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2018-3836) It was discovered that Leptonica incorrectly handled input arguments. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-7186) Update Instructions: Run `sudo pro fix USN-4819-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: leptonica-progs - 1.70.1-1ubuntu0.1~esm1 libleptonica-dev - 1.70.1-1ubuntu0.1~esm1 liblept4 - 1.70.1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-18196 CVE-2018-3836 CVE-2018-7186 Ubuntu 14.04 LTS USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding update for Coin3D for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Update Instructions: Run `sudo pro fix USN-4825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcoin80-runtime - 3.1.4~abc9f50-4ubuntu2+esm1 libcoin80-dev - 3.1.4~abc9f50-4ubuntu2+esm1 libcoin80-doc - 3.1.4~abc9f50-4ubuntu2+esm1 libcoin80 - 3.1.4~abc9f50-4ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-9233 Ubuntu 14.04 LTS It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-9258, CVE-2017-9259, CVE-2017-9260) It was discovered that SoundTouch incorrectly handled ccertain WAV files. A remote attacker could possibly use this issue to cause arbitrary code execution. (CVE-2018-1000223) It was discovered that SoundTouch incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-17096) It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-17097, CVE-2018-17098) Update Instructions: Run `sudo pro fix USN-4826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoundtouch-dev - 1.7.1-5ubuntu0.1~esm1 soundstretch - 1.7.1-5ubuntu0.1~esm1 libsoundtouch0 - 1.7.1-5ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 Ubuntu 14.04 LTS It was discovered that Crypto++ mishandled certain input. An attacker could use this vulnerability to leak potentially sensitive information. Update Instructions: Run `sudo pro fix USN-4827-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcrypto++-dev - 5.6.1-6+deb8u3ubuntu0.1~esm1 libcrypto++-doc - 5.6.1-6+deb8u3ubuntu0.1~esm1 libcrypto++-utils - 5.6.1-6+deb8u3ubuntu0.1~esm1 libcrypto++9 - 5.6.1-6+deb8u3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-9434 Ubuntu 14.04 LTS It was discovered that VCFtools improperly handled certain input. If a user were tricked into opening a crafted input file, VCFtools could be made to crash or possibly cause other unspecified impact. (CVE-2018-11099, CVE-2018-11129, CVE-2018-11130) It was discovered that VCFtools improperly handled memory allocation/deallocation, resulting in a use-after-free vulnerability. If a victim were tricked into opening a specially crafted VCF File, an attacker could cause VCFtools to leak sensitive information or possibly execute arbitrary code. (CVE-2019-1010127) Update Instructions: Run `sudo pro fix USN-4835-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vcftools - 0.1.11+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 CVE-2019-1010127 Ubuntu 14.04 LTS Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Update Instructions: Run `sudo pro fix USN-4839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-gnupg - 0.3.6-1ubuntu0.1~esm1 python-gnupg - 0.3.6-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-12020 CVE-2019-6690 Ubuntu 14.04 LTS Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM. (CVE-2014-9218) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of database names in the PHP Array export feature. An authenticated attacker could use this vulnerability to run arbitrary PHP commands. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6609) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6619) Emanuel Bronshtein discovered that phpMyadmin failed to properly sanitize input. An authenticated attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6630) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to bypass AllowRoot restrictions and deny rules for usernames. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9849) Emanuel Bronshtein discovered that phpMyAdmin would allow sensitive information to be leaked when the argument separator in a URL was not the default & value. An attacker could use this vulnerability to obtain the CSRF token of a user. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9866) Isaac Bennetch discovered that phpMyAdmin was incorrectly restricting user access due to the behavior of the substr function on some PHP versions. An attacker could use this vulnerability to bypass login restrictions established for users that have no password set. This issue only affected Ubuntu 14.04 ESM. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-18264) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of parameters sent during a table editing operation. An attacker could use this vulnerability to trigger an endless recursion and cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000014) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input used to generate a web page. An authenticated attacker could use this vulnerability to execute CSS injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000015) It was discovered that phpMyAdmin incorrectly handled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-7260) It was discovered phpMyAdmin incorrectly handled database names. An attacker could possibly use this to trigger a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-12581) Daniel Le Gall discovered that phpMyAdmin would expose sensitive information to unauthorized actors due to an error in its transformation feature. An authenticated attacker could use this vulnerability to leak the contents of a local file. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this to perform a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19970) It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-11768) It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a cross site request forgery attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-12616) It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a cross site request forgery attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-12922) It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-6798) It was discovered that phpMyAdmin did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection or a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-19617) CSW Research Labs discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-5504) Giwan Go and Yelang Lee discovered that phpMyAdmin was vulnerable to an XSS attack in the transformation feature. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the victim's system. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26934) Andre Sá discovered that phpMyAdmin incorrectly handled certain SQL statements in the search feature. A remote, authenticated attacker could use this to inject malicious SQL into a query. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26935) Update Instructions: Run `sudo pro fix USN-4843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: phpmyadmin - 4:4.0.10-1ubuntu0.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-9218 CVE-2016-6609 CVE-2016-6619 CVE-2016-6630 CVE-2016-9849 CVE-2016-9866 CVE-2017-18264 CVE-2017-1000014 CVE-2017-1000015 CVE-2018-7260 CVE-2018-12581 CVE-2018-19968 CVE-2018-19970 CVE-2019-6798 CVE-2019-11768 CVE-2019-12616 CVE-2019-12922 CVE-2019-19617 CVE-2020-5504 CVE-2020-26934 CVE-2020-26935 Ubuntu 14.04 LTS It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcgroup-dev - 0.38-1ubuntu2+esm1 libpam-cgroup - 0.38-1ubuntu2+esm1 libcgroup1 - 0.38-1ubuntu2+esm1 cgroup-bin - 0.38-1ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-14348 Ubuntu 14.04 LTS It was discovered that ACME mini_httpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files. Update Instructions: Run `sudo pro fix USN-4848-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mini-httpd - 1.19-9.3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2018-18778 Ubuntu 14.04 LTS It was discovered that VTK incorrectly handled certain XML files in the embedded Expat library. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4852-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vtk-examples - 5.8.0-14.1ubuntu3+esm1 libvtk5-qt4-dev - 5.8.0-14.1ubuntu3+esm1 libvtk5.8-qt4 - 5.8.0-14.1ubuntu3+esm1 libvtk5.8 - 5.8.0-14.1ubuntu3+esm1 vtk-doc - 5.8.0-14.1ubuntu3+esm1 libvtk-java - 5.8.0-14.1ubuntu3+esm1 libvtk5-dev - 5.8.0-14.1ubuntu3+esm1 python-vtk - 5.8.0-14.1ubuntu3+esm1 tcl-vtk - 5.8.0-14.1ubuntu3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20843 CVE-2019-15903 Ubuntu 14.04 LTS It was discovered that MediaInfoLib contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfoLib to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mediainfodll - 0.7.67-2ubuntu1+esm1 libmediainfo-dev - 0.7.67-2ubuntu1+esm1 python3-mediainfodll - 0.7.67-2ubuntu1+esm1 libmediainfo0 - 0.7.67-2ubuntu1+esm1 libmediainfo-doc - 0.7.67-2ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11372 CVE-2019-11373 Ubuntu 14.04 LTS Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to potentially leak sensitive information. (CVE-2019-11455) Update Instructions: Run `sudo pro fix USN-4860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: monit - 1:5.6-2ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11454 CVE-2019-11455 Ubuntu 14.04 LTS It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4863-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-fstream - 0.1.24-1ubuntu0.14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-13173 Ubuntu 14.04 LTS It was discovered that LibTomCrypt incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or read sensitive information. Update Instructions: Run `sudo pro fix USN-4868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtomcrypt-dev - 1.17-5ubuntu0.1+esm1 libtomcrypt0 - 1.17-5ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17362 Ubuntu 14.04 LTS It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information. Update Instructions: Run `sudo pro fix USN-4869-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: aria2 - 1.18.1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-3500 Ubuntu 14.04 LTS It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant. Update Instructions: Run `sudo pro fix USN-4874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ant - 1.9.3-2ubuntu0.1+esm1 ant-doc - 1.9.3-2ubuntu0.1+esm1 ant-gcj - 1.9.3-2ubuntu0.1+esm1 ant-optional - 1.9.3-2ubuntu0.1+esm1 ant-optional-gcj - 1.9.3-2ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-1945 Ubuntu 14.04 LTS It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. (CVE-2020-7247) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-8793) It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could possibly use this vulnerability to execute arbitrary shell commands as any non-root user. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-8794) Update Instructions: Run `sudo pro fix USN-4875-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opensmtpd - 5.4.1p1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-7247 CVE-2020-8793 CVE-2020-8794 Ubuntu 14.04 LTS Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178) Update Instructions: Run `sudo pro fix USN-4876-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1087-aws - 4.4.0-1087.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-204-generic - 4.4.0-204.236~14.04.1 linux-image-4.4.0-204-powerpc-smp - 4.4.0-204.236~14.04.1 linux-image-4.4.0-204-powerpc-e500mc - 4.4.0-204.236~14.04.1 linux-image-4.4.0-204-lowlatency - 4.4.0-204.236~14.04.1 linux-image-4.4.0-204-generic-lpae - 4.4.0-204.236~14.04.1 linux-image-4.4.0-204-powerpc64-smp - 4.4.0-204.236~14.04.1 linux-image-4.4.0-204-powerpc64-emb - 4.4.0-204.236~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1087.84 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lpae-lts-xenial - 4.4.0.204.178 linux-image-lowlatency-lts-xenial - 4.4.0.204.178 linux-image-generic-lts-xenial - 4.4.0.204.178 linux-image-powerpc-smp-lts-xenial - 4.4.0.204.178 linux-image-powerpc64-smp-lts-xenial - 4.4.0.204.178 linux-image-powerpc64-emb-lts-xenial - 4.4.0.204.178 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.204.178 linux-image-virtual-lts-xenial - 4.4.0.204.178 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-29569 CVE-2020-36158 CVE-2021-3178 Ubuntu 14.04 LTS It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178) Update Instructions: Run `sudo pro fix USN-4877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1109-azure - 4.15.0-1109.121~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1109.82 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36158 CVE-2021-3178 Ubuntu 14.04 LTS Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update Instructions: Run `sudo pro fix USN-4883-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1110-azure - 4.15.0-1110.122~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1110.83 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-1088-aws - 4.4.0-1088.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1088.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 Ubuntu 14.04 LTS It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275) It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-20212, CVE-2021-20276) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20211) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20214) Update Instructions: Run `sudo pro fix USN-4886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: privoxy - 3.0.21-7+deb8u1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35502 CVE-2021-20209 CVE-2021-20210 CVE-2021-20211 CVE-2021-20212 CVE-2021-20213 CVE-2021-20214 CVE-2021-20215 CVE-2021-20216 CVE-2021-20217 CVE-2021-20272 CVE-2021-20273 CVE-2021-20275 CVE-2021-20276 Ubuntu 14.04 LTS USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. (CVE-2021-20277) Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-27840) Update Instructions: Run `sudo pro fix USN-4888-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldb-tools - 1:1.1.24-0ubuntu0.14.04.2+esm1 python-ldb-dev - 1:1.1.24-0ubuntu0.14.04.2+esm1 python-ldb - 1:1.1.24-0ubuntu0.14.04.2+esm1 libldb1 - 1:1.1.24-0ubuntu0.14.04.2+esm1 libldb-dev - 1:1.1.24-0ubuntu0.14.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-27840 CVE-2021-20277 Ubuntu 14.04 LTS Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update Instructions: Run `sudo pro fix USN-4889-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-3.13.0-185-powerpc64-smp - 3.13.0-185.236 linux-image-3.13.0-185-powerpc-e500mc - 3.13.0-185.236 linux-image-3.13.0-185-powerpc-e500 - 3.13.0-185.236 linux-image-3.13.0-185-generic-lpae - 3.13.0-185.236 linux-image-3.13.0-185-lowlatency - 3.13.0-185.236 linux-image-3.13.0-185-powerpc64-emb - 3.13.0-185.236 linux-image-3.13.0-185-generic - 3.13.0-185.236 linux-image-3.13.0-185-powerpc-smp - 3.13.0-185.236 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.185.194 linux-image-powerpc-e500mc - 3.13.0.185.194 linux-image-generic-pae - 3.13.0.185.194 linux-image-generic-lpae-lts-trusty - 3.13.0.185.194 linux-image-generic-lts-quantal - 3.13.0.185.194 linux-image-lowlatency-pae - 3.13.0.185.194 linux-image-virtual - 3.13.0.185.194 linux-image-powerpc-e500 - 3.13.0.185.194 linux-image-generic-lts-trusty - 3.13.0.185.194 linux-image-omap - 3.13.0.185.194 linux-image-powerpc64-emb - 3.13.0.185.194 linux-image-generic - 3.13.0.185.194 linux-image-highbank - 3.13.0.185.194 linux-image-generic-lts-saucy - 3.13.0.185.194 linux-image-powerpc-smp - 3.13.0.185.194 linux-image-generic-lpae - 3.13.0.185.194 linux-image-generic-lpae-lts-saucy - 3.13.0.185.194 linux-image-generic-lts-raring - 3.13.0.185.194 linux-image-powerpc64-smp - 3.13.0.185.194 linux-image-lowlatency - 3.13.0.185.194 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-206-powerpc-smp - 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-powerpc-e500mc - 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-powerpc64-smp - 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-powerpc64-emb - 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-lowlatency - 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-generic-lpae - 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-generic - 4.4.0-206.238~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lpae-lts-xenial - 4.4.0.206.179 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.206.179 linux-image-powerpc64-smp-lts-xenial - 4.4.0.206.179 linux-image-powerpc-smp-lts-xenial - 4.4.0.206.179 linux-image-lowlatency-lts-xenial - 4.4.0.206.179 linux-image-generic-lts-xenial - 4.4.0.206.179 linux-image-powerpc64-emb-lts-xenial - 4.4.0.206.179 linux-image-virtual-lts-xenial - 4.4.0.206.179 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 Ubuntu 14.04 LTS Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Update Instructions: Run `sudo pro fix USN-4890-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1111-azure - 4.15.0-1111.123~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1111.84 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-27170 CVE-2020-27171 Ubuntu 14.04 LTS USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4896-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.3.3-1ubuntu0.2+esm3 python-lxml - 3.3.3-1ubuntu0.2+esm3 python-lxml-doc - 3.3.3-1ubuntu0.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-28957 Ubuntu 14.04 LTS USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service. (CVE-2021-27291) It was discovered that Pygments incorrectly handled parsing certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-20270) Update Instructions: Run `sudo pro fix USN-4897-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pygments - 1.6+dfsg-1ubuntu1.1+esm1 python3-pygments - 1.6+dfsg-1ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20270 CVE-2021-27291 Ubuntu 14.04 LTS USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Update Instructions: Run `sudo pro fix USN-4899-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.14.04.1+esm3 sa-compile - 3.4.2-0ubuntu0.14.04.1+esm3 spamc - 3.4.2-0ubuntu0.14.04.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-1946 Ubuntu 14.04 LTS Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4903-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl-udeb - 7.35.0-1ubuntu2.20+esm7 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm7 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm7 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm7 libcurl3-udeb - 7.35.0-1ubuntu2.20+esm7 libcurl4-doc - 7.35.0-1ubuntu2.20+esm7 libcurl3-nss - 7.35.0-1ubuntu2.20+esm7 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm7 libcurl3 - 7.35.0-1ubuntu2.20+esm7 curl - 7.35.0-1ubuntu2.20+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22876 Ubuntu 14.04 LTS Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. A local attacker could use this to expose sensitive information. (CVE-2017-5967) Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061) It was discovered that a race condition existed in the floppy device driver in the Linux kernel. An attacker with access to the floppy device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20261) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) Update Instructions: Run `sudo pro fix USN-4904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1090-aws - 4.4.0-1090.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-208-powerpc64-emb - 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-generic-lpae - 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-powerpc64-smp - 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-lowlatency - 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-generic - 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-powerpc-smp - 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-powerpc-e500mc - 4.4.0-208.240~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1090.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.208.181 linux-image-powerpc64-emb-lts-xenial - 4.4.0.208.181 linux-image-lowlatency-lts-xenial - 4.4.0.208.181 linux-image-powerpc64-smp-lts-xenial - 4.4.0.208.181 linux-image-generic-lpae-lts-xenial - 4.4.0.208.181 linux-image-generic-lts-xenial - 4.4.0.208.181 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.208.181 linux-image-virtual-lts-xenial - 4.4.0.208.181 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-1350 CVE-2017-16644 CVE-2017-5967 CVE-2018-13095 CVE-2019-16231 CVE-2019-16232 CVE-2019-19061 CVE-2021-20261 CVE-2021-26930 CVE-2021-26931 CVE-2021-28038 Ubuntu 14.04 LTS USN-4905-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4905-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm4 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm4 xdmx - 2:1.15.1-0ubuntu2.11+esm4 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm4 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm4 xvfb - 2:1.15.1-0ubuntu2.11+esm4 xnest - 2:1.15.1-0ubuntu2.11+esm4 xserver-common - 2:1.15.1-0ubuntu2.11+esm4 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm4 xserver-xorg-core-udeb - 2:1.15.1-0ubuntu2.11+esm4 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3472 Ubuntu 14.04 LTS Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347) It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3348) Update Instructions: Run `sudo pro fix USN-4907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1112-azure - 4.15.0-1112.124~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1112.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-13095 CVE-2021-3347 CVE-2021-3348 Ubuntu 14.04 LTS It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. Update Instructions: Run `sudo pro fix USN-4913-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-underscore - 1.4.4-2ubuntu1+esm1 node-underscore - 1.4.4-2ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23358 Ubuntu 14.04 LTS It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4916-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1113-azure - 4.15.0-1113.126~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1113.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-1091-aws - 4.4.0-1091.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-209-powerpc-smp - 4.4.0-209.241~14.04.1 linux-image-4.4.0-209-powerpc64-smp - 4.4.0-209.241~14.04.1 linux-image-4.4.0-209-generic - 4.4.0-209.241~14.04.1 linux-image-4.4.0-209-powerpc-e500mc - 4.4.0-209.241~14.04.1 linux-image-4.4.0-209-generic-lpae - 4.4.0-209.241~14.04.1 linux-image-4.4.0-209-lowlatency - 4.4.0-209.241~14.04.1 linux-image-4.4.0-209-powerpc64-emb - 4.4.0-209.241~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1091.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-generic-lpae-lts-xenial - 4.4.0.209.182 linux-image-lowlatency-lts-xenial - 4.4.0.209.182 linux-image-generic-lts-xenial - 4.4.0.209.182 linux-image-powerpc-smp-lts-xenial - 4.4.0.209.182 linux-image-powerpc64-smp-lts-xenial - 4.4.0.209.182 linux-image-powerpc64-emb-lts-xenial - 4.4.0.209.182 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.209.182 linux-image-virtual-lts-xenial - 4.4.0.209.182 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-29154 CVE-2021-3493 Ubuntu 14.04 LTS USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4916-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1092-aws - 4.4.0-1092.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-210-lowlatency - 4.4.0-210.242~14.04.1 linux-image-4.4.0-210-powerpc-e500mc - 4.4.0-210.242~14.04.1 linux-image-4.4.0-210-powerpc64-emb - 4.4.0-210.242~14.04.1 linux-image-4.4.0-210-generic - 4.4.0-210.242~14.04.1 linux-image-4.4.0-210-powerpc64-smp - 4.4.0-210.242~14.04.1 linux-image-4.4.0-210-powerpc-smp - 4.4.0-210.242~14.04.1 linux-image-4.4.0-210-generic-lpae - 4.4.0-210.242~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1092.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-powerpc-smp-lts-xenial - 4.4.0.210.183 linux-image-generic-lpae-lts-xenial - 4.4.0.210.183 linux-image-lowlatency-lts-xenial - 4.4.0.210.183 linux-image-generic-lts-xenial - 4.4.0.210.183 linux-image-virtual-lts-xenial - 4.4.0.210.183 linux-image-powerpc64-smp-lts-xenial - 4.4.0.210.183 linux-image-powerpc64-emb-lts-xenial - 4.4.0.210.183 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.210.183 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1924611 Ubuntu 14.04 LTS USN-4918-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Update Instructions: Run `sudo pro fix USN-4918-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.103.2+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 Ubuntu 14.04 LTS USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Update Instructions: Run `sudo pro fix USN-4918-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav-testfiles - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav-base - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav-daemon - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav-milter - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav-docs - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 clamav-freshclam - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 libclamav9 - 0.103.2+dfsg-0ubuntu0.14.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1926300 Ubuntu 14.04 LTS It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslp-dev - 1.2.1-9ubuntu0.3+esm1 openslp-doc - 1.2.1-9ubuntu0.3+esm1 slptool - 1.2.1-9ubuntu0.3+esm1 slpd - 1.2.1-9ubuntu0.3+esm1 libslp1 - 1.2.1-9ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5544 Ubuntu 14.04 LTS It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. (CVE-2019-13132) It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could use this vulnerability to cause a denial-of- service and prevent legitimate clients from communicating with ZeroMQ. (CVE-2020-15166) It was discovered that ZeroMQ did not properly manage memory under certain circumstances. If a user or automated system were tricked into connecting to one or multiple compromised servers, a remote attacker could use this issue to cause a denial of service. (CVE-2021-20234) It was discovered that ZeroMQ incorrectly handled memory when processing messages with arbitrarily large sizes under certain circumstances. A remote unauthenticated attacker could use this issue to cause a ZeroMQ server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20235) It was discovered that ZeroMQ did not properly manage memory under certain circumstances. A remote unauthenticated attacker could use this issue to cause a ZeroMQ server to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20237) Update Instructions: Run `sudo pro fix USN-4920-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzmq3 - 4.0.4+dfsg-2ubuntu0.1+esm3 libzmq3-dev - 4.0.4+dfsg-2ubuntu0.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-13132 CVE-2020-15166 CVE-2021-20234 CVE-2021-20235 CVE-2021-20237 Ubuntu 14.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta18-1ubuntu5.1+esm1 libcaca-dev - 0.99.beta18-1ubuntu5.1+esm1 libcaca0 - 0.99.beta18-1ubuntu5.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3410 Ubuntu 14.04 LTS Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. (CVE-2020-14318) Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. (CVE-2020-14323) Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. (CVE-2020-14383) Peter Eriksson discovered that Samba incorrectly handled certain negative idmap cache entries. This issue could result in certain users gaining unauthorized access to files, contrary to expected behaviour. (CVE-2021-20254) Update Instructions: Run `sudo pro fix USN-4931-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2021-20254 Ubuntu 14.04 LTS USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Update Instructions: Run `sudo pro fix USN-4932-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3+esm3 python-django - 1.6.11-0ubuntu1.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-31542 Ubuntu 14.04 LTS USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2020-28026 only affected Ubuntu 16.04 ESM. Original advisory details: It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges. Update Instructions: Run `sudo pro fix USN-4934-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.82-3ubuntu2.4+esm3 eximon4 - 4.82-3ubuntu2.4+esm3 exim4 - 4.82-3ubuntu2.4+esm3 exim4-base - 4.82-3ubuntu2.4+esm3 exim4-config - 4.82-3ubuntu2.4+esm3 exim4-daemon-heavy - 4.82-3ubuntu2.4+esm3 exim4-daemon-light - 4.82-3ubuntu2.4+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28016 CVE-2020-28017 CVE-2020-28020 CVE-2020-28022 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026 CVE-2021-27216 Ubuntu 14.04 LTS It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264) It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29265) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Update Instructions: Run `sudo pro fix USN-4946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1114-azure - 4.15.0-1114.127~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1114.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20292 CVE-2021-26930 CVE-2021-26931 CVE-2021-28038 CVE-2021-28688 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 Ubuntu 14.04 LTS USN-4961-1 fixed a vulnerability in pip. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. Update Instructions: Run `sudo pro fix USN-4961-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 1.5.4-1ubuntu4+esm1 python-pip-whl - 1.5.4-1ubuntu4+esm1 python3-pip - 1.5.4-1ubuntu4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-3572 Ubuntu 14.04 LTS It was discovered that Babel incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4962-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pybabel - 1.3+dfsg.1-2ubuntu2+esm1 python-babel-localedata - 1.3+dfsg.1-2ubuntu2+esm1 python-babel-doc - 1.3+dfsg.1-2ubuntu2+esm1 python-babel - 1.3+dfsg.1-2ubuntu2+esm1 python3-babel - 1.3+dfsg.1-2ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None Ubuntu 14.04 LTS USN-4965-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges. Update Instructions: Run `sudo pro fix USN-4965-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.14.1-0ubuntu3.29+esm7 python3-problem-report - 2.14.1-0ubuntu3.29+esm7 apport-kde - 2.14.1-0ubuntu3.29+esm7 apport-retrace - 2.14.1-0ubuntu3.29+esm7 apport-valgrind - 2.14.1-0ubuntu3.29+esm7 python3-apport - 2.14.1-0ubuntu3.29+esm7 dh-apport - 2.14.1-0ubuntu3.29+esm7 apport-gtk - 2.14.1-0ubuntu3.29+esm7 python-apport - 2.14.1-0ubuntu3.29+esm7 python-problem-report - 2.14.1-0ubuntu3.29+esm7 apport-noui - 2.14.1-0ubuntu3.29+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32547 CVE-2021-32548 CVE-2021-32549 CVE-2021-32550 CVE-2021-32551 CVE-2021-32552 CVE-2021-32553 CVE-2021-32554 CVE-2021-32555 CVE-2021-32556 CVE-2021-32557 Ubuntu 14.04 LTS USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests. Update Instructions: Run `sudo pro fix USN-4966-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.2-1ubuntu2.1+esm2 libx11-data - 2:1.6.2-1ubuntu2.1+esm2 libx11-xcb-dev - 2:1.6.2-1ubuntu2.1+esm2 libx11-xcb1 - 2:1.6.2-1ubuntu2.1+esm2 libx11-doc - 2:1.6.2-1ubuntu2.1+esm2 libx11-6-udeb - 2:1.6.2-1ubuntu2.1+esm2 libx11-dev - 2:1.6.2-1ubuntu2.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-31535 Ubuntu 14.04 LTS USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4967-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.9+esm2 nginx-core - 1.4.6-1ubuntu3.9+esm2 nginx-common - 1.4.6-1ubuntu3.9+esm2 nginx-full - 1.4.6-1ubuntu3.9+esm2 nginx - 1.4.6-1ubuntu3.9+esm2 nginx-doc - 1.4.6-1ubuntu3.9+esm2 nginx-naxsi - 1.4.6-1ubuntu3.9+esm2 nginx-naxsi-ui - 1.4.6-1ubuntu3.9+esm2 nginx-light - 1.4.6-1ubuntu3.9+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23017 Ubuntu 14.04 LTS USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4968-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblz4-tool - 0.0~r114-2ubuntu1+esm2 liblz4-dev - 0.0~r114-2ubuntu1+esm2 liblz4-1 - 0.0~r114-2ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3520 Ubuntu 14.04 LTS USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4969-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-dev - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-client-noddns - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-relay - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-client - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-common - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-server - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-client-udeb - 4.2.4-7ubuntu12.13+esm1 isc-dhcp-server-ldap - 4.2.4-7ubuntu12.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25217 Ubuntu 14.04 LTS USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4971-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwebp5 - 0.4.0-4ubuntu0.1~esm1 webp - 0.4.0-4ubuntu0.1~esm1 libwebpdemux1 - 0.4.0-4ubuntu0.1~esm1 libwebp-dev - 0.4.0-4ubuntu0.1~esm1 libwebpmux1 - 0.4.0-4ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 Ubuntu 14.04 LTS Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-28660) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-29647) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) Update Instructions: Run `sudo pro fix USN-4979-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1115-azure - 4.15.0-1115.128~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1115.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-28660 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29647 CVE-2021-31916 CVE-2021-33033 CVE-2021-3428 CVE-2021-3483 Ubuntu 14.04 LTS It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O (VT-d). This may allow a local user to perform a privilege escalation attack. (CVE-2020-24489) Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations (originally developed for CVE-2017-5715) and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2020-24511) Travis Downs discovered that some Intel processors did not properly flush cache-lines for trivial-data values. This may allow an unauthorized user to infer the presence of these trivial-data-cache-lines via timing sidechannel attacks. A local attacker could use this to expose sensitive information. (CVE-2020-24512) It was discovered that certain Intel Atom processors could expose memory contents stored in microarchitectural buffers. A local attacker could use this to expose sensitive information. (CVE-2020-24513) Update Instructions: Run `sudo pro fix USN-4985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20210608.0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2020-24489 Ubuntu 14.04 LTS USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4986-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.1-2ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-8779 Ubuntu 14.04 LTS USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4986-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.1-2ubuntu2.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1931507 Ubuntu 14.04 LTS Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2017-8872) Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-20388) It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-24977) It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517) It was discovered that libxml2 did not properly handle certain crafted XML files. A local attacker could exploit this with a crafted input to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3516, CVE-2021-3518) It was discovered that libxml2 incorrectly handled error states. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3537) Sebastian Pipping discovered that libxml2 did not properly handle certain crafted XML files. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3541) Update Instructions: Run `sudo pro fix USN-4991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm2 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm2 libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm2 libxml2-udeb - 2.9.1+dfsg1-3ubuntu4.13+esm2 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13+esm2 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-8872 CVE-2019-20388 CVE-2020-24977 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 Ubuntu 14.04 LTS USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2020-35452) Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2021-26690) Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. A remote attacker could use this issue to cause Apache to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-26691) Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641) Update Instructions: Run `sudo pro fix USN-4994-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm1 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm1 apache2.2-bin - 2.4.7-1ubuntu4.22+esm1 apache2-utils - 2.4.7-1ubuntu4.22+esm1 apache2-dev - 2.4.7-1ubuntu4.22+esm1 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm1 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm1 apache2-suexec - 2.4.7-1ubuntu4.22+esm1 apache2 - 2.4.7-1ubuntu4.22+esm1 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm1 apache2-doc - 2.4.7-1ubuntu4.22+esm1 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm1 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm1 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm1 apache2-bin - 2.4.7-1ubuntu4.22+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 Ubuntu 14.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. (CVE-2021-3600) Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133) Update Instructions: Run `sudo pro fix USN-5003-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1118-azure - 4.15.0-1118.131~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure - 4.15.0.1118.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-23133 CVE-2021-3600 CVE-2021-3609 Ubuntu 14.04 LTS USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2020-7068) It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. (CVE-2020-7071) It was discovered that PHP incorrectly handled certain malformed XML data when being parsed by the SOAP extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21702) It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704) It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705) Update Instructions: Run `sudo pro fix USN-5006-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm14 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm14 php5 - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm14 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm14 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm14 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm14 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm14 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-7068 CVE-2020-7071 CVE-2021-21702 CVE-2021-21704 CVE-2021-21705 Ubuntu 14.04 LTS USN-5008-1 fixed a vulnerability in avahi. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5008-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavahi-compat-libdnssd-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-ui-gtk3-0 - 0.6.31-4ubuntu1.3+esm1 libavahi-core7-udeb - 0.6.31-4ubuntu1.3+esm1 libavahi-qt4-1 - 0.6.31-4ubuntu1.3+esm1 libavahi-core7 - 0.6.31-4ubuntu1.3+esm1 libavahi-client3 - 0.6.31-4ubuntu1.3+esm1 libavahi-core-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-client-dev - 0.6.31-4ubuntu1.3+esm1 avahi-ui-utils - 0.6.31-4ubuntu1.3+esm1 libavahi-gobject-dev - 0.6.31-4ubuntu1.3+esm1 avahi-dnsconfd - 0.6.31-4ubuntu1.3+esm1 libavahi-compat-libdnssd1 - 0.6.31-4ubuntu1.3+esm1 libavahi-common3 - 0.6.31-4ubuntu1.3+esm1 avahi-daemon - 0.6.31-4ubuntu1.3+esm1 avahi-discover - 0.6.31-4ubuntu1.3+esm1 libavahi-common-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-common-data - 0.6.31-4ubuntu1.3+esm1 avahi-utils - 0.6.31-4ubuntu1.3+esm1 libavahi-ui0 - 0.6.31-4ubuntu1.3+esm1 libavahi-ui-gtk3-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-glib-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-ui-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-qt4-dev - 0.6.31-4ubuntu1.3+esm1 libavahi-gobject0 - 0.6.31-4ubuntu1.3+esm1 avahi-autoipd - 0.6.31-4ubuntu1.3+esm1 python-avahi - 0.6.31-4ubuntu1.3+esm1 libavahi-glib1 - 0.6.31-4ubuntu1.3+esm1 libavahi-common3-udeb - 0.6.31-4ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3468 Ubuntu 14.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-3.13.0-186-powerpc64-smp - 3.13.0-186.237 linux-tools-common - 3.13.0-186.237 linux-buildinfo-3.13.0-186-generic - 3.13.0-186.237 linux-buildinfo-3.13.0-186-powerpc64-emb - 3.13.0-186.237 linux-image-unsigned-3.13.0-186-lowlatency - 3.13.0-186.237 linux-image-3.13.0-186-powerpc-e500 - 3.13.0-186.237 linux-image-unsigned-3.13.0-186-generic - 3.13.0-186.237 linux-doc - 3.13.0-186.237 linux-image-3.13.0-186-powerpc64-smp - 3.13.0-186.237 linux-headers-3.13.0-186-powerpc64-emb - 3.13.0-186.237 linux-headers-3.13.0-186-powerpc-smp - 3.13.0-186.237 linux-buildinfo-3.13.0-186-powerpc-smp - 3.13.0-186.237 linux-modules-3.13.0-186-powerpc-e500 - 3.13.0-186.237 linux-headers-3.13.0-186-powerpc64-smp - 3.13.0-186.237 linux-buildinfo-3.13.0-186-lowlatency - 3.13.0-186.237 linux-libc-dev - 3.13.0-186.237 linux-cloud-tools-3.13.0-186 - 3.13.0-186.237 linux-buildinfo-3.13.0-186-powerpc64-smp - 3.13.0-186.237 linux-modules-extra-3.13.0-186-generic - 3.13.0-186.237 linux-image-3.13.0-186-powerpc-smp - 3.13.0-186.237 linux-image-3.13.0-186-powerpc-e500mc - 3.13.0-186.237 linux-tools-3.13.0-186-lowlatency - 3.13.0-186.237 linux-image-3.13.0-186-powerpc64-emb - 3.13.0-186.237 linux-tools-3.13.0-186-powerpc64-smp - 3.13.0-186.237 linux-source-3.13.0 - 3.13.0-186.237 linux-tools-3.13.0-186-generic - 3.13.0-186.237 linux-tools-3.13.0-186-powerpc64-emb - 3.13.0-186.237 linux-tools-3.13.0-186-powerpc-smp - 3.13.0-186.237 linux-modules-3.13.0-186-lowlatency - 3.13.0-186.237 linux-modules-3.13.0-186-generic-lpae - 3.13.0-186.237 linux-modules-3.13.0-186-powerpc-e500mc - 3.13.0-186.237 linux-headers-3.13.0-186-generic - 3.13.0-186.237 linux-tools-3.13.0-186-powerpc-e500mc - 3.13.0-186.237 linux-headers-3.13.0-186-powerpc-e500mc - 3.13.0-186.237 linux-tools-3.13.0-186 - 3.13.0-186.237 linux-modules-3.13.0-186-powerpc64-emb - 3.13.0-186.237 linux-tools-3.13.0-186-powerpc-e500 - 3.13.0-186.237 linux-cloud-tools-common - 3.13.0-186.237 linux-cloud-tools-3.13.0-186-lowlatency - 3.13.0-186.237 linux-buildinfo-3.13.0-186-generic-lpae - 3.13.0-186.237 linux-tools-3.13.0-186-generic-lpae - 3.13.0-186.237 linux-headers-3.13.0-186-powerpc-e500 - 3.13.0-186.237 linux-headers-3.13.0-186-generic-lpae - 3.13.0-186.237 linux-buildinfo-3.13.0-186-powerpc-e500mc - 3.13.0-186.237 linux-headers-3.13.0-186-lowlatency - 3.13.0-186.237 linux-cloud-tools-3.13.0-186-generic - 3.13.0-186.237 linux-image-3.13.0-186-generic - 3.13.0-186.237 linux-modules-3.13.0-186-powerpc-smp - 3.13.0-186.237 linux-image-3.13.0-186-generic-lpae - 3.13.0-186.237 linux-buildinfo-3.13.0-186-powerpc-e500 - 3.13.0-186.237 linux-modules-3.13.0-186-generic - 3.13.0-186.237 linux-image-3.13.0-186-lowlatency - 3.13.0-186.237 linux-headers-3.13.0-186 - 3.13.0-186.237 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-powerpc64-smp - 3.13.0.186.195 linux-headers-generic-lts-saucy - 3.13.0.186.195 linux-cloud-tools-virtual - 3.13.0.186.195 linux-signed-generic-lts-raring - 3.13.0.186.195 linux-headers-generic-lpae - 3.13.0.186.195 linux-headers-powerpc-smp - 3.13.0.186.195 linux-image-virtual - 3.13.0.186.195 linux-headers-lowlatency-pae - 3.13.0.186.195 linux-headers-generic-lpae-lts-trusty - 3.13.0.186.195 linux-image-generic - 3.13.0.186.195 linux-tools-lowlatency - 3.13.0.186.195 linux-generic-lpae-lts-saucy-eol-upgrade - 3.13.0.186.195 linux-image-generic-pae - 3.13.0.186.195 linux-headers-powerpc64-smp - 3.13.0.186.195 linux-tools-powerpc-smp - 3.13.0.186.195 linux-headers-generic-pae - 3.13.0.186.195 linux-image-lowlatency-pae - 3.13.0.186.195 linux-signed-image-generic-lts-raring - 3.13.0.186.195 linux-powerpc64-smp - 3.13.0.186.195 linux-signed-image-generic-lts-saucy - 3.13.0.186.195 linux-image-generic-lpae-lts-trusty - 3.13.0.186.195 linux-signed-image-generic-lts-trusty - 3.13.0.186.195 linux-generic-pae - 3.13.0.186.195 linux-tools-lts-trusty - 3.13.0.186.195 linux-image-generic-lts-raring - 3.13.0.186.195 linux-crashdump - 3.13.0.186.195 linux-headers-powerpc64-emb - 3.13.0.186.195 linux-powerpc-smp - 3.13.0.186.195 linux-headers-highbank - 3.13.0.186.195 linux-image-powerpc64-emb - 3.13.0.186.195 linux-tools-generic-lts-trusty - 3.13.0.186.195 linux-tools-generic-lts-saucy - 3.13.0.186.195 linux-source - 3.13.0.186.195 linux-signed-image-generic - 3.13.0.186.195 linux-lowlatency - 3.13.0.186.195 linux-image-highbank - 3.13.0.186.195 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.186.195 linux-tools-generic-lpae - 3.13.0.186.195 linux-cloud-tools-generic - 3.13.0.186.195 linux-generic-lts-quantal-eol-upgrade - 3.13.0.186.195 linux-tools-lts-saucy - 3.13.0.186.195 linux-tools-lts-quantal - 3.13.0.186.195 linux-image-hwe-generic-trusty - 3.13.0.186.195 linux-powerpc-e500mc - 3.13.0.186.195 linux-image-generic-lts-saucy - 3.13.0.186.195 linux-headers-generic-lts-raring - 3.13.0.186.195 linux-tools-powerpc64-emb - 3.13.0.186.195 linux-lowlatency-pae - 3.13.0.186.195 linux-tools-virtual - 3.13.0.186.195 linux-image-server - 3.13.0.186.195 linux-image-extra-virtual - 3.13.0.186.195 linux-image-powerpc-e500mc - 3.13.0.186.195 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.186.195 linux-signed-generic-lts-quantal - 3.13.0.186.195 linux-signed-generic-lts-trusty - 3.13.0.186.195 linux-generic-lpae - 3.13.0.186.195 linux-tools-powerpc-e500mc - 3.13.0.186.195 linux-generic-lpae-lts-saucy - 3.13.0.186.195 linux-headers-server - 3.13.0.186.195 linux-generic - 3.13.0.186.195 linux-image-generic-lts-quantal - 3.13.0.186.195 linux-server - 3.13.0.186.195 linux-virtual - 3.13.0.186.195 linux-tools-powerpc-e500 - 3.13.0.186.195 linux-image-generic-lts-trusty - 3.13.0.186.195 linux-generic-lts-quantal - 3.13.0.186.195 linux-tools-lts-raring - 3.13.0.186.195 linux-powerpc-e500 - 3.13.0.186.195 linux-tools-generic-lpae-lts-saucy - 3.13.0.186.195 linux-headers-lowlatency - 3.13.0.186.195 linux-omap - 3.13.0.186.195 linux-tools-generic-lpae-lts-trusty - 3.13.0.186.195 linux-image-hwe-virtual-trusty - 3.13.0.186.195 linux-image-powerpc-smp - 3.13.0.186.195 linux-highbank - 3.13.0.186.195 linux-image-omap - 3.13.0.186.195 linux-signed-image-generic-lts-quantal - 3.13.0.186.195 linux-headers-generic-lts-quantal - 3.13.0.186.195 linux-image-generic-lpae - 3.13.0.186.195 linux-hwe-generic-trusty - 3.13.0.186.195 linux-tools-generic - 3.13.0.186.195 linux-generic-lts-raring - 3.13.0.186.195 linux-headers-generic-lpae-lts-saucy - 3.13.0.186.195 linux-signed-generic-lts-saucy - 3.13.0.186.195 linux-cloud-tools-lowlatency - 3.13.0.186.195 linux-headers-powerpc-e500 - 3.13.0.186.195 linux-generic-lts-saucy - 3.13.0.186.195 linux-headers-powerpc-e500mc - 3.13.0.186.195 linux-headers-generic - 3.13.0.186.195 linux-image-powerpc-e500 - 3.13.0.186.195 linux-generic-lpae-lts-trusty - 3.13.0.186.195 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.186.195 linux-powerpc64-emb - 3.13.0.186.195 linux-generic-lts-saucy-eol-upgrade - 3.13.0.186.195 linux-generic-lts-trusty - 3.13.0.186.195 linux-headers-virtual - 3.13.0.186.195 linux-headers-generic-lts-trusty - 3.13.0.186.195 linux-headers-omap - 3.13.0.186.195 linux-signed-generic - 3.13.0.186.195 linux-image-generic-lpae-lts-saucy - 3.13.0.186.195 linux-hwe-virtual-trusty - 3.13.0.186.195 linux-image-powerpc64-smp - 3.13.0.186.195 linux-generic-lts-raring-eol-upgrade - 3.13.0.186.195 linux-image-lowlatency - 3.13.0.186.195 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.4.0-1094-aws - 4.4.0-1094.99 linux-aws-cloud-tools-4.4.0-1094 - 4.4.0-1094.99 linux-aws-headers-4.4.0-1094 - 4.4.0-1094.99 linux-cloud-tools-4.4.0-1094-aws - 4.4.0-1094.99 linux-image-4.4.0-1094-aws - 4.4.0-1094.99 linux-buildinfo-4.4.0-1094-aws - 4.4.0-1094.99 linux-tools-4.4.0-1094-aws - 4.4.0-1094.99 linux-modules-4.4.0-1094-aws - 4.4.0-1094.99 linux-aws-tools-4.4.0-1094 - 4.4.0-1094.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-lts-xenial-cloud-tools-4.4.0-212 - 4.4.0-212.244~14.04.1 linux-lts-xenial-udebs-generic - 4.4.0-212.244~14.04.1 linux-cloud-tools-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-modules-extra-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-headers-4.4.0-212 - 4.4.0-212.244~14.04.1 linux-headers-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-image-unsigned-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-buildinfo-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-image-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-headers-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-lts-xenial-tools-4.4.0-212 - 4.4.0-212.244~14.04.1 linux-tools-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-cloud-tools-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-modules-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-buildinfo-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-tools-4.4.0-212-generic - 4.4.0-212.244~14.04.1 linux-image-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-modules-4.4.0-212-lowlatency - 4.4.0-212.244~14.04.1 linux-image-unsigned-4.4.0-212-generic - 4.4.0-212.244~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1094.92 linux-image-aws - 4.4.0.1094.92 linux-aws - 4.4.0.1094.92 linux-tools-aws - 4.4.0.1094.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-virtual-lts-xenial - 4.4.0.212.185 linux-image-extra-virtual-lts-xenial - 4.4.0.212.185 linux-signed-lowlatency-lts-xenial - 4.4.0.212.185 linux-tools-virtual-lts-xenial - 4.4.0.212.185 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.212.185 linux-tools-lowlatency-lts-xenial - 4.4.0.212.185 linux-headers-generic-lts-xenial - 4.4.0.212.185 linux-lowlatency-lts-xenial - 4.4.0.212.185 linux-signed-generic-lts-xenial - 4.4.0.212.185 linux-generic-lts-xenial - 4.4.0.212.185 linux-image-virtual-lts-xenial - 4.4.0.212.185 linux-virtual-lts-xenial - 4.4.0.212.185 linux-image-generic-lts-xenial - 4.4.0.212.185 linux-signed-image-lowlatency-lts-xenial - 4.4.0.212.185 linux-signed-image-generic-lts-xenial - 4.4.0.212.185 linux-headers-virtual-lts-xenial - 4.4.0.212.185 linux-tools-generic-lts-xenial - 4.4.0.212.185 linux-headers-lowlatency-lts-xenial - 4.4.0.212.185 linux-cloud-tools-generic-lts-xenial - 4.4.0.212.185 linux-image-lowlatency-lts-xenial - 4.4.0.212.185 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-33909 Ubuntu 14.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update Instructions: Run `sudo pro fix USN-5018-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-modules-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-azure-headers-4.15.0-1121 - 4.15.0-1121.134~14.04.1 linux-azure-tools-4.15.0-1121 - 4.15.0-1121.134~14.04.1 linux-headers-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-azure-cloud-tools-4.15.0-1121 - 4.15.0-1121.134~14.04.1 linux-modules-extra-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-image-unsigned-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-image-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-tools-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 linux-buildinfo-4.15.0-1121-azure - 4.15.0-1121.134~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-azure - 4.15.0.1121.94 linux-signed-azure - 4.15.0.1121.94 linux-signed-image-azure - 4.15.0.1121.94 linux-modules-extra-azure - 4.15.0.1121.94 linux-cloud-tools-azure - 4.15.0.1121.94 linux-headers-azure - 4.15.0.1121.94 linux-azure - 4.15.0.1121.94 linux-image-azure - 4.15.0.1121.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2021-0129 CVE-2021-23134 CVE-2021-31829 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-33909 Ubuntu 14.04 LTS It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-5023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaspell15 - 0.60.7~20110707-1ubuntu1+esm2 aspell-doc - 0.60.7~20110707-1ubuntu1+esm2 aspell - 0.60.7~20110707-1ubuntu1+esm2 libpspell-dev - 0.60.7~20110707-1ubuntu1+esm2 libaspell-dev - 0.60.7~20110707-1ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-25051 Ubuntu 14.04 LTS USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5025-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-7ubuntu2.2+esm2 libsndfile1-dev - 1.0.25-7ubuntu2.2+esm2 sndfile-programs - 1.0.25-7ubuntu2.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3246 Ubuntu 14.04 LTS It was discovered that Tor incorrectly handled certain memory operations. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-8955) It was discovered that Tor did not properly handle the input length to dump_desc() function. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-28089) It was discovered that Tor did not properly sanitize the relay nickname in dirvote_add_signatures_to_pending_consensus() function. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service. (CVE-2021-28090) It was discovered that Tor did not properly validate the layer hint on half-open streams. A remote attacker could possibly use this issue to bypass the access control, leading to remote code execution. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-34548) It was discovered that Tor was using an insecure hash function. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34549) It was discovered that Tor did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted request, a remote attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly reading sensitive data. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34550) It was discovered that Tor mishandles the relationship between batch-signature verification and single-signature verification. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-38385) Update Instructions: Run `sudo pro fix USN-5036-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tor - 0.2.4.27-1ubuntu0.1+esm2 tor-geoipdb - 0.2.4.27-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-8955 CVE-2021-28089 CVE-2021-28090 CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 CVE-2021-38385 Ubuntu 14.04 LTS Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: message-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 pata-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 usb-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-image-unsigned-3.13.0-187-lowlatency - 3.13.0-187.238 nic-shared-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 fs-secondary-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 plip-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 kernel-image-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 parport-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 irda-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 irda-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 irda-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 fat-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 linux-headers-3.13.0-187-powerpc64-smp - 3.13.0-187.238 nic-shared-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-headers-3.13.0-187-generic - 3.13.0-187.238 linux-image-3.13.0-187-generic-lpae - 3.13.0-187.238 pata-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 block-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 sata-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-udebs-powerpc-e500 - 3.13.0-187.238 storage-core-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 nic-shared-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-headers-3.13.0-187-lowlatency - 3.13.0-187.238 virtio-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 block-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-image-3.13.0-187-powerpc-e500 - 3.13.0-187.238 speakup-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-modules-3.13.0-187-powerpc-e500 - 3.13.0-187.238 squashfs-modules-3.13.0-187-generic-di - 3.13.0-187.238 fs-core-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 md-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 nfs-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 ipmi-modules-3.13.0-187-generic-di - 3.13.0-187.238 usb-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-image-3.13.0-187-generic - 3.13.0-187.238 linux-headers-3.13.0-187-powerpc-e500mc - 3.13.0-187.238 virtio-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 serial-modules-3.13.0-187-generic-di - 3.13.0-187.238 storage-core-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 nic-usb-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-modules-3.13.0-187-generic - 3.13.0-187.238 linux-buildinfo-3.13.0-187-generic - 3.13.0-187.238 linux-cloud-tools-common - 3.13.0-187.238 linux-image-3.13.0-187-lowlatency - 3.13.0-187.238 multipath-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 sata-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 fat-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 message-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 irda-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 crypto-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-tools-3.13.0-187-generic - 3.13.0-187.238 md-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 fs-core-modules-3.13.0-187-generic-di - 3.13.0-187.238 nic-shared-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-buildinfo-3.13.0-187-powerpc-e500mc - 3.13.0-187.238 pcmcia-storage-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-udebs-powerpc64-smp - 3.13.0-187.238 linux-headers-3.13.0-187-generic-lpae - 3.13.0-187.238 plip-modules-3.13.0-187-generic-di - 3.13.0-187.238 md-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-udebs-generic-lpae - 3.13.0-187.238 input-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 storage-core-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 virtio-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 firewire-core-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 usb-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 squashfs-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-buildinfo-3.13.0-187-lowlatency - 3.13.0-187.238 linux-modules-3.13.0-187-lowlatency - 3.13.0-187.238 linux-tools-3.13.0-187-powerpc-e500 - 3.13.0-187.238 ipmi-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 nic-shared-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 multipath-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 crypto-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 kernel-signed-image-3.13.0-187-generic-di - 3.13.0-187.238 crypto-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 ipmi-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 kernel-image-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 multipath-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 sata-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 pata-modules-3.13.0-187-generic-di - 3.13.0-187.238 parport-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 block-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-udebs-powerpc-smp - 3.13.0-187.238 kernel-image-3.13.0-187-generic-di - 3.13.0-187.238 linux-libc-dev - 3.13.0-187.238 fat-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-buildinfo-3.13.0-187-powerpc64-emb - 3.13.0-187.238 fs-secondary-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-headers-3.13.0-187-powerpc-smp - 3.13.0-187.238 ppp-modules-3.13.0-187-generic-di - 3.13.0-187.238 sata-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 fs-secondary-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 nic-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 linux-buildinfo-3.13.0-187-generic-lpae - 3.13.0-187.238 fs-core-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 nic-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 kernel-image-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 floppy-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-modules-extra-3.13.0-187-generic - 3.13.0-187.238 scsi-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 speakup-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 fat-modules-3.13.0-187-generic-di - 3.13.0-187.238 floppy-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-buildinfo-3.13.0-187-powerpc-e500 - 3.13.0-187.238 speakup-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 irda-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-headers-3.13.0-187 - 3.13.0-187.238 nic-usb-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 mouse-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 squashfs-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 plip-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 input-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-image-3.13.0-187-powerpc64-smp - 3.13.0-187.238 firewire-core-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 nic-usb-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 md-modules-3.13.0-187-generic-di - 3.13.0-187.238 multipath-modules-3.13.0-187-generic-di - 3.13.0-187.238 pcmcia-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-cloud-tools-3.13.0-187 - 3.13.0-187.238 linux-udebs-powerpc-e500mc - 3.13.0-187.238 linux-buildinfo-3.13.0-187-powerpc-smp - 3.13.0-187.238 parport-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-headers-3.13.0-187-powerpc-e500 - 3.13.0-187.238 firewire-core-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 vlan-modules-3.13.0-187-generic-di - 3.13.0-187.238 usb-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 storage-core-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 message-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 floppy-modules-3.13.0-187-generic-di - 3.13.0-187.238 fs-secondary-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 linux-tools-3.13.0-187 - 3.13.0-187.238 multipath-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 kernel-image-3.13.0-187-generic-lpae-di - 3.13.0-187.238 fat-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 crypto-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-tools-3.13.0-187-generic-lpae - 3.13.0-187.238 md-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-tools-3.13.0-187-lowlatency - 3.13.0-187.238 ppp-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 fb-modules-3.13.0-187-generic-di - 3.13.0-187.238 usb-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 fs-secondary-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 nic-shared-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 ipmi-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 parport-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-image-3.13.0-187-powerpc-e500mc - 3.13.0-187.238 message-modules-3.13.0-187-generic-di - 3.13.0-187.238 md-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 block-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 nfs-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 fs-core-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 ppp-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 speakup-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-modules-3.13.0-187-powerpc-e500mc - 3.13.0-187.238 linux-modules-3.13.0-187-powerpc-smp - 3.13.0-187.238 block-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 ppp-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-tools-3.13.0-187-powerpc64-emb - 3.13.0-187.238 pata-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 scsi-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 parport-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 ppp-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 nic-usb-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 mouse-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 virtio-modules-3.13.0-187-generic-di - 3.13.0-187.238 virtio-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 nfs-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 crypto-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 nic-modules-3.13.0-187-generic-di - 3.13.0-187.238 plip-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-image-3.13.0-187-powerpc-smp - 3.13.0-187.238 nic-usb-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-tools-3.13.0-187-powerpc-e500mc - 3.13.0-187.238 linux-tools-3.13.0-187-powerpc-smp - 3.13.0-187.238 irda-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 firewire-core-modules-3.13.0-187-generic-di - 3.13.0-187.238 input-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 input-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 scsi-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 parport-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 message-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 vlan-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 squashfs-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 nfs-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 linux-modules-3.13.0-187-powerpc64-emb - 3.13.0-187.238 plip-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 vlan-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 fs-core-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-tools-common - 3.13.0-187.238 pata-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 vlan-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-image-unsigned-3.13.0-187-generic - 3.13.0-187.238 block-modules-3.13.0-187-generic-di - 3.13.0-187.238 nic-usb-modules-3.13.0-187-generic-di - 3.13.0-187.238 linux-cloud-tools-3.13.0-187-lowlatency - 3.13.0-187.238 linux-doc - 3.13.0-187.238 scsi-modules-3.13.0-187-generic-di - 3.13.0-187.238 fs-core-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 usb-modules-3.13.0-187-generic-di - 3.13.0-187.238 floppy-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 plip-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 vlan-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 linux-source-3.13.0 - 3.13.0-187.238 nic-pcmcia-modules-3.13.0-187-generic-di - 3.13.0-187.238 sata-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 multipath-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 ipmi-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 scsi-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 storage-core-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 firewire-core-modules-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 nic-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 mouse-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 input-modules-3.13.0-187-generic-di - 3.13.0-187.238 fat-modules-3.13.0-187-generic-lpae-di - 3.13.0-187.238 fs-secondary-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-modules-3.13.0-187-powerpc64-smp - 3.13.0-187.238 nic-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 squashfs-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-buildinfo-3.13.0-187-powerpc64-smp - 3.13.0-187.238 floppy-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-modules-3.13.0-187-generic-lpae - 3.13.0-187.238 storage-core-modules-3.13.0-187-generic-di - 3.13.0-187.238 nic-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 mouse-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 ipmi-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-image-3.13.0-187-powerpc64-emb - 3.13.0-187.238 linux-udebs-generic - 3.13.0-187.238 input-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 speakup-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 mouse-modules-3.13.0-187-generic-di - 3.13.0-187.238 vlan-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 linux-tools-3.13.0-187-powerpc64-smp - 3.13.0-187.238 ppp-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 scsi-modules-3.13.0-187-powerpc64-smp-di - 3.13.0-187.238 crypto-modules-3.13.0-187-generic-di - 3.13.0-187.238 sata-modules-3.13.0-187-generic-di - 3.13.0-187.238 nfs-modules-3.13.0-187-generic-di - 3.13.0-187.238 mouse-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 linux-cloud-tools-3.13.0-187-generic - 3.13.0-187.238 kernel-image-3.13.0-187-powerpc-e500mc-di - 3.13.0-187.238 speakup-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 nfs-modules-3.13.0-187-powerpc-e500-di - 3.13.0-187.238 squashfs-modules-3.13.0-187-powerpc-smp-di - 3.13.0-187.238 linux-headers-3.13.0-187-powerpc64-emb - 3.13.0-187.238 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-virtual - 3.13.0.187.196 linux-tools-powerpc64-smp - 3.13.0.187.196 linux-powerpc64-smp - 3.13.0.187.196 linux-image-powerpc64-emb - 3.13.0.187.196 linux-source - 3.13.0.187.196 linux-cloud-tools-generic - 3.13.0.187.196 linux-headers-powerpc-smp - 3.13.0.187.196 linux-tools-lts-saucy - 3.13.0.187.196 linux-generic - 3.13.0.187.196 linux-generic-lts-raring-eol-upgrade - 3.13.0.187.196 linux-powerpc-e500 - 3.13.0.187.196 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.187.196 linux-signed-image-generic-lts-quantal - 3.13.0.187.196 linux-headers-generic-lts-quantal - 3.13.0.187.196 linux-hwe-generic-trusty - 3.13.0.187.196 linux-generic-lts-trusty - 3.13.0.187.196 linux-generic-lts-saucy - 3.13.0.187.196 linux-image-powerpc-e500 - 3.13.0.187.196 linux-generic-lpae-lts-trusty - 3.13.0.187.196 linux-tools-lowlatency - 3.13.0.187.196 linux-powerpc64-emb - 3.13.0.187.196 linux-image-hwe-generic-trusty - 3.13.0.187.196 linux-hwe-virtual-trusty - 3.13.0.187.196 linux-image-lowlatency - 3.13.0.187.196 linux-headers-generic-lts-saucy - 3.13.0.187.196 linux-signed-generic-lts-raring - 3.13.0.187.196 linux-headers-lowlatency-pae - 3.13.0.187.196 linux-headers-powerpc64-smp - 3.13.0.187.196 linux-tools-powerpc-smp - 3.13.0.187.196 linux-image-lowlatency-pae - 3.13.0.187.196 linux-image-generic-lpae-lts-trusty - 3.13.0.187.196 linux-generic-pae - 3.13.0.187.196 linux-tools-lts-trusty - 3.13.0.187.196 linux-crashdump - 3.13.0.187.196 linux-tools-generic-lts-saucy - 3.13.0.187.196 linux-generic-lpae-lts-saucy - 3.13.0.187.196 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.187.196 linux-powerpc-e500mc - 3.13.0.187.196 linux-tools-powerpc64-emb - 3.13.0.187.196 linux-lowlatency-pae - 3.13.0.187.196 linux-image-server - 3.13.0.187.196 linux-signed-generic-lts-quantal - 3.13.0.187.196 linux-generic-lpae - 3.13.0.187.196 linux-image-generic-lts-quantal - 3.13.0.187.196 linux-tools-generic - 3.13.0.187.196 linux-image-extra-virtual - 3.13.0.187.196 linux-headers-powerpc-e500 - 3.13.0.187.196 linux-signed-generic - 3.13.0.187.196 linux-generic-lts-saucy-eol-upgrade - 3.13.0.187.196 linux-tools-powerpc-e500 - 3.13.0.187.196 linux-image-generic-lpae - 3.13.0.187.196 linux-tools-generic-lts-trusty - 3.13.0.187.196 linux-image-omap - 3.13.0.187.196 linux-headers-powerpc64-emb - 3.13.0.187.196 linux-signed-generic-lts-trusty - 3.13.0.187.196 linux-signed-image-generic-lts-saucy - 3.13.0.187.196 linux-signed-image-generic-lts-trusty - 3.13.0.187.196 linux-image-generic-lts-raring - 3.13.0.187.196 linux-powerpc-smp - 3.13.0.187.196 linux-headers-highbank - 3.13.0.187.196 linux-signed-image-generic - 3.13.0.187.196 linux-lowlatency - 3.13.0.187.196 linux-image-highbank - 3.13.0.187.196 linux-tools-virtual - 3.13.0.187.196 linux-generic-lts-quantal-eol-upgrade - 3.13.0.187.196 linux-tools-lts-quantal - 3.13.0.187.196 linux-virtual - 3.13.0.187.196 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.187.196 linux-image-powerpc-e500mc - 3.13.0.187.196 linux-image-generic-pae - 3.13.0.187.196 linux-headers-server - 3.13.0.187.196 linux-image-generic-lts-trusty - 3.13.0.187.196 linux-generic-lpae-lts-saucy-eol-upgrade - 3.13.0.187.196 linux-tools-lts-raring - 3.13.0.187.196 linux-tools-generic-lpae-lts-saucy - 3.13.0.187.196 linux-headers-lowlatency - 3.13.0.187.196 linux-omap - 3.13.0.187.196 linux-tools-generic-lpae-lts-trusty - 3.13.0.187.196 linux-image-hwe-virtual-trusty - 3.13.0.187.196 linux-headers-generic-lts-raring - 3.13.0.187.196 linux-image-powerpc-smp - 3.13.0.187.196 linux-highbank - 3.13.0.187.196 linux-generic-lts-raring - 3.13.0.187.196 linux-headers-generic-lpae-lts-saucy - 3.13.0.187.196 linux-headers-powerpc-e500mc - 3.13.0.187.196 linux-headers-omap - 3.13.0.187.196 linux-cloud-tools-virtual - 3.13.0.187.196 linux-headers-generic-lpae - 3.13.0.187.196 linux-image-generic - 3.13.0.187.196 linux-headers-generic-pae - 3.13.0.187.196 linux-signed-image-generic-lts-raring - 3.13.0.187.196 linux-headers-generic-lpae-lts-trusty - 3.13.0.187.196 linux-tools-generic-lpae - 3.13.0.187.196 linux-image-generic-lts-saucy - 3.13.0.187.196 linux-headers-virtual - 3.13.0.187.196 linux-server - 3.13.0.187.196 linux-generic-lts-quantal - 3.13.0.187.196 linux-tools-powerpc-e500mc - 3.13.0.187.196 linux-signed-generic-lts-saucy - 3.13.0.187.196 linux-cloud-tools-lowlatency - 3.13.0.187.196 hv-kvp-daemon-init - 3.13.0.187.196 linux-headers-generic - 3.13.0.187.196 linux-headers-generic-lts-trusty - 3.13.0.187.196 linux-image-generic-lpae-lts-saucy - 3.13.0.187.196 linux-image-powerpc64-smp - 3.13.0.187.196 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.4.0-1095-aws - 4.4.0-1095.100 linux-modules-4.4.0-1095-aws - 4.4.0-1095.100 linux-aws-tools-4.4.0-1095 - 4.4.0-1095.100 linux-cloud-tools-4.4.0-1095-aws - 4.4.0-1095.100 linux-tools-4.4.0-1095-aws - 4.4.0-1095.100 linux-aws-cloud-tools-4.4.0-1095 - 4.4.0-1095.100 linux-buildinfo-4.4.0-1095-aws - 4.4.0-1095.100 linux-aws-headers-4.4.0-1095 - 4.4.0-1095.100 linux-image-4.4.0-1095-aws - 4.4.0-1095.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro nfs-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 fs-core-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 nic-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 serial-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 fat-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 ppp-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 usb-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 nic-pcmcia-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 sata-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 input-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-tools-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 pcmcia-storage-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 crypto-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-headers-4.4.0-213-generic - 4.4.0-213.245~14.04.1 floppy-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 nic-shared-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 speakup-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-image-unsigned-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 linux-image-unsigned-4.4.0-213-generic - 4.4.0-213.245~14.04.1 linux-cloud-tools-4.4.0-213-generic - 4.4.0-213.245~14.04.1 multipath-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 ipmi-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-lts-xenial-udebs-generic - 4.4.0-213.245~14.04.1 mouse-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-lts-xenial-tools-4.4.0-213 - 4.4.0-213.245~14.04.1 pcmcia-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-cloud-tools-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 linux-image-4.4.0-213-generic - 4.4.0-213.245~14.04.1 kernel-signed-image-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-modules-4.4.0-213-generic - 4.4.0-213.245~14.04.1 firewire-core-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-modules-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 virtio-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 kernel-image-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-tools-4.4.0-213-generic - 4.4.0-213.245~14.04.1 storage-core-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-buildinfo-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 nic-usb-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-213 - 4.4.0-213.245~14.04.1 linux-modules-extra-4.4.0-213-generic - 4.4.0-213.245~14.04.1 scsi-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-headers-4.4.0-213 - 4.4.0-213.245~14.04.1 message-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-buildinfo-4.4.0-213-generic - 4.4.0-213.245~14.04.1 irda-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 parport-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 pata-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 fb-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 vlan-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 block-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-image-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 md-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 linux-headers-4.4.0-213-lowlatency - 4.4.0-213.245~14.04.1 plip-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 fs-secondary-modules-4.4.0-213-generic-di - 4.4.0-213.245~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1095.93 linux-headers-aws - 4.4.0.1095.93 linux-tools-aws - 4.4.0.1095.93 linux-aws - 4.4.0.1095.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-extra-virtual-lts-xenial - 4.4.0.213.186 linux-image-lowlatency-lts-xenial - 4.4.0.213.186 linux-signed-lowlatency-lts-xenial - 4.4.0.213.186 linux-generic-lts-xenial - 4.4.0.213.186 linux-tools-generic-lts-xenial - 4.4.0.213.186 linux-cloud-tools-generic-lts-xenial - 4.4.0.213.186 linux-cloud-tools-virtual-lts-xenial - 4.4.0.213.186 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.213.186 linux-headers-generic-lts-xenial - 4.4.0.213.186 linux-virtual-lts-xenial - 4.4.0.213.186 linux-signed-image-generic-lts-xenial - 4.4.0.213.186 linux-lowlatency-lts-xenial - 4.4.0.213.186 linux-signed-image-lowlatency-lts-xenial - 4.4.0.213.186 linux-headers-lowlatency-lts-xenial - 4.4.0.213.186 linux-image-generic-lts-xenial - 4.4.0.213.186 linux-tools-virtual-lts-xenial - 4.4.0.213.186 linux-tools-lowlatency-lts-xenial - 4.4.0.213.186 linux-signed-generic-lts-xenial - 4.4.0.213.186 linux-image-virtual-lts-xenial - 4.4.0.213.186 linux-headers-virtual-lts-xenial - 4.4.0.213.186 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-22555 Ubuntu 14.04 LTS It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain crafted HTTP requests. An attacker could possibly use the vulnerability to cause libapreq2 to crash. Update Instructions: Run `sudo pro fix USN-5041-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapreq2-doc - 2.13-3ubuntu2+esm1 libapache2-mod-apreq2 - 2.13-3ubuntu2+esm1 libapreq2-dev - 2.13-3ubuntu2+esm1 libapache2-request-perl - 2.13-3ubuntu2+esm1 libapreq2-3 - 2.13-3ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12412 Ubuntu 14.04 LTS It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587) Update Instructions: Run `sudo pro fix USN-5044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-modules-extra-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-tools-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-azure-tools-4.15.0-1122 - 4.15.0-1122.135~14.04.1 linux-azure-headers-4.15.0-1122 - 4.15.0-1122.135~14.04.1 linux-image-unsigned-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-modules-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-cloud-tools-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-buildinfo-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 linux-azure-cloud-tools-4.15.0-1122 - 4.15.0-1122.135~14.04.1 linux-image-4.15.0-1122-azure - 4.15.0-1122.135~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-azure - 4.15.0.1122.95 linux-signed-azure - 4.15.0.1122.95 linux-signed-image-azure - 4.15.0.1122.95 linux-azure - 4.15.0.1122.95 linux-modules-extra-azure - 4.15.0.1122.95 linux-headers-azure - 4.15.0.1122.95 linux-cloud-tools-azure - 4.15.0.1122.95 linux-image-azure - 4.15.0.1122.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3564 CVE-2021-3573 Ubuntu 14.04 LTS USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) Update Instructions: Run `sudo pro fix USN-5051-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.1f-1ubuntu2.27+esm3 openssl - 1.0.1f-1ubuntu2.27+esm3 libssl-doc - 1.0.1f-1ubuntu2.27+esm3 libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3712 Ubuntu 14.04 LTS USN-5051-2 introduced a regression in OpenSSL that affected only Ubuntu 14.04 ESM. This update fix the regression. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) Update Instructions: Run `sudo pro fix USN-5051-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.1f-1ubuntu2.27+esm4 openssl - 1.0.1f-1ubuntu2.27+esm4 libssl-doc - 1.0.1f-1ubuntu2.27+esm4 libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1942357 Ubuntu 14.04 LTS USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution. Update Instructions: Run `sudo pro fix USN-5054-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-uwsgi - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-xslt - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-jwsgi-openjdk-6 - 1.9.17.1-5ubuntu0.1+esm1 python-uwsgidecorators - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-pyerl-python - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-curl-cron - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-infrastructure-plugins - 1.9.17.1-5ubuntu0.1+esm1 python3-uwsgidecorators - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-php - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-jwsgi-openjdk-7 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-greenlet-python - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-v8 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-geoip - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-app-integration-plugins - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-alarm-curl - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-lua5.1 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-lua5.2 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-python - 1.9.17.1-5ubuntu0.1+esm1 uwsgi - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-emperor-pg - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-graylog2 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-emperor - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-pyerl-python3 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-fiber - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-rbthreads - 1.9.17.1-5ubuntu0.1+esm1 libapache2-mod-proxy-uwsgi - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-erlang - 1.9.17.1-5ubuntu0.1+esm1 libapache2-mod-ruwsgi - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-python3 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-alarm-xmpp - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-router-access - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-core - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-extra - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-rack-ruby1.9.1 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-sqlite3 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugins-all - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-psgi - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-ldap - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-jvm-openjdk-6 - 1.9.17.1-5ubuntu0.1+esm1 uwsgi-plugin-jvm-openjdk-7 - 1.9.17.1-5ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-11984 Ubuntu 14.04 LTS It was discovered that APR incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5056-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapr1 - 1.5.0-1ubuntu0.1~esm1 libapr1-dev - 1.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-35940 Ubuntu 14.04 LTS USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5060-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2013.1.13AR.1-2ubuntu2+esm1 ntfs-3g-dev - 1:2013.1.13AR.1-2ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1942235 Ubuntu 14.04 LTS Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Update Instructions: Run `sudo pro fix USN-5062-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-tools-4.4.0-1096 - 4.4.0-1096.101 linux-cloud-tools-4.4.0-1096-aws - 4.4.0-1096.101 linux-image-4.4.0-1096-aws - 4.4.0-1096.101 linux-modules-4.4.0-1096-aws - 4.4.0-1096.101 linux-tools-4.4.0-1096-aws - 4.4.0-1096.101 linux-aws-headers-4.4.0-1096 - 4.4.0-1096.101 linux-buildinfo-4.4.0-1096-aws - 4.4.0-1096.101 linux-aws-cloud-tools-4.4.0-1096 - 4.4.0-1096.101 linux-headers-4.4.0-1096-aws - 4.4.0-1096.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-214 - 4.4.0-214.246~14.04.1 linux-image-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-cloud-tools-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-modules-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-image-unsigned-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-headers-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-lts-xenial-tools-4.4.0-214 - 4.4.0-214.246~14.04.1 linux-tools-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-buildinfo-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-tools-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-modules-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-buildinfo-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-headers-4.4.0-214 - 4.4.0-214.246~14.04.1 linux-cloud-tools-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-image-unsigned-4.4.0-214-lowlatency - 4.4.0-214.246~14.04.1 linux-headers-4.4.0-214-generic - 4.4.0-214.246~14.04.1 linux-modules-extra-4.4.0-214-generic - 4.4.0-214.246~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1096.94 linux-aws - 4.4.0.1096.94 linux-headers-aws - 4.4.0.1096.94 linux-image-aws - 4.4.0.1096.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.214.187 linux-tools-virtual-lts-xenial - 4.4.0.214.187 linux-image-generic-lts-xenial - 4.4.0.214.187 linux-cloud-tools-virtual-lts-xenial - 4.4.0.214.187 linux-tools-generic-lts-xenial - 4.4.0.214.187 linux-signed-image-lowlatency-lts-xenial - 4.4.0.214.187 linux-tools-lowlatency-lts-xenial - 4.4.0.214.187 linux-image-extra-virtual-lts-xenial - 4.4.0.214.187 linux-headers-generic-lts-xenial - 4.4.0.214.187 linux-signed-lowlatency-lts-xenial - 4.4.0.214.187 linux-lowlatency-lts-xenial - 4.4.0.214.187 linux-signed-generic-lts-xenial - 4.4.0.214.187 linux-headers-lowlatency-lts-xenial - 4.4.0.214.187 linux-generic-lts-xenial - 4.4.0.214.187 linux-image-lowlatency-lts-xenial - 4.4.0.214.187 linux-headers-virtual-lts-xenial - 4.4.0.214.187 linux-signed-image-generic-lts-xenial - 4.4.0.214.187 linux-cloud-tools-generic-lts-xenial - 4.4.0.214.187 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.214.187 linux-image-virtual-lts-xenial - 4.4.0.214.187 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3653 Ubuntu 14.04 LTS USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5064-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.11+dfsg-1ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-38185 Ubuntu 14.04 LTS It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. (CVE-2017-6363) It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. (CVE-2021-381) It was discovered that GD Graphics Library incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. (CVE-2021-40145) Update Instructions: Run `sudo pro fix USN-5068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.0-3ubuntu0.11+esm2 libgd2-xpm-dev - 2.1.0-3ubuntu0.11+esm2 libgd-tools - 2.1.0-3ubuntu0.11+esm2 libgd2-noxpm-dev - 2.1.0-3ubuntu0.11+esm2 libgd-dev - 2.1.0-3ubuntu0.11+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-6363 CVE-2021-38115 CVE-2021-40145 Ubuntu 14.04 LTS Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Update Instructions: Run `sudo pro fix USN-5073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-cloud-tools-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-headers-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-azure-headers-4.15.0-1123 - 4.15.0-1123.136~14.04.1 linux-buildinfo-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-azure-tools-4.15.0-1123 - 4.15.0-1123.136~14.04.1 linux-modules-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-modules-extra-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-image-unsigned-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-image-4.15.0-1123-azure - 4.15.0-1123.136~14.04.1 linux-azure-cloud-tools-4.15.0-1123 - 4.15.0-1123.136~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1123.96 linux-signed-image-azure - 4.15.0.1123.96 linux-modules-extra-azure - 4.15.0.1123.96 linux-headers-azure - 4.15.0.1123.96 linux-azure - 4.15.0.1123.96 linux-tools-azure - 4.15.0.1123.96 linux-cloud-tools-azure - 4.15.0.1123.96 linux-image-azure - 4.15.0.1123.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-34693 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 CVE-2021-38160 Ubuntu 14.04 LTS USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch and Stephen Röttger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information. Update Instructions: Run `sudo pro fix USN-5077-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.14.1-0ubuntu3.29+esm8 python3-problem-report - 2.14.1-0ubuntu3.29+esm8 apport-kde - 2.14.1-0ubuntu3.29+esm8 apport-retrace - 2.14.1-0ubuntu3.29+esm8 apport-valgrind - 2.14.1-0ubuntu3.29+esm8 python3-apport - 2.14.1-0ubuntu3.29+esm8 dh-apport - 2.14.1-0ubuntu3.29+esm8 apport-gtk - 2.14.1-0ubuntu3.29+esm8 apport - 2.14.1-0ubuntu3.29+esm8 python-problem-report - 2.14.1-0ubuntu3.29+esm8 apport-noui - 2.14.1-0ubuntu3.29+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3709 CVE-2021-3710 Ubuntu 14.04 LTS USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update Instructions: Run `sudo pro fix USN-5079-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm8 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm8 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm8 libcurl4-doc - 7.35.0-1ubuntu2.20+esm8 libcurl3-nss - 7.35.0-1ubuntu2.20+esm8 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm8 libcurl3 - 7.35.0-1ubuntu2.20+esm8 curl - 7.35.0-1ubuntu2.20+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22946 CVE-2021-22947 Ubuntu 14.04 LTS USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update Instructions: Run `sudo pro fix USN-5079-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm9 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm9 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm9 libcurl4-doc - 7.35.0-1ubuntu2.20+esm9 libcurl3-nss - 7.35.0-1ubuntu2.20+esm9 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm9 libcurl3 - 7.35.0-1ubuntu2.20+esm9 curl - 7.35.0-1ubuntu2.20+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1944120 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733) It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737) Update Instructions: Run `sudo pro fix USN-5083-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm11 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm11 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm11 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm11 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm11 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm11 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm11 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm11 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm11 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm11 python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm11 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3733 CVE-2021-3737 Ubuntu 14.04 LTS USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA. Update Instructions: Run `sudo pro fix USN-5089-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20190110~14.04.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1944481 Ubuntu 14.04 LTS USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update Instructions: Run `sudo pro fix USN-5090-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm2 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm2 apache2-utils - 2.4.7-1ubuntu4.22+esm2 apache2-dev - 2.4.7-1ubuntu4.22+esm2 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm2 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm2 apache2-suexec - 2.4.7-1ubuntu4.22+esm2 apache2 - 2.4.7-1ubuntu4.22+esm2 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm2 apache2-doc - 2.4.7-1ubuntu4.22+esm2 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm2 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm2 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm2 apache2-bin - 2.4.7-1ubuntu4.22+esm2 apache2.2-bin - 2.4.7-1ubuntu4.22+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 Ubuntu 14.04 LTS Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3770) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2021-3778) Dhiraj Mishra discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2021-3796) Update Instructions: Run `sudo pro fix USN-5093-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm3 vim-gnome - 2:7.4.052-1ubuntu3.1+esm3 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm3 vim-athena - 2:7.4.052-1ubuntu3.1+esm3 vim-gtk - 2:7.4.052-1ubuntu3.1+esm3 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm3 vim - 2:7.4.052-1ubuntu3.1+esm3 vim-doc - 2:7.4.052-1ubuntu3.1+esm3 vim-tiny - 2:7.4.052-1ubuntu3.1+esm3 vim-runtime - 2:7.4.052-1ubuntu3.1+esm3 vim-nox - 2:7.4.052-1ubuntu3.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3770 CVE-2021-3778 CVE-2021-3796 Ubuntu 14.04 LTS It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in the Linux kernel did not properly validate RTAS arguments in some situations. An attacker in a guest vm could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code. (CVE-2021-37576) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) Update Instructions: Run `sudo pro fix USN-5094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-modules-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-azure-headers-4.15.0-1124 - 4.15.0-1124.137~14.04.1 linux-image-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-tools-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-image-unsigned-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-buildinfo-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-cloud-tools-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-azure-tools-4.15.0-1124 - 4.15.0-1124.137~14.04.1 linux-headers-4.15.0-1124-azure - 4.15.0-1124.137~14.04.1 linux-azure-cloud-tools-4.15.0-1124 - 4.15.0-1124.137~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1124.97 linux-cloud-tools-azure - 4.15.0.1124.97 linux-azure - 4.15.0.1124.97 linux-modules-extra-azure - 4.15.0.1124.97 linux-signed-image-azure - 4.15.0.1124.97 linux-headers-azure - 4.15.0.1124.97 linux-tools-azure - 4.15.0.1124.97 linux-image-azure - 4.15.0.1124.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22543 CVE-2021-3679 CVE-2021-3732 CVE-2021-37576 CVE-2021-38204 CVE-2021-38205 Ubuntu 14.04 LTS USN-5102-1 fixed vulnerabilities in Mercurial. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. (CVE-2019-3902) It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-17983) Update Instructions: Run `sudo pro fix USN-5102-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mercurial - 2.8.2-1ubuntu1.4+esm1 mercurial-common - 2.8.2-1ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-3902 CVE-2018-17983 Ubuntu 14.04 LTS USN-5108-1 fixed a vulnerability in Libntlm. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a denial of service or another unspecified impact. Update Instructions: Run `sudo pro fix USN-5108-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libntlm0 - 1.4-1ubuntu0.1~esm1 libntlm0-dev - 1.4-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17455 Ubuntu 14.04 LTS It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5109-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.9+esm3 nginx-core - 1.4.6-1ubuntu3.9+esm3 nginx-common - 1.4.6-1ubuntu3.9+esm3 nginx-full - 1.4.6-1ubuntu3.9+esm3 nginx - 1.4.6-1ubuntu3.9+esm3 nginx-doc - 1.4.6-1ubuntu3.9+esm3 nginx-naxsi - 1.4.6-1ubuntu3.9+esm3 nginx-naxsi-ui - 1.4.6-1ubuntu3.9+esm3 nginx-light - 1.4.6-1ubuntu3.9+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-20005 Ubuntu 14.04 LTS USN-5111-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-41991) Update Instructions: Run `sudo pro fix USN-5111-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-unbound - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-farp - 5.1.2-0ubuntu2.11+esm1 strongswan-ikev1 - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-coupling - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-lookip - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.11+esm1 strongswan-ike - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-ntru - 5.1.2-0ubuntu2.11+esm1 strongswan-tnc-server - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.11+esm1 strongswan-tnc-base - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.11+esm1 strongswan-starter - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-curl - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-radattr - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-soup - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-mysql - 5.1.2-0ubuntu2.11+esm1 strongswan-ikev2 - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-sql - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-openssl - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.11+esm1 strongswan-pt-tls-client - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.11+esm1 strongswan-nm - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-ldap - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.11+esm1 strongswan-tnc-pdp - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.11+esm1 strongswan-tnc-client - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-led - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-gmp - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-agent - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-pgp - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-unity - 5.1.2-0ubuntu2.11+esm1 strongswan - 5.1.2-0ubuntu2.11+esm1 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.11+esm1 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.11+esm1 libstrongswan - 5.1.2-0ubuntu2.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-41991 Ubuntu 14.04 LTS It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Update Instructions: Run `sudo pro fix USN-5114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-image-unsigned-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-tools-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-azure-headers-4.15.0-1125 - 4.15.0-1125.138~14.04.1 linux-modules-extra-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-cloud-tools-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-azure-tools-4.15.0-1125 - 4.15.0-1125.138~14.04.1 linux-buildinfo-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-headers-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-modules-4.15.0-1125-azure - 4.15.0-1125.138~14.04.1 linux-azure-cloud-tools-4.15.0-1125 - 4.15.0-1125.138~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1125.98 linux-headers-azure - 4.15.0.1125.98 linux-azure - 4.15.0.1125.98 linux-signed-image-azure - 4.15.0.1125.98 linux-modules-extra-azure - 4.15.0.1125.98 linux-cloud-tools-azure - 4.15.0.1125.98 linux-tools-azure - 4.15.0.1125.98 linux-image-azure - 4.15.0.1125.98 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-3702 CVE-2021-38198 CVE-2021-40490 CVE-2021-42008 Ubuntu 14.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash. (CVE-2021-30498, CVE-2021-30499) Update Instructions: Run `sudo pro fix USN-5119-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta18-1ubuntu5.1+esm2 libcaca-dev - 0.99.beta18-1ubuntu5.1+esm2 libcaca0 - 0.99.beta18-1ubuntu5.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-30498 CVE-2021-30499 Ubuntu 14.04 LTS USN-5122-1 fixed a vulnerability in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. On Ubuntu 16.04 ESM This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. On Ubuntu 14.04 ESM, core file generation has been disabled by default. Update Instructions: Run `sudo pro fix USN-5122-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.14.1-0ubuntu3.29+esm9 python3-problem-report - 2.14.1-0ubuntu3.29+esm9 apport-kde - 2.14.1-0ubuntu3.29+esm9 apport-retrace - 2.14.1-0ubuntu3.29+esm9 apport-valgrind - 2.14.1-0ubuntu3.29+esm9 python3-apport - 2.14.1-0ubuntu3.29+esm9 dh-apport - 2.14.1-0ubuntu3.29+esm9 apport-gtk - 2.14.1-0ubuntu3.29+esm9 python-apport - 2.14.1-0ubuntu3.29+esm9 python-problem-report - 2.14.1-0ubuntu3.29+esm9 apport-noui - 2.14.1-0ubuntu3.29+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1948657 Ubuntu 14.04 LTS It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php5-recode - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-enchant - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-intl - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-snmp - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-mysql - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-odbc - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-xsl - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-gd - 5.5.9+dfsg-1ubuntu4.29+esm15 libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-tidy - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-dev - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-pgsql - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-readline - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-gmp - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-sqlite - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-ldap - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-mysqlnd - 5.5.9+dfsg-1ubuntu4.29+esm15 php5 - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm15 php-pear - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-sybase - 5.5.9+dfsg-1ubuntu4.29+esm15 libapache2-mod-php5filter - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-pspell - 5.5.9+dfsg-1ubuntu4.29+esm15 php5-common - 5.5.9+dfsg-1ubuntu4.29+esm15 libphp5-embed - 5.5.9+dfsg-1ubuntu4.29+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-21703 Ubuntu 14.04 LTS USN-5126-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5126-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm5 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm5 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm5 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm5 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 host - 1:9.9.5.dfsg-3ubuntu0.19+esm5 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm5 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm5 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25219 Ubuntu 14.04 LTS Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Update Instructions: Run `sudo pro fix USN-5130-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-common - 3.13.0-188.239 linux-image-unsigned-3.13.0-188-lowlatency - 3.13.0-188.239 linux-tools-3.13.0-188-powerpc-smp - 3.13.0-188.239 linux-headers-3.13.0-188-powerpc-smp - 3.13.0-188.239 linux-tools-3.13.0-188 - 3.13.0-188.239 linux-doc - 3.13.0-188.239 linux-headers-3.13.0-188-powerpc-e500mc - 3.13.0-188.239 linux-tools-3.13.0-188-powerpc64-emb - 3.13.0-188.239 linux-headers-3.13.0-188-generic - 3.13.0-188.239 linux-image-3.13.0-188-powerpc-e500 - 3.13.0-188.239 linux-modules-3.13.0-188-generic-lpae - 3.13.0-188.239 linux-modules-3.13.0-188-powerpc64-emb - 3.13.0-188.239 linux-buildinfo-3.13.0-188-lowlatency - 3.13.0-188.239 linux-image-3.13.0-188-generic - 3.13.0-188.239 linux-buildinfo-3.13.0-188-powerpc64-emb - 3.13.0-188.239 linux-headers-3.13.0-188-powerpc64-emb - 3.13.0-188.239 linux-buildinfo-3.13.0-188-powerpc64-smp - 3.13.0-188.239 linux-image-3.13.0-188-powerpc64-emb - 3.13.0-188.239 linux-buildinfo-3.13.0-188-powerpc-e500mc - 3.13.0-188.239 linux-libc-dev - 3.13.0-188.239 linux-image-unsigned-3.13.0-188-generic - 3.13.0-188.239 linux-headers-3.13.0-188-lowlatency - 3.13.0-188.239 linux-cloud-tools-common - 3.13.0-188.239 linux-source-3.13.0 - 3.13.0-188.239 linux-tools-3.13.0-188-powerpc-e500 - 3.13.0-188.239 linux-headers-3.13.0-188-powerpc-e500 - 3.13.0-188.239 linux-buildinfo-3.13.0-188-generic-lpae - 3.13.0-188.239 linux-tools-3.13.0-188-lowlatency - 3.13.0-188.239 linux-modules-3.13.0-188-generic - 3.13.0-188.239 linux-image-3.13.0-188-powerpc64-smp - 3.13.0-188.239 linux-image-3.13.0-188-powerpc-e500mc - 3.13.0-188.239 linux-buildinfo-3.13.0-188-generic - 3.13.0-188.239 linux-cloud-tools-3.13.0-188-lowlatency - 3.13.0-188.239 linux-buildinfo-3.13.0-188-powerpc-e500 - 3.13.0-188.239 linux-headers-3.13.0-188 - 3.13.0-188.239 linux-modules-3.13.0-188-powerpc-e500mc - 3.13.0-188.239 linux-modules-3.13.0-188-powerpc-e500 - 3.13.0-188.239 linux-cloud-tools-3.13.0-188-generic - 3.13.0-188.239 linux-modules-3.13.0-188-lowlatency - 3.13.0-188.239 linux-tools-3.13.0-188-powerpc-e500mc - 3.13.0-188.239 linux-tools-3.13.0-188-generic - 3.13.0-188.239 linux-tools-3.13.0-188-powerpc64-smp - 3.13.0-188.239 linux-tools-3.13.0-188-generic-lpae - 3.13.0-188.239 linux-image-3.13.0-188-powerpc-smp - 3.13.0-188.239 linux-headers-3.13.0-188-generic-lpae - 3.13.0-188.239 linux-modules-3.13.0-188-powerpc-smp - 3.13.0-188.239 linux-modules-3.13.0-188-powerpc64-smp - 3.13.0-188.239 linux-cloud-tools-3.13.0-188 - 3.13.0-188.239 linux-headers-3.13.0-188-powerpc64-smp - 3.13.0-188.239 linux-image-3.13.0-188-lowlatency - 3.13.0-188.239 linux-buildinfo-3.13.0-188-powerpc-smp - 3.13.0-188.239 linux-image-3.13.0-188-generic-lpae - 3.13.0-188.239 linux-modules-extra-3.13.0-188-generic - 3.13.0-188.239 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-powerpc-e500mc - 3.13.0.188.197 linux-omap - 3.13.0.188.197 linux-headers-generic-lts-saucy - 3.13.0.188.197 linux-cloud-tools-virtual - 3.13.0.188.197 linux-signed-generic-lts-raring - 3.13.0.188.197 linux-headers-generic-lpae - 3.13.0.188.197 linux-headers-powerpc-smp - 3.13.0.188.197 linux-image-virtual - 3.13.0.188.197 linux-image-powerpc-e500 - 3.13.0.188.197 linux-signed-generic-lts-quantal - 3.13.0.188.197 linux-tools-powerpc64-smp - 3.13.0.188.197 linux-image-generic - 3.13.0.188.197 linux-headers-powerpc64-smp - 3.13.0.188.197 linux-tools-powerpc-smp - 3.13.0.188.197 linux-headers-generic-pae - 3.13.0.188.197 linux-generic-lpae-lts-trusty - 3.13.0.188.197 linux-image-lowlatency-pae - 3.13.0.188.197 linux-signed-image-generic-lts-raring - 3.13.0.188.197 linux-powerpc64-smp - 3.13.0.188.197 linux-signed-image-generic-lts-saucy - 3.13.0.188.197 linux-image-generic-lpae-lts-trusty - 3.13.0.188.197 linux-signed-image-generic-lts-trusty - 3.13.0.188.197 linux-generic-pae - 3.13.0.188.197 linux-tools-lts-trusty - 3.13.0.188.197 linux-image-generic-lts-raring - 3.13.0.188.197 linux-headers-generic-lpae-lts-trusty - 3.13.0.188.197 linux-crashdump - 3.13.0.188.197 linux-headers-powerpc64-emb - 3.13.0.188.197 linux-powerpc-smp - 3.13.0.188.197 linux-headers-highbank - 3.13.0.188.197 linux-image-powerpc64-emb - 3.13.0.188.197 linux-tools-generic-lts-trusty - 3.13.0.188.197 linux-lowlatency - 3.13.0.188.197 linux-tools-generic-lts-saucy - 3.13.0.188.197 linux-source - 3.13.0.188.197 linux-signed-image-generic - 3.13.0.188.197 linux-image-highbank - 3.13.0.188.197 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.188.197 linux-tools-generic-lpae - 3.13.0.188.197 linux-cloud-tools-generic - 3.13.0.188.197 linux-generic-lts-quantal-eol-upgrade - 3.13.0.188.197 linux-tools-lts-saucy - 3.13.0.188.197 linux-tools-lts-quantal - 3.13.0.188.197 linux-image-hwe-generic-trusty - 3.13.0.188.197 linux-powerpc-e500mc - 3.13.0.188.197 linux-image-generic-lts-saucy - 3.13.0.188.197 linux-headers-generic-lts-raring - 3.13.0.188.197 linux-tools-powerpc64-emb - 3.13.0.188.197 linux-lowlatency-pae - 3.13.0.188.197 linux-tools-virtual - 3.13.0.188.197 linux-image-server - 3.13.0.188.197 linux-generic-lts-trusty - 3.13.0.188.197 linux-image-powerpc-e500mc - 3.13.0.188.197 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.188.197 linux-headers-generic-lts-trusty - 3.13.0.188.197 linux-image-generic-pae - 3.13.0.188.197 linux-generic-lpae - 3.13.0.188.197 linux-headers-generic-lpae-lts-saucy - 3.13.0.188.197 linux-generic-lpae-lts-saucy - 3.13.0.188.197 linux-headers-server - 3.13.0.188.197 linux-generic - 3.13.0.188.197 linux-image-generic-lts-quantal - 3.13.0.188.197 linux-server - 3.13.0.188.197 linux-virtual - 3.13.0.188.197 linux-image-generic-lts-trusty - 3.13.0.188.197 linux-generic-lts-quantal - 3.13.0.188.197 linux-generic-lts-raring-eol-upgrade - 3.13.0.188.197 linux-powerpc-e500 - 3.13.0.188.197 linux-tools-generic-lpae-lts-saucy - 3.13.0.188.197 linux-headers-lowlatency - 3.13.0.188.197 linux-highbank - 3.13.0.188.197 linux-signed-generic-lts-trusty - 3.13.0.188.197 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.188.197 linux-tools-generic-lpae-lts-trusty - 3.13.0.188.197 linux-image-hwe-virtual-trusty - 3.13.0.188.197 linux-image-powerpc-smp - 3.13.0.188.197 linux-generic-lpae-lts-saucy-eol-upgrade - 3.13.0.188.197 linux-image-omap - 3.13.0.188.197 linux-signed-image-generic-lts-quantal - 3.13.0.188.197 linux-headers-lowlatency-pae - 3.13.0.188.197 linux-image-generic-lpae - 3.13.0.188.197 linux-hwe-generic-trusty - 3.13.0.188.197 linux-tools-generic - 3.13.0.188.197 linux-generic-lts-raring - 3.13.0.188.197 linux-image-extra-virtual - 3.13.0.188.197 linux-signed-generic-lts-saucy - 3.13.0.188.197 linux-cloud-tools-lowlatency - 3.13.0.188.197 linux-headers-powerpc-e500 - 3.13.0.188.197 linux-generic-lts-saucy - 3.13.0.188.197 hv-kvp-daemon-init - 3.13.0.188.197 linux-headers-generic - 3.13.0.188.197 linux-image-lowlatency - 3.13.0.188.197 linux-tools-lts-raring - 3.13.0.188.197 linux-tools-lowlatency - 3.13.0.188.197 linux-powerpc64-emb - 3.13.0.188.197 linux-generic-lts-saucy-eol-upgrade - 3.13.0.188.197 linux-headers-generic-lts-quantal - 3.13.0.188.197 linux-headers-virtual - 3.13.0.188.197 linux-tools-powerpc-e500 - 3.13.0.188.197 linux-tools-powerpc-e500mc - 3.13.0.188.197 linux-headers-omap - 3.13.0.188.197 linux-signed-generic - 3.13.0.188.197 linux-image-generic-lpae-lts-saucy - 3.13.0.188.197 linux-hwe-virtual-trusty - 3.13.0.188.197 linux-image-powerpc64-smp - 3.13.0.188.197 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-29660 CVE-2020-29661 Ubuntu 14.04 LTS It was discovered that ICU contains a use after free issue. An attacker could use this issue to cause a denial of service with crafted input. Update Instructions: Run `sudo pro fix USN-5133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 52.1-3ubuntu0.8+esm2 libicu52 - 52.1-3ubuntu0.8+esm2 libicu-dev - 52.1-3ubuntu0.8+esm2 icu-doc - 52.1-3ubuntu0.8+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-21913 Ubuntu 14.04 LTS It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2020-36322) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-3655) It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2021-3743) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3759) Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client. (CVE-2021-38199) It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller implementation in the Linux kernel did not properly perform boundary checks in some situations, allowing out-of-bounds write access. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. In Ubuntu, this issue only affected systems running armhf kernels. (CVE-2021-42252) Update Instructions: Run `sudo pro fix USN-5136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-modules-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-azure-headers-4.15.0-1126 - 4.15.0-1126.139~14.04.1 linux-buildinfo-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-image-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-headers-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-azure-tools-4.15.0-1126 - 4.15.0-1126.139~14.04.1 linux-tools-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-modules-extra-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-cloud-tools-4.15.0-1126-azure - 4.15.0-1126.139~14.04.1 linux-azure-cloud-tools-4.15.0-1126 - 4.15.0-1126.139~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1126.99 linux-signed-image-azure - 4.15.0.1126.99 linux-modules-extra-azure - 4.15.0.1126.99 linux-headers-azure - 4.15.0.1126.99 linux-azure - 4.15.0.1126.99 linux-tools-azure - 4.15.0.1126.99 linux-cloud-tools-azure - 4.15.0.1126.99 linux-image-azure - 4.15.0.1126.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19449 CVE-2020-36322 CVE-2020-36385 CVE-2021-3655 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38199 CVE-2021-42252 Ubuntu 14.04 LTS It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-20807) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3903) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3927) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3928) Update Instructions: Run `sudo pro fix USN-5147-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm4 vim-gnome - 2:7.4.052-1ubuntu3.1+esm4 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm4 vim-athena - 2:7.4.052-1ubuntu3.1+esm4 vim-gtk - 2:7.4.052-1ubuntu3.1+esm4 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm4 vim - 2:7.4.052-1ubuntu3.1+esm4 vim-doc - 2:7.4.052-1ubuntu3.1+esm4 vim-tiny - 2:7.4.052-1ubuntu3.1+esm4 vim-runtime - 2:7.4.052-1ubuntu3.1+esm4 vim-nox - 2:7.4.052-1ubuntu3.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17087 CVE-2019-20807 CVE-2021-3872 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 Ubuntu 14.04 LTS USN-5148-1 fixed a vulnerability in hivex. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5148-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhivex-bin - 1.3.9-2ubuntu0.1~esm1 libhivex-ocaml-dev - 1.3.9-2ubuntu0.1~esm1 libhivex-dev - 1.3.9-2ubuntu0.1~esm1 libhivex0 - 1.3.9-2ubuntu0.1~esm1 python3-hivex - 1.3.9-2ubuntu0.1~esm1 libwin-hivex-perl - 1.3.9-2ubuntu0.1~esm1 libhivex-ocaml - 1.3.9-2ubuntu0.1~esm1 python-hivex - 1.3.9-2ubuntu0.1~esm1 ruby-hivex - 1.3.9-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3504 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20244) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. (CVE-2021-20313) Update Instructions: Run `sudo pro fix USN-5158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm1 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm1 imagemagick - 8:6.7.7.10-6ubuntu3.13+esm1 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13+esm1 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm1 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm1 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13+esm1 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13+esm1 libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm1 perlmagick - 8:6.7.7.10-6ubuntu3.13+esm1 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20244 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 Ubuntu 14.04 LTS It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server. Update Instructions: Run `sudo pro fix USN-5160-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mc-data - 3:4.8.11-1ubuntu0.1~esm1 mc - 3:4.8.11-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-36370 Ubuntu 14.04 LTS It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3744, CVE-2021-3764) Update Instructions: Run `sudo pro fix USN-5164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-modules-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-tools-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-buildinfo-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-image-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-modules-extra-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-azure-tools-4.15.0-1127 - 4.15.0-1127.140~14.04.1 linux-azure-headers-4.15.0-1127 - 4.15.0-1127.140~14.04.1 linux-azure-cloud-tools-4.15.0-1127 - 4.15.0-1127.140~14.04.1 linux-cloud-tools-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 linux-headers-4.15.0-1127-azure - 4.15.0-1127.140~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1127.100 linux-modules-extra-azure - 4.15.0.1127.100 linux-image-azure - 4.15.0.1127.100 linux-cloud-tools-azure - 4.15.0.1127.100 linux-headers-azure - 4.15.0.1127.100 linux-azure - 4.15.0.1127.100 linux-tools-azure - 4.15.0.1127.100 linux-signed-image-azure - 4.15.0.1127.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-37159 CVE-2021-3744 CVE-2021-3764 Ubuntu 14.04 LTS USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5168-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm9 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm9 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm9 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm9 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-43527 Ubuntu 14.04 LTS USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5168-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm10 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm10 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm10 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm10 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-43527 Ubuntu 14.04 LTS USN-5171-1 fixed vulnerabilities in Long Range ZIP. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Long Range ZIP incorrectly handled certain specially crafted lrz files. A remote attacker could possibly use this issue to cause a denial of service (crash) or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5171-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lrzip - 0.616-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-10685 CVE-2018-11496 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-9058 Ubuntu 14.04 LTS USN-5172-1 fixed vulnerabilities in uriparser. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. (CVE-2018-19198, CVE-2018-19199, CVE-2018-19200) It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information. (CVE-2018-20721) Update Instructions: Run `sudo pro fix USN-5172-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liburiparser-dev - 0.7.5-1ubuntu2+esm2 liburiparser1 - 0.7.5-1ubuntu2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721 Ubuntu 14.04 LTS USN-5173-1 fixed vulnerabilities in libmodbus. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5173-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmodbus-dev - 3.0.5-1ubuntu0.1~esm1 libmodbus5 - 3.0.5-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14462 CVE-2019-14463 Ubuntu 14.04 LTS It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine. Update Instructions: Run `sudo pro fix USN-5177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: inetutils-tools - 2:1.9.2-1ubuntu0.1~esm1 inetutils-ftpd - 2:1.9.2-1ubuntu0.1~esm1 inetutils-talkd - 2:1.9.2-1ubuntu0.1~esm1 inetutils-traceroute - 2:1.9.2-1ubuntu0.1~esm1 inetutils-talk - 2:1.9.2-1ubuntu0.1~esm1 inetutils-telnetd - 2:1.9.2-1ubuntu0.1~esm1 inetutils-inetd - 2:1.9.2-1ubuntu0.1~esm1 inetutils-ping - 2:1.9.2-1ubuntu0.1~esm1 inetutils-syslogd - 2:1.9.2-1ubuntu0.1~esm1 inetutils-ftp - 2:1.9.2-1ubuntu0.1~esm1 inetutils-telnet - 2:1.9.2-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-40491 Ubuntu 14.04 LTS It was discovered that MATIO incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmatio2-dbgsym - 1.5.2-1ubuntu1+esm1 libmatio-dev-dbgsym - 1.5.2-1ubuntu1+esm1 libmatio-dev - 1.5.2-1ubuntu1+esm1 libmatio2 - 1.5.2-1ubuntu1+esm1 libmatio-doc - 1.5.2-1ubuntu1+esm1 libmatio2-dbg - 1.5.2-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17533 Ubuntu 14.04 LTS It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.40.2-0ubuntu1.1+esm4 libglib2.0-0-refdbg - 2.40.2-0ubuntu1.1+esm4 libglib2.0-data - 2.40.2-0ubuntu1.1+esm4 libglib2.0-tests - 2.40.2-0ubuntu1.1+esm4 libglib2.0-doc - 2.40.2-0ubuntu1.1+esm4 libglib2.0-bin - 2.40.2-0ubuntu1.1+esm4 libglib2.0-dev - 2.40.2-0ubuntu1.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3800 Ubuntu 14.04 LTS It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-12921) It was discovered that GraphicsMagick did not correctly handle memory allocations for error messages. An attacker could use this issue to corrupt memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950) It was discovered that GraphicsMagick did not correctly handle type limits. An attacker could use these issues to cause heap-based buffer overflows, leading to a denial of service (application crash) or possibly execute arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953) It was discovered that GraphicsMagick did not correctly handle the signed integer limit in 32-bit applications. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938) It was discovered that GraphicsMagick did not properly magnify certain images. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. (CVE-2020-12672) Update Instructions: Run `sudo pro fix USN-5190-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphicsmagick++3 - 1.3.18-1ubuntu3.1+esm7 libgraphics-magick-perl - 1.3.18-1ubuntu3.1+esm7 libgraphicsmagick1-dev - 1.3.18-1ubuntu3.1+esm7 libgraphicsmagick3 - 1.3.18-1ubuntu3.1+esm7 graphicsmagick - 1.3.18-1ubuntu3.1+esm7 graphicsmagick-imagemagick-compat - 1.3.18-1ubuntu3.1+esm7 graphicsmagick-libmagick-dev-compat - 1.3.18-1ubuntu3.1+esm7 libgraphicsmagick++1-dev - 1.3.18-1ubuntu3.1+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12921 CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 CVE-2020-10938 CVE-2020-12672 Ubuntu 14.04 LTS USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update Instructions: Run `sudo pro fix USN-5193-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm5 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm5 xdmx - 2:1.15.1-0ubuntu2.11+esm5 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm5 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm5 xvfb - 2:1.15.1-0ubuntu2.11+esm5 xnest - 2:1.15.1-0ubuntu2.11+esm5 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm5 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm5 xserver-common - 2:1.15.1-0ubuntu2.11+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4008 CVE-2021-4009 CVE-2021-4011 Ubuntu 14.04 LTS Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service. (CVE-2021-20317) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Update Instructions: Run `sudo pro fix USN-5209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-image-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-tools-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-azure-headers-4.15.0-1129 - 4.15.0-1129.142~14.04.1 linux-headers-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-modules-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-azure-cloud-tools-4.15.0-1129 - 4.15.0-1129.142~14.04.1 linux-buildinfo-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-azure-tools-4.15.0-1129 - 4.15.0-1129.142~14.04.1 linux-cloud-tools-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 linux-image-unsigned-4.15.0-1129-azure - 4.15.0-1129.142~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1129.102 linux-cloud-tools-azure - 4.15.0.1129.102 linux-modules-extra-azure - 4.15.0.1129.102 linux-image-azure - 4.15.0.1129.102 linux-headers-azure - 4.15.0.1129.102 linux-azure - 4.15.0.1129.102 linux-tools-azure - 4.15.0.1129.102 linux-signed-image-azure - 4.15.0.1129.102 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-20317 CVE-2021-20321 CVE-2021-3760 CVE-2021-4002 CVE-2021-41864 CVE-2021-43389 Ubuntu 14.04 LTS Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. Update Instructions: Run `sudo pro fix USN-5211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-3.13.0-189-generic - 3.13.0-189.240 linux-tools-common - 3.13.0-189.240 linux-modules-3.13.0-189-powerpc64-smp - 3.13.0-189.240 linux-image-3.13.0-189-generic - 3.13.0-189.240 linux-headers-3.13.0-189 - 3.13.0-189.240 linux-headers-3.13.0-189-powerpc64-emb - 3.13.0-189.240 linux-buildinfo-3.13.0-189-powerpc-e500mc - 3.13.0-189.240 linux-image-3.13.0-189-powerpc-e500 - 3.13.0-189.240 linux-tools-3.13.0-189 - 3.13.0-189.240 linux-doc - 3.13.0-189.240 linux-modules-3.13.0-189-powerpc-smp - 3.13.0-189.240 linux-libc-dev - 3.13.0-189.240 linux-source-3.13.0 - 3.13.0-189.240 linux-image-unsigned-3.13.0-189-generic - 3.13.0-189.240 linux-headers-3.13.0-189-lowlatency - 3.13.0-189.240 linux-cloud-tools-3.13.0-189-lowlatency - 3.13.0-189.240 linux-image-3.13.0-189-powerpc-smp - 3.13.0-189.240 linux-buildinfo-3.13.0-189-generic-lpae - 3.13.0-189.240 linux-buildinfo-3.13.0-189-powerpc64-smp - 3.13.0-189.240 linux-modules-3.13.0-189-powerpc-e500 - 3.13.0-189.240 linux-tools-3.13.0-189-powerpc-e500mc - 3.13.0-189.240 linux-modules-3.13.0-189-generic - 3.13.0-189.240 linux-modules-3.13.0-189-powerpc64-emb - 3.13.0-189.240 linux-buildinfo-3.13.0-189-powerpc-e500 - 3.13.0-189.240 linux-tools-3.13.0-189-generic - 3.13.0-189.240 linux-buildinfo-3.13.0-189-generic - 3.13.0-189.240 linux-modules-3.13.0-189-generic-lpae - 3.13.0-189.240 linux-modules-3.13.0-189-powerpc-e500mc - 3.13.0-189.240 linux-image-3.13.0-189-lowlatency - 3.13.0-189.240 linux-headers-3.13.0-189-powerpc64-smp - 3.13.0-189.240 linux-image-3.13.0-189-powerpc64-emb - 3.13.0-189.240 linux-buildinfo-3.13.0-189-lowlatency - 3.13.0-189.240 linux-tools-3.13.0-189-powerpc64-smp - 3.13.0-189.240 linux-cloud-tools-common - 3.13.0-189.240 linux-buildinfo-3.13.0-189-powerpc64-emb - 3.13.0-189.240 linux-modules-extra-3.13.0-189-generic - 3.13.0-189.240 linux-modules-3.13.0-189-lowlatency - 3.13.0-189.240 linux-tools-3.13.0-189-powerpc-e500 - 3.13.0-189.240 linux-tools-3.13.0-189-powerpc64-emb - 3.13.0-189.240 linux-headers-3.13.0-189-generic - 3.13.0-189.240 linux-image-3.13.0-189-powerpc-e500mc - 3.13.0-189.240 linux-buildinfo-3.13.0-189-powerpc-smp - 3.13.0-189.240 linux-image-unsigned-3.13.0-189-lowlatency - 3.13.0-189.240 linux-headers-3.13.0-189-powerpc-e500 - 3.13.0-189.240 linux-tools-3.13.0-189-generic-lpae - 3.13.0-189.240 linux-image-3.13.0-189-powerpc64-smp - 3.13.0-189.240 linux-tools-3.13.0-189-powerpc-smp - 3.13.0-189.240 linux-image-3.13.0-189-generic-lpae - 3.13.0-189.240 linux-tools-3.13.0-189-lowlatency - 3.13.0-189.240 linux-headers-3.13.0-189-powerpc-e500mc - 3.13.0-189.240 linux-cloud-tools-3.13.0-189 - 3.13.0-189.240 linux-headers-3.13.0-189-powerpc-smp - 3.13.0-189.240 linux-headers-3.13.0-189-generic-lpae - 3.13.0-189.240 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-generic-lts-saucy - 3.13.0.189.198 linux-cloud-tools-virtual - 3.13.0.189.198 linux-signed-generic-lts-raring - 3.13.0.189.198 linux-signed-generic-lts-trusty - 3.13.0.189.198 linux-headers-generic-lpae - 3.13.0.189.198 linux-headers-powerpc-smp - 3.13.0.189.198 linux-headers-generic - 3.13.0.189.198 linux-image-virtual - 3.13.0.189.198 linux-image-omap - 3.13.0.189.198 linux-headers-lowlatency-pae - 3.13.0.189.198 linux-headers-generic-lpae-lts-trusty - 3.13.0.189.198 linux-tools-powerpc64-smp - 3.13.0.189.198 linux-headers-powerpc64-emb - 3.13.0.189.198 linux-image-generic - 3.13.0.189.198 linux-tools-lowlatency - 3.13.0.189.198 linux-generic-lpae-lts-saucy-eol-upgrade - 3.13.0.189.198 linux-headers-powerpc64-smp - 3.13.0.189.198 linux-tools-powerpc-smp - 3.13.0.189.198 linux-headers-generic-pae - 3.13.0.189.198 linux-highbank - 3.13.0.189.198 linux-hwe-generic-trusty - 3.13.0.189.198 linux-image-lowlatency-pae - 3.13.0.189.198 linux-signed-image-generic-lts-raring - 3.13.0.189.198 linux-powerpc64-smp - 3.13.0.189.198 linux-signed-image-generic-lts-saucy - 3.13.0.189.198 linux-image-generic-lpae-lts-trusty - 3.13.0.189.198 linux-signed-image-generic-lts-trusty - 3.13.0.189.198 linux-generic-pae - 3.13.0.189.198 linux-tools-lts-trusty - 3.13.0.189.198 linux-image-generic-lts-raring - 3.13.0.189.198 linux-crashdump - 3.13.0.189.198 linux-powerpc-smp - 3.13.0.189.198 linux-headers-highbank - 3.13.0.189.198 linux-image-powerpc64-emb - 3.13.0.189.198 linux-tools-generic-lts-trusty - 3.13.0.189.198 linux-tools-generic-lts-saucy - 3.13.0.189.198 linux-source - 3.13.0.189.198 linux-signed-image-generic - 3.13.0.189.198 linux-lowlatency - 3.13.0.189.198 linux-image-highbank - 3.13.0.189.198 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.189.198 linux-tools-generic-lpae - 3.13.0.189.198 linux-cloud-tools-generic - 3.13.0.189.198 linux-generic-lts-quantal-eol-upgrade - 3.13.0.189.198 linux-tools-lts-saucy - 3.13.0.189.198 linux-tools-lts-quantal - 3.13.0.189.198 linux-generic-lts-saucy-eol-upgrade - 3.13.0.189.198 linux-powerpc-e500mc - 3.13.0.189.198 linux-image-generic-lts-saucy - 3.13.0.189.198 linux-headers-generic-lts-raring - 3.13.0.189.198 linux-tools-powerpc64-emb - 3.13.0.189.198 linux-lowlatency-pae - 3.13.0.189.198 linux-tools-virtual - 3.13.0.189.198 linux-image-server - 3.13.0.189.198 linux-generic-lts-trusty - 3.13.0.189.198 linux-image-powerpc-e500mc - 3.13.0.189.198 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.189.198 linux-signed-generic-lts-quantal - 3.13.0.189.198 linux-image-generic-pae - 3.13.0.189.198 linux-generic-lpae - 3.13.0.189.198 linux-generic-lpae-lts-saucy - 3.13.0.189.198 linux-headers-server - 3.13.0.189.198 linux-generic - 3.13.0.189.198 linux-image-generic-lts-quantal - 3.13.0.189.198 linux-server - 3.13.0.189.198 linux-virtual - 3.13.0.189.198 linux-image-generic-lts-trusty - 3.13.0.189.198 linux-generic-lts-quantal - 3.13.0.189.198 linux-tools-lts-raring - 3.13.0.189.198 linux-powerpc-e500 - 3.13.0.189.198 linux-cloud-tools-lowlatency - 3.13.0.189.198 linux-omap - 3.13.0.189.198 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.189.198 linux-tools-generic-lpae-lts-trusty - 3.13.0.189.198 linux-image-hwe-virtual-trusty - 3.13.0.189.198 linux-image-powerpc-smp - 3.13.0.189.198 linux-signed-image-generic-lts-quantal - 3.13.0.189.198 linux-headers-generic-lts-quantal - 3.13.0.189.198 linux-headers-omap - 3.13.0.189.198 linux-tools-generic - 3.13.0.189.198 linux-generic-lts-raring - 3.13.0.189.198 linux-image-extra-virtual - 3.13.0.189.198 linux-headers-generic-lpae-lts-saucy - 3.13.0.189.198 linux-signed-generic-lts-saucy - 3.13.0.189.198 linux-headers-powerpc-e500 - 3.13.0.189.198 linux-generic-lts-saucy - 3.13.0.189.198 hv-kvp-daemon-init - 3.13.0.189.198 linux-headers-powerpc-e500mc - 3.13.0.189.198 linux-image-powerpc-e500 - 3.13.0.189.198 linux-generic-lpae-lts-trusty - 3.13.0.189.198 linux-powerpc64-emb - 3.13.0.189.198 linux-image-hwe-generic-trusty - 3.13.0.189.198 linux-headers-virtual - 3.13.0.189.198 linux-headers-generic-lts-trusty - 3.13.0.189.198 linux-tools-generic-lpae-lts-saucy - 3.13.0.189.198 linux-tools-powerpc-e500 - 3.13.0.189.198 linux-headers-lowlatency - 3.13.0.189.198 linux-tools-powerpc-e500mc - 3.13.0.189.198 linux-image-generic-lpae - 3.13.0.189.198 linux-signed-generic - 3.13.0.189.198 linux-image-generic-lpae-lts-saucy - 3.13.0.189.198 linux-hwe-virtual-trusty - 3.13.0.189.198 linux-image-powerpc64-smp - 3.13.0.189.198 linux-generic-lts-raring-eol-upgrade - 3.13.0.189.198 linux-image-lowlatency - 3.13.0.189.198 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.4.0-1098-aws - 4.4.0-1098.103 linux-aws-cloud-tools-4.4.0-1098 - 4.4.0-1098.103 linux-tools-4.4.0-1098-aws - 4.4.0-1098.103 linux-aws-headers-4.4.0-1098 - 4.4.0-1098.103 linux-aws-tools-4.4.0-1098 - 4.4.0-1098.103 linux-image-4.4.0-1098-aws - 4.4.0-1098.103 linux-buildinfo-4.4.0-1098-aws - 4.4.0-1098.103 linux-headers-4.4.0-1098-aws - 4.4.0-1098.103 linux-modules-4.4.0-1098-aws - 4.4.0-1098.103 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-218 - 4.4.0-218.251~14.04.1 linux-lts-xenial-tools-4.4.0-218 - 4.4.0-218.251~14.04.1 linux-headers-4.4.0-218 - 4.4.0-218.251~14.04.1 linux-buildinfo-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-modules-extra-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-image-unsigned-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 linux-image-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-image-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 linux-buildinfo-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 linux-headers-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-headers-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 linux-cloud-tools-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-tools-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-tools-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 linux-modules-4.4.0-218-generic - 4.4.0-218.251~14.04.1 linux-cloud-tools-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 linux-modules-4.4.0-218-lowlatency - 4.4.0-218.251~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1098.96 linux-image-aws - 4.4.0.1098.96 linux-aws - 4.4.0.1098.96 linux-tools-aws - 4.4.0.1098.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-virtual-lts-xenial - 4.4.0.218.189 linux-image-extra-virtual-lts-xenial - 4.4.0.218.189 linux-image-lowlatency-lts-xenial - 4.4.0.218.189 linux-tools-virtual-lts-xenial - 4.4.0.218.189 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.218.189 linux-tools-lowlatency-lts-xenial - 4.4.0.218.189 linux-headers-generic-lts-xenial - 4.4.0.218.189 linux-signed-lowlatency-lts-xenial - 4.4.0.218.189 linux-lowlatency-lts-xenial - 4.4.0.218.189 linux-signed-generic-lts-xenial - 4.4.0.218.189 linux-generic-lts-xenial - 4.4.0.218.189 linux-image-virtual-lts-xenial - 4.4.0.218.189 linux-virtual-lts-xenial - 4.4.0.218.189 linux-cloud-tools-generic-lts-xenial - 4.4.0.218.189 linux-signed-image-lowlatency-lts-xenial - 4.4.0.218.189 linux-signed-image-generic-lts-xenial - 4.4.0.218.189 linux-headers-virtual-lts-xenial - 4.4.0.218.189 linux-tools-generic-lts-xenial - 4.4.0.218.189 linux-headers-lowlatency-lts-xenial - 4.4.0.218.189 linux-image-generic-lts-xenial - 4.4.0.218.189 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-4002 Ubuntu 14.04 LTS USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44224) It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-44790) Update Instructions: Run `sudo pro fix USN-5212-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm3 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm3 apache2-utils - 2.4.7-1ubuntu4.22+esm3 apache2-dev - 2.4.7-1ubuntu4.22+esm3 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm3 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm3 apache2-suexec - 2.4.7-1ubuntu4.22+esm3 apache2 - 2.4.7-1ubuntu4.22+esm3 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm3 apache2-doc - 2.4.7-1ubuntu4.22+esm3 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm3 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm3 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm3 apache2-bin - 2.4.7-1ubuntu4.22+esm3 apache2.2-bin - 2.4.7-1ubuntu4.22+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-44224 CVE-2021-44790 Ubuntu 14.04 LTS It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-32626) It was discovered that Redis incorrectly handled some malformed requests when using Redis Lua Debugger. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672) It was discovered that Redis incorrectly handled certain Redis Standard Protocol (RESP) requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32675) It was discovered that Redis incorrectly handled some configuration parameters with specially crafted network payloads. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Vulnerabilities CVE-2021-32627 and CVE-2021-41099 only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32627, CVE-2021-32628, CVE-2021-32687, CVE-2021-41099). It was discovered that Redis incorrectly handled memory when processing certain input in 32-bit systems. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. One vulnerability (CVE-2021-32761) only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM and another vulnerability (CVE-2021-21309) only affected Ubuntu 18.04 ESM. (CVE-2021-32761, CVE-2021-21309). Update Instructions: Run `sudo pro fix USN-5221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-server - 2:2.8.4-2ubuntu0.2+esm2 redis-tools - 2:2.8.4-2ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-41099 CVE-2021-32761 CVE-2021-21309 Ubuntu 14.04 LTS It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.3.3-1ubuntu0.2+esm5 python-lxml - 3.3.3-1ubuntu0.2+esm5 python-lxml-doc - 3.3.3-1ubuntu0.2+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-43818 Ubuntu 14.04 LTS USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. (CVE-2021-23437) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-34552) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22815) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. (CVE-2022-22816) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22817) Update Instructions: Run `sudo pro fix USN-5227-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-imaging-tk - 2.3.0-1ubuntu3.4+esm3 python3-pil.imagetk - 2.3.0-1ubuntu3.4+esm3 python-imaging-compat - 2.3.0-1ubuntu3.4+esm3 python-imaging - 2.3.0-1ubuntu3.4+esm3 python-imaging-doc - 2.3.0-1ubuntu3.4+esm3 python-pil-doc - 2.3.0-1ubuntu3.4+esm3 python3-pil - 2.3.0-1ubuntu3.4+esm3 python-sane - 2.3.0-1ubuntu3.4+esm3 python-pil.imagetk - 2.3.0-1ubuntu3.4+esm3 python3-imaging - 2.3.0-1ubuntu3.4+esm3 python3-sane - 2.3.0-1ubuntu3.4+esm3 python-pil - 2.3.0-1ubuntu3.4+esm3 python-imaging-tk - 2.3.0-1ubuntu3.4+esm3 python-imaging-sane - 2.3.0-1ubuntu3.4+esm3 python3-imaging-sane - 2.3.0-1ubuntu3.4+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23437 CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 Ubuntu 14.04 LTS Jakub Żoczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain mail actions like 'mail-whois' on a target system, a remote attacker who was able to control whois responses to this target system could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fail2ban - 0.8.11-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32749 Ubuntu 14.04 LTS USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5233-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-20698 Ubuntu 14.04 LTS It was discovered that MediaInfoLib incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-26797) It was discovered that MediaInfoLib incorrectly handled certain specially crafted MpegPs files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15395) Update Instructions: Run `sudo pro fix USN-5237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mediainfodll - 0.7.67-2ubuntu1+esm2 libmediainfo-dev - 0.7.67-2ubuntu1+esm2 python3-mediainfodll - 0.7.67-2ubuntu1+esm2 libmediainfo0 - 0.7.67-2ubuntu1+esm2 libmediainfo-doc - 0.7.67-2ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-15395 CVE-2020-26797 Ubuntu 14.04 LTS It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttpmime-java - 4.3.3-1ubuntu0.1+esm2 libhttpclient-java - 4.3.3-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-13956 Ubuntu 14.04 LTS USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5243-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: aide-dynamic - 0.16~a2.git20130520-2ubuntu0.1+esm1 aide-common - 0.16~a2.git20130520-2ubuntu0.1+esm1 aide-xen - 0.16~a2.git20130520-2ubuntu0.1+esm1 aide - 0.16~a2.git20130520-2ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-45417 Ubuntu 14.04 LTS USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication. Update Instructions: Run `sudo pro fix USN-5250-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-unbound - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-farp - 5.1.2-0ubuntu2.11+esm2 strongswan-ikev1 - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-coupling - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-lookip - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.11+esm2 strongswan-ike - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-ntru - 5.1.2-0ubuntu2.11+esm2 strongswan-tnc-server - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.11+esm2 strongswan-tnc-base - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.11+esm2 strongswan-starter - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-curl - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-radattr - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-soup - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-mysql - 5.1.2-0ubuntu2.11+esm2 strongswan-ikev2 - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-sql - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-openssl - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.11+esm2 strongswan-pt-tls-client - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.11+esm2 strongswan-nm - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-ldap - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.11+esm2 strongswan-tnc-pdp - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.11+esm2 strongswan-tnc-client - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-led - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-gmp - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-agent - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-pgp - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-unity - 5.1.2-0ubuntu2.11+esm2 strongswan - 5.1.2-0ubuntu2.11+esm2 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.11+esm2 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.11+esm2 libstrongswan - 5.1.2-0ubuntu2.11+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-45079 Ubuntu 14.04 LTS It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system() function for execution of the ImageMagick convert command. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5251-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gegl - 0.2.0-4ubuntu1+esm1 libgegl-0.2-0 - 0.2.0-4ubuntu1+esm1 libgegl-doc - 0.2.0-4ubuntu1+esm1 libgegl-dev - 0.2.0-4ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-45463 Ubuntu 14.04 LTS USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Update Instructions: Run `sudo pro fix USN-5252-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-4ubuntu3.14.04.6+esm1 policykit-1-doc - 0.105-4ubuntu3.14.04.6+esm1 libpolkit-agent-1-0 - 0.105-4ubuntu3.14.04.6+esm1 libpolkit-gobject-1-dev - 0.105-4ubuntu3.14.04.6+esm1 libpolkit-gobject-1-0 - 0.105-4ubuntu3.14.04.6+esm1 policykit-1 - 0.105-4ubuntu3.14.04.6+esm1 gir1.2-polkit-1.0 - 0.105-4ubuntu3.14.04.6+esm1 libpolkit-backend-1-dev - 0.105-4ubuntu3.14.04.6+esm1 libpolkit-agent-1-dev - 0.105-4ubuntu3.14.04.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-4034 Ubuntu 14.04 LTS It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. (CVE-2019-16782) It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performing the necessary integrity checks. An attacker could possibly use this issue to overwrite existing cookie data and gain control over a remote system's behaviour. This issue only affected Ubuntu 14.04 ESM. (CVE-2020-8184) It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2022-30123) Update Instructions: Run `sudo pro fix USN-5253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librack-ruby - 1.5.2-3+deb8u3ubuntu1~esm4 librack-ruby1.8 - 1.5.2-3+deb8u3ubuntu1~esm4 librack-ruby1.9.1 - 1.5.2-3+deb8u3ubuntu1~esm4 ruby-rack - 1.5.2-3+deb8u3ubuntu1~esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16782 CVE-2020-8184 CVE-2022-30122 CVE-2022-30123 Ubuntu 14.04 LTS It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424) It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2018-7169) Update Instructions: Run `sudo pro fix USN-5254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.1.5.1-1ubuntu9.5+esm1 login - 1:4.1.5.1-1ubuntu9.5+esm1 uidmap - 1:4.1.5.1-1ubuntu9.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-12424 CVE-2018-7169 Ubuntu 14.04 LTS USN-5256-1 fixed several vulnerabilities in uriparser. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. Original advisory details: It was discovered that uriparser incorrectly handled certain memory operations. An attacker could use this to cause a denial of service. (CVE-2021-46141, CVE-2021-46142) Update Instructions: Run `sudo pro fix USN-5256-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liburiparser-dev - 0.7.5-1ubuntu2+esm3 liburiparser1 - 0.7.5-1ubuntu2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-46141 CVE-2021-46142 Ubuntu 14.04 LTS USN-5260-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. (CVE-2021-44142) Update Instructions: Run `sudo pro fix USN-5260-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-common - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-libs - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libsmbsharemodes0 - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libsmbsharemodes-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 python-samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 winbind - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 smbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 registry-tools - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 samba-doc - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 libpam-smbpass - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44142 Ubuntu 14.04 LTS Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2021-20322) It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5268-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-cloud-tools-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-modules-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-headers-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-image-unsigned-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-image-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-modules-extra-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-tools-4.15.0-1130-azure - 4.15.0-1130.143~14.04.1 linux-azure-headers-4.15.0-1130 - 4.15.0-1130.143~14.04.1 linux-azure-tools-4.15.0-1130 - 4.15.0-1130.143~14.04.1 linux-azure-cloud-tools-4.15.0-1130 - 4.15.0-1130.143~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1130.103 linux-signed-image-azure - 4.15.0.1130.103 linux-modules-extra-azure - 4.15.0.1130.103 linux-cloud-tools-azure - 4.15.0.1130.103 linux-headers-azure - 4.15.0.1130.103 linux-azure - 4.15.0.1130.103 linux-tools-azure - 4.15.0.1130.103 linux-image-azure - 4.15.0.1130.103 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20322 CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 Ubuntu 14.04 LTS USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2022-22818) Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service. (CVE-2022-23833) Update Instructions: Run `sudo pro fix USN-5269-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3+esm4 python-django - 1.6.11-0ubuntu1.3+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-22818 CVE-2022-23833 Ubuntu 14.04 LTS It was discovered that HDF5 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhdf5-doc - 1.8.11-5ubuntu7.1+esm2 libhdf5-mpich2-7 - 1.8.11-5ubuntu7.1+esm2 hdf5-helpers - 1.8.11-5ubuntu7.1+esm2 libhdf5-7 - 1.8.11-5ubuntu7.1+esm2 libhdf5-dev - 1.8.11-5ubuntu7.1+esm2 libhdf5-openmpi-dev - 1.8.11-5ubuntu7.1+esm2 libhdf5-mpich2-dev - 1.8.11-5ubuntu7.1+esm2 libhdf5-mpi-dev - 1.8.11-5ubuntu7.1+esm2 libhdf5-serial-dev - 1.8.11-5ubuntu7.1+esm2 libhdf5-openmpi-7 - 1.8.11-5ubuntu7.1+esm2 hdf5-tools - 1.8.11-5ubuntu7.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 Ubuntu 14.04 LTS It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1 - 2.1.0-4ubuntu1.4+esm4 lib64expat1-dev - 2.1.0-4ubuntu1.4+esm4 expat - 2.1.0-4ubuntu1.4+esm4 libexpat1-dev - 2.1.0-4ubuntu1.4+esm4 libexpat1 - 2.1.0-4ubuntu1.4+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 Ubuntu 14.04 LTS USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731) Update Instructions: Run `sudo pro fix USN-5292-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+14.04~esm1 ubuntu-core-launcher - 2.54.3+14.04~esm1 snap-confine - 2.54.3+14.04~esm1 ubuntu-snappy-cli - 2.54.3+14.04~esm1 golang-github-snapcore-snapd-dev - 2.54.3+14.04~esm1 snapd-xdg-open - 2.54.3+14.04~esm1 snapd - 2.54.3+14.04~esm1 golang-github-ubuntu-core-snappy-dev - 2.54.3+14.04~esm1 ubuntu-snappy - 2.54.3+14.04~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3155 CVE-2021-4120 CVE-2021-44730 CVE-2021-44731 Ubuntu 14.04 LTS USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731) Update Instructions: Run `sudo pro fix USN-5292-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+14.04.0ubuntu0.1~esm3 ubuntu-core-launcher - 2.54.3+14.04.0ubuntu0.1~esm3 snap-confine - 2.54.3+14.04.0ubuntu0.1~esm3 ubuntu-snappy-cli - 2.54.3+14.04.0ubuntu0.1~esm3 golang-github-snapcore-snapd-dev - 2.54.3+14.04.0ubuntu0.1~esm3 snapd-xdg-open - 2.54.3+14.04.0ubuntu0.1~esm3 snapd - 2.54.3+14.04.0ubuntu0.1~esm3 golang-github-ubuntu-core-snappy-dev - 2.54.3+14.04.0ubuntu0.1~esm3 ubuntu-snappy - 2.54.3+14.04.0ubuntu0.1~esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961365 https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961791 Ubuntu 14.04 LTS It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Jürgen Groß discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Update Instructions: Run `sudo pro fix USN-5298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-modules-extra-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-cloud-tools-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-image-unsigned-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-azure-tools-4.15.0-1131 - 4.15.0-1131.144~14.04.1 linux-azure-headers-4.15.0-1131 - 4.15.0-1131.144~14.04.1 linux-image-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-modules-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-buildinfo-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-tools-4.15.0-1131-azure - 4.15.0-1131.144~14.04.1 linux-azure-cloud-tools-4.15.0-1131 - 4.15.0-1131.144~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1131.104 linux-modules-extra-azure - 4.15.0.1131.104 linux-signed-image-azure - 4.15.0.1131.104 linux-image-azure - 4.15.0.1131.104 linux-cloud-tools-azure - 4.15.0.1131.104 linux-headers-azure - 4.15.0.1131.104 linux-azure - 4.15.0.1131.104 linux-tools-azure - 4.15.0.1131.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4202 CVE-2022-0330 CVE-2022-22942 Ubuntu 14.04 LTS Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45485) Update Instructions: Run `sudo pro fix USN-5299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-tools-4.4.0-1099 - 4.4.0-1099.104 linux-image-4.4.0-1099-aws - 4.4.0-1099.104 linux-headers-4.4.0-1099-aws - 4.4.0-1099.104 linux-aws-cloud-tools-4.4.0-1099 - 4.4.0-1099.104 linux-cloud-tools-4.4.0-1099-aws - 4.4.0-1099.104 linux-buildinfo-4.4.0-1099-aws - 4.4.0-1099.104 linux-aws-headers-4.4.0-1099 - 4.4.0-1099.104 linux-modules-4.4.0-1099-aws - 4.4.0-1099.104 linux-tools-4.4.0-1099-aws - 4.4.0-1099.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-buildinfo-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-modules-extra-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-image-unsigned-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-tools-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-image-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-headers-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-cloud-tools-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-headers-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-buildinfo-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-219 - 4.4.0-219.252~14.04.1 linux-modules-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-image-unsigned-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-image-4.4.0-219-generic - 4.4.0-219.252~14.04.1 linux-cloud-tools-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-modules-4.4.0-219-lowlatency - 4.4.0-219.252~14.04.1 linux-headers-4.4.0-219 - 4.4.0-219.252~14.04.1 linux-lts-xenial-tools-4.4.0-219 - 4.4.0-219.252~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1099.97 linux-aws - 4.4.0.1099.97 linux-headers-aws - 4.4.0.1099.97 linux-image-aws - 4.4.0.1099.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.219.190 linux-image-generic-lts-xenial - 4.4.0.219.190 linux-cloud-tools-virtual-lts-xenial - 4.4.0.219.190 linux-tools-generic-lts-xenial - 4.4.0.219.190 linux-signed-image-lowlatency-lts-xenial - 4.4.0.219.190 linux-tools-lowlatency-lts-xenial - 4.4.0.219.190 linux-image-extra-virtual-lts-xenial - 4.4.0.219.190 linux-tools-virtual-lts-xenial - 4.4.0.219.190 linux-headers-generic-lts-xenial - 4.4.0.219.190 linux-signed-lowlatency-lts-xenial - 4.4.0.219.190 linux-lowlatency-lts-xenial - 4.4.0.219.190 linux-signed-generic-lts-xenial - 4.4.0.219.190 linux-headers-lowlatency-lts-xenial - 4.4.0.219.190 linux-generic-lts-xenial - 4.4.0.219.190 linux-cloud-tools-generic-lts-xenial - 4.4.0.219.190 linux-signed-image-generic-lts-xenial - 4.4.0.219.190 linux-headers-virtual-lts-xenial - 4.4.0.219.190 linux-image-lowlatency-lts-xenial - 4.4.0.219.190 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.219.190 linux-image-virtual-lts-xenial - 4.4.0.219.190 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-26147 CVE-2020-26558 CVE-2021-0129 CVE-2021-28972 CVE-2021-33034 CVE-2021-34693 CVE-2021-3483 CVE-2021-3564 CVE-2021-3612 CVE-2021-3679 CVE-2021-38204 CVE-2021-42008 CVE-2021-45485 Ubuntu 14.04 LTS USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update Instructions: Run `sudo pro fix USN-5301-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsasl2-2 - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules-gssapi-heimdal - 2.1.25.dfsg1-17ubuntu0.1~esm2 sasl2-bin - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules-db - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules-gssapi-mit - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-dev - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules-sql - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules-otp - 2.1.25.dfsg1-17ubuntu0.1~esm2 libsasl2-modules-ldap - 2.1.25.dfsg1-17ubuntu0.1~esm2 cyrus-sasl2-doc - 2.1.25.dfsg1-17ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-24407 Ubuntu 14.04 LTS Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-azure-tools-4.15.0-1133 - 4.15.0-1133.146~14.04.1 linux-image-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-tools-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-buildinfo-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-modules-extra-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-azure-cloud-tools-4.15.0-1133 - 4.15.0-1133.146~14.04.1 linux-cloud-tools-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-headers-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 linux-azure-headers-4.15.0-1133 - 4.15.0-1133.146~14.04.1 linux-image-unsigned-4.15.0-1133-azure - 4.15.0-1133.146~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1133.106 linux-azure - 4.15.0.1133.106 linux-image-azure - 4.15.0.1133.106 linux-cloud-tools-azure - 4.15.0.1133.106 linux-tools-azure - 4.15.0.1133.106 linux-modules-extra-azure - 4.15.0.1133.106 linux-headers-azure - 4.15.0.1133.106 linux-signed-image-azure - 4.15.0.1133.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.4.0-1101 - 4.4.0-1101.106 linux-image-4.4.0-1101-aws - 4.4.0-1101.106 linux-cloud-tools-4.4.0-1101-aws - 4.4.0-1101.106 linux-modules-4.4.0-1101-aws - 4.4.0-1101.106 linux-buildinfo-4.4.0-1101-aws - 4.4.0-1101.106 linux-aws-tools-4.4.0-1101 - 4.4.0-1101.106 linux-headers-4.4.0-1101-aws - 4.4.0-1101.106 linux-tools-4.4.0-1101-aws - 4.4.0-1101.106 linux-aws-cloud-tools-4.4.0-1101 - 4.4.0-1101.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-headers-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-image-unsigned-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-tools-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-modules-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 linux-headers-4.4.0-221 - 4.4.0-221.254~14.04.1 linux-modules-extra-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-buildinfo-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 linux-tools-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 linux-lts-xenial-tools-4.4.0-221 - 4.4.0-221.254~14.04.1 linux-image-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 linux-buildinfo-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-cloud-tools-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-221 - 4.4.0-221.254~14.04.1 linux-image-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-headers-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 linux-modules-4.4.0-221-generic - 4.4.0-221.254~14.04.1 linux-image-unsigned-4.4.0-221-lowlatency - 4.4.0-221.254~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1101.99 linux-aws - 4.4.0.1101.99 linux-headers-aws - 4.4.0.1101.99 linux-image-aws - 4.4.0.1101.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.221.192 linux-image-generic-lts-xenial - 4.4.0.221.192 linux-cloud-tools-virtual-lts-xenial - 4.4.0.221.192 linux-tools-generic-lts-xenial - 4.4.0.221.192 linux-signed-image-lowlatency-lts-xenial - 4.4.0.221.192 linux-tools-lowlatency-lts-xenial - 4.4.0.221.192 linux-image-extra-virtual-lts-xenial - 4.4.0.221.192 linux-signed-lowlatency-lts-xenial - 4.4.0.221.192 linux-lowlatency-lts-xenial - 4.4.0.221.192 linux-signed-generic-lts-xenial - 4.4.0.221.192 linux-headers-lowlatency-lts-xenial - 4.4.0.221.192 linux-generic-lts-xenial - 4.4.0.221.192 linux-image-lowlatency-lts-xenial - 4.4.0.221.192 linux-cloud-tools-generic-lts-xenial - 4.4.0.221.192 linux-signed-image-generic-lts-xenial - 4.4.0.221.192 linux-headers-virtual-lts-xenial - 4.4.0.221.192 linux-tools-virtual-lts-xenial - 4.4.0.221.192 linux-headers-generic-lts-xenial - 4.4.0.221.192 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.221.192 linux-image-virtual-lts-xenial - 4.4.0.221.192 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-0001 CVE-2022-0002 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI Ubuntu 14.04 LTS USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update Instructions: Run `sudo pro fix USN-5320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1-dev - 2.1.0-4ubuntu1.4+esm6 expat - 2.1.0-4ubuntu1.4+esm6 libexpat1-dev - 2.1.0-4ubuntu1.4+esm6 libexpat1 - 2.1.0-4ubuntu1.4+esm6 lib64expat1 - 2.1.0-4ubuntu1.4+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 https://launchpad.net/bugs/1963903 Ubuntu 14.04 LTS USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5328-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.1f-1ubuntu2.27+esm5 openssl - 1.0.1f-1ubuntu2.27+esm5 libssl-doc - 1.0.1f-1ubuntu2.27+esm5 libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-0778 Ubuntu 14.04 LTS It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.27.1-1ubuntu0.1+esm2 tar - 1.27.1-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-20193 Ubuntu 14.04 LTS USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220) Update Instructions: Run `sudo pro fix USN-5332-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm6 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm6 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm6 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm6 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 host - 1:9.9.5.dfsg-3ubuntu0.19+esm6 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm6 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm6 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25220 Ubuntu 14.04 LTS USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update Instructions: Run `sudo pro fix USN-5333-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm4 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm4 apache2.2-bin - 2.4.7-1ubuntu4.22+esm4 apache2-utils - 2.4.7-1ubuntu4.22+esm4 apache2-dev - 2.4.7-1ubuntu4.22+esm4 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm4 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm4 apache2-suexec - 2.4.7-1ubuntu4.22+esm4 apache2 - 2.4.7-1ubuntu4.22+esm4 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm4 apache2-doc - 2.4.7-1ubuntu4.22+esm4 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm4 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm4 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm4 apache2-bin - 2.4.7-1ubuntu4.22+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 Ubuntu 14.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) Update Instructions: Run `sudo pro fix USN-5339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-azure-tools-4.15.0-1134 - 4.15.0-1134.147~14.04.1 linux-tools-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-modules-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-modules-extra-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-azure-cloud-tools-4.15.0-1134 - 4.15.0-1134.147~14.04.1 linux-azure-headers-4.15.0-1134 - 4.15.0-1134.147~14.04.1 linux-headers-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-image-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-image-unsigned-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 linux-cloud-tools-4.15.0-1134-azure - 4.15.0-1134.147~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1134.107 linux-modules-extra-azure - 4.15.0.1134.107 linux-signed-image-azure - 4.15.0.1134.107 linux-image-azure - 4.15.0.1134.107 linux-headers-azure - 4.15.0.1134.107 linux-azure - 4.15.0.1134.107 linux-tools-azure - 4.15.0.1134.107 linux-cloud-tools-azure - 4.15.0.1134.107 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3506 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2022-0435 CVE-2022-0492 Ubuntu 14.04 LTS David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426) It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189) It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391) Update Instructions: Run `sudo pro fix USN-5342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm12 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm12 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm12 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm12 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm12 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm12 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm12 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm12 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm12 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm12 python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm12 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3426 CVE-2021-4189 CVE-2022-0391 Ubuntu 14.04 LTS USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-4189) It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391) Update Instructions: Run `sudo pro fix USN-5342-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm12 libpython2.7 - 2.7.6-8ubuntu0.6+esm12 python2.7 - 2.7.6-8ubuntu0.6+esm12 python2.7-minimal - 2.7.6-8ubuntu0.6+esm12 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm12 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm12 idle-python2.7 - 2.7.6-8ubuntu0.6+esm12 python2.7-doc - 2.7.6-8ubuntu0.6+esm12 python2.7-dev - 2.7.6-8ubuntu0.6+esm12 python2.7-examples - 2.7.6-8ubuntu0.6+esm12 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4189 CVE-2022-0391 Ubuntu 14.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges. (CVE-2016-2853) It was discovered that the aufs file system in the Linux kernel did not properly maintain POSIX ACL xattr data, when mounted with the non-default allow_userns option. A local attacker could possibly use this to gain elevated privileges. (CVE-2016-2854) It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the BR/EDR pin-code pairing procedure in the Linux kernel was vulnerable to an impersonation attack. A physically proximate attacker could possibly use this to pair to a device without knowledge of the pin-code. (CVE-2020-26555) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2020-36322) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service. (CVE-2021-20317) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the Linux kernel did not properly validate large MTU requests from Virtual Function (VF) devices. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33098) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-38208) It was discovered that the configfs interface for USB gadgets in the Linux kernel contained a race condition. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-39648) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Wenqing Liu discovered that the f2fs file system in the Linux kernel did not properly validate the last xattr entry in an inode. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-45469) Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45485) It was discovered that the per cpu memory allocator in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. (CVE-2018-5995) Update Instructions: Run `sudo pro fix USN-5343-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-tools-4.4.0-1102 - 4.4.0-1102.107 linux-aws-headers-4.4.0-1102 - 4.4.0-1102.107 linux-cloud-tools-4.4.0-1102-aws - 4.4.0-1102.107 linux-aws-cloud-tools-4.4.0-1102 - 4.4.0-1102.107 linux-image-4.4.0-1102-aws - 4.4.0-1102.107 linux-buildinfo-4.4.0-1102-aws - 4.4.0-1102.107 linux-modules-4.4.0-1102-aws - 4.4.0-1102.107 linux-headers-4.4.0-1102-aws - 4.4.0-1102.107 linux-tools-4.4.0-1102-aws - 4.4.0-1102.107 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-image-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-lts-xenial-tools-4.4.0-222 - 4.4.0-222.255~14.04.1 linux-modules-extra-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-modules-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-cloud-tools-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-image-unsigned-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-image-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-headers-4.4.0-222 - 4.4.0-222.255~14.04.1 linux-image-unsigned-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-tools-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-cloud-tools-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-tools-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-headers-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-modules-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-buildinfo-4.4.0-222-generic - 4.4.0-222.255~14.04.1 linux-headers-4.4.0-222-lowlatency - 4.4.0-222.255~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-222 - 4.4.0-222.255~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1102.100 linux-aws - 4.4.0.1102.100 linux-headers-aws - 4.4.0.1102.100 linux-image-aws - 4.4.0.1102.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.222.193 linux-cloud-tools-virtual-lts-xenial - 4.4.0.222.193 linux-tools-generic-lts-xenial - 4.4.0.222.193 linux-signed-image-lowlatency-lts-xenial - 4.4.0.222.193 linux-image-extra-virtual-lts-xenial - 4.4.0.222.193 linux-headers-generic-lts-xenial - 4.4.0.222.193 linux-tools-lowlatency-lts-xenial - 4.4.0.222.193 linux-signed-lowlatency-lts-xenial - 4.4.0.222.193 linux-lowlatency-lts-xenial - 4.4.0.222.193 linux-signed-generic-lts-xenial - 4.4.0.222.193 linux-headers-lowlatency-lts-xenial - 4.4.0.222.193 linux-generic-lts-xenial - 4.4.0.222.193 linux-image-lowlatency-lts-xenial - 4.4.0.222.193 linux-image-generic-lts-xenial - 4.4.0.222.193 linux-signed-image-generic-lts-xenial - 4.4.0.222.193 linux-headers-virtual-lts-xenial - 4.4.0.222.193 linux-cloud-tools-generic-lts-xenial - 4.4.0.222.193 linux-tools-virtual-lts-xenial - 4.4.0.222.193 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.222.193 linux-image-virtual-lts-xenial - 4.4.0.222.193 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2016-2853 CVE-2016-2854 CVE-2018-5995 CVE-2019-19449 CVE-2020-12655 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-26139 CVE-2020-26147 CVE-2020-26555 CVE-2020-26558 CVE-2020-36322 CVE-2020-36385 CVE-2021-0129 CVE-2021-20292 CVE-2021-20317 CVE-2021-23134 CVE-2021-28688 CVE-2021-28972 CVE-2021-29650 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034 CVE-2021-33098 CVE-2021-34693 CVE-2021-3483 CVE-2021-3506 CVE-2021-3564 CVE-2021-3573 CVE-2021-3612 CVE-2021-3679 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38208 CVE-2021-39648 CVE-2021-40490 CVE-2021-42008 CVE-2021-43389 CVE-2021-45095 CVE-2021-45469 CVE-2021-45485 CVE-2022-0492 Ubuntu 14.04 LTS USN-5354-1 fixed vulnerabilities in Twisted. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 22.04 LTS. Original advisory details: It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service. (CVE-2022-21716) Update Instructions: Run `sudo pro fix USN-5354-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 13.2.0-1ubuntu1.2+esm2 python-twisted-news - 13.2.0-1ubuntu1.2+esm2 python-twisted-lore - 13.2.0-1ubuntu1.2+esm2 python-twisted-names - 13.2.0-1ubuntu1.2+esm2 python-twisted-words - 13.2.0-1ubuntu1.2+esm2 python-twisted-runner - 13.2.0-1ubuntu1.2+esm2 python-twisted-core - 13.2.0-1ubuntu1.2+esm2 python-twisted-web - 13.2.0-1ubuntu1.2+esm2 python-twisted - 13.2.0-1ubuntu1.2+esm2 python-twisted-mail - 13.2.0-1ubuntu1.2+esm2 python-twisted-bin - 13.2.0-1ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python-twisted-conch - 1:13.2.0-1ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21716 Ubuntu 14.04 LTS USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5355-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm1 lib64z1 - 1:1.2.8.dfsg-1ubuntu1.1+esm1 libx32z1 - 1:1.2.8.dfsg-1ubuntu1.1+esm1 zlib-bin - 1:1.2.8.dfsg-1ubuntu1.1+esm1 lib64z1-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm1 lib32z1 - 1:1.2.8.dfsg-1ubuntu1.1+esm1 zlib1g - 1:1.2.8.dfsg-1ubuntu1.1+esm1 lib32z1-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm1 zlib1g-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25032 Ubuntu 14.04 LTS It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5357-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-modules-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-headers-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-azure-tools-4.15.0-1136 - 4.15.0-1136.149~14.04.1 linux-cloud-tools-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-azure-headers-4.15.0-1136 - 4.15.0-1136.149~14.04.1 linux-azure-cloud-tools-4.15.0-1136 - 4.15.0-1136.149~14.04.1 linux-buildinfo-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-image-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-modules-extra-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 linux-tools-4.15.0-1136-azure - 4.15.0-1136.149~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-azure - 4.15.0.1136.108 linux-azure - 4.15.0.1136.108 linux-modules-extra-azure - 4.15.0.1136.108 linux-image-azure - 4.15.0.1136.108 linux-signed-azure - 4.15.0.1136.108 linux-cloud-tools-azure - 4.15.0.1136.108 linux-headers-azure - 4.15.0.1136.108 linux-tools-azure - 4.15.0.1136.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-27666 Ubuntu 14.04 LTS It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145) It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) It was discovered a race condition existed in the Unix domain socket implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-0920) It was discovered that the IPv6 implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-0935) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the network packet filtering implementation in the Linux kernel did not properly initialize information in certain circumstances. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-39636) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) Amit Klein discovered that the IPv4 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45486) Update Instructions: Run `sudo pro fix USN-5361-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1103-aws - 4.4.0-1103.108 linux-aws-headers-4.4.0-1103 - 4.4.0-1103.108 linux-buildinfo-4.4.0-1103-aws - 4.4.0-1103.108 linux-modules-4.4.0-1103-aws - 4.4.0-1103.108 linux-aws-cloud-tools-4.4.0-1103 - 4.4.0-1103.108 linux-cloud-tools-4.4.0-1103-aws - 4.4.0-1103.108 linux-aws-tools-4.4.0-1103 - 4.4.0-1103.108 linux-headers-4.4.0-1103-aws - 4.4.0-1103.108 linux-image-4.4.0-1103-aws - 4.4.0-1103.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 linux-headers-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 linux-image-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-buildinfo-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 linux-cloud-tools-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-headers-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-headers-4.4.0-223 - 4.4.0-223.256~14.04.1 linux-cloud-tools-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 linux-image-unsigned-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 linux-buildinfo-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-lts-xenial-tools-4.4.0-223 - 4.4.0-223.256~14.04.1 linux-tools-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 linux-tools-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-modules-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-modules-extra-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-223 - 4.4.0-223.256~14.04.1 linux-image-unsigned-4.4.0-223-generic - 4.4.0-223.256~14.04.1 linux-image-4.4.0-223-lowlatency - 4.4.0-223.256~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1103.101 linux-aws - 4.4.0.1103.101 linux-headers-aws - 4.4.0.1103.101 linux-image-aws - 4.4.0.1103.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-virtual-lts-xenial - 4.4.0.223.194 linux-tools-generic-lts-xenial - 4.4.0.223.194 linux-signed-image-lowlatency-lts-xenial - 4.4.0.223.194 linux-tools-lowlatency-lts-xenial - 4.4.0.223.194 linux-image-extra-virtual-lts-xenial - 4.4.0.223.194 linux-headers-generic-lts-xenial - 4.4.0.223.194 linux-virtual-lts-xenial - 4.4.0.223.194 linux-signed-lowlatency-lts-xenial - 4.4.0.223.194 linux-lowlatency-lts-xenial - 4.4.0.223.194 linux-signed-generic-lts-xenial - 4.4.0.223.194 linux-headers-lowlatency-lts-xenial - 4.4.0.223.194 linux-generic-lts-xenial - 4.4.0.223.194 linux-image-lowlatency-lts-xenial - 4.4.0.223.194 linux-image-generic-lts-xenial - 4.4.0.223.194 linux-signed-image-generic-lts-xenial - 4.4.0.223.194 linux-headers-virtual-lts-xenial - 4.4.0.223.194 linux-cloud-tools-generic-lts-xenial - 4.4.0.223.194 linux-tools-virtual-lts-xenial - 4.4.0.223.194 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.223.194 linux-image-virtual-lts-xenial - 4.4.0.223.194 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12888 CVE-2020-26141 CVE-2020-26145 CVE-2020-3702 CVE-2021-0920 CVE-2021-0935 CVE-2021-28964 CVE-2021-31916 CVE-2021-37159 CVE-2021-39636 CVE-2021-4083 CVE-2021-42739 CVE-2021-43976 CVE-2021-45486 Ubuntu 14.04 LTS USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. (CVE-2021-32052) Update Instructions: Run `sudo pro fix USN-5373-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3+esm5 python-django - 1.6.11-0ubuntu1.3+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-32052 CVE-2022-28346 Ubuntu 14.04 LTS USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-5378-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblzma5 - 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 liblzma-doc - 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 liblzma-dev - 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 xz-utils - 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 xzdec - 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1271 Ubuntu 14.04 LTS USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-5378-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gzip - 1.6-3ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1271 Ubuntu 14.04 LTS It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31870) It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31871) It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31872) It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31873) Update Instructions: Run `sudo pro fix USN-5379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.3-0ubuntu1.14.04.3+esm2 libklibc - 2.0.3-0ubuntu1.14.04.3+esm2 libklibc-dev - 2.0.3-0ubuntu1.14.04.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-31870 CVE-2021-31871 CVE-2021-31872 CVE-2021-31873 Ubuntu 14.04 LTS It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-7ubuntu1.8+esm2 bash-doc - 4.3-7ubuntu1.8+esm2 bash - 4.3-7ubuntu1.8+esm2 bash-static - 4.3-7ubuntu1.8+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-18276 Ubuntu 14.04 LTS Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-24448) It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2022-24959) Update Instructions: Run `sudo pro fix USN-5385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-azure-headers-4.15.0-1137 - 4.15.0-1137.150~14.04.1 linux-buildinfo-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-headers-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-azure-tools-4.15.0-1137 - 4.15.0-1137.150~14.04.1 linux-image-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-tools-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-cloud-tools-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-modules-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 linux-azure-cloud-tools-4.15.0-1137 - 4.15.0-1137.150~14.04.1 linux-image-unsigned-4.15.0-1137-azure - 4.15.0-1137.150~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1137.109 linux-signed-image-azure - 4.15.0.1137.109 linux-modules-extra-azure - 4.15.0.1137.109 linux-cloud-tools-azure - 4.15.0.1137.109 linux-headers-azure - 4.15.0.1137.109 linux-azure - 4.15.0.1137.109 linux-tools-azure - 4.15.0.1137.109 linux-image-azure - 4.15.0.1137.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-43975 CVE-2022-0617 CVE-2022-24448 CVE-2022-24959 Ubuntu 14.04 LTS It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15-8ubuntu1.1+esm2 libsdl1.2-dev - 1.2.15-8ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33657 Ubuntu 14.04 LTS Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information. Update Instructions: Run `sudo pro fix USN-5408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.68-1ubuntu0.2+esm1 dnsmasq-utils - 2.68-1ubuntu0.2+esm1 dnsmasq-base - 2.68-1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0934 Ubuntu 14.04 LTS Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-27820) It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39713) It was discovered that the Parallel NFS (pNFS) implementation in the Linux kernel did not properly perform bounds checking in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4157) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update Instructions: Run `sudo pro fix USN-5413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-lts-xenial-tools-4.4.0-224 - 4.4.0-224.257~14.04.1 linux-headers-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-tools-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-buildinfo-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-modules-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-image-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-cloud-tools-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-image-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-modules-extra-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-headers-4.4.0-224 - 4.4.0-224.257~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-224 - 4.4.0-224.257~14.04.1 linux-image-unsigned-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-headers-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-modules-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-cloud-tools-4.4.0-224-generic - 4.4.0-224.257~14.04.1 linux-buildinfo-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-image-unsigned-4.4.0-224-lowlatency - 4.4.0-224.257~14.04.1 linux-tools-4.4.0-224-generic - 4.4.0-224.257~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.224.195 linux-cloud-tools-generic-lts-xenial - 4.4.0.224.195 linux-cloud-tools-virtual-lts-xenial - 4.4.0.224.195 linux-tools-generic-lts-xenial - 4.4.0.224.195 linux-signed-image-lowlatency-lts-xenial - 4.4.0.224.195 linux-tools-lowlatency-lts-xenial - 4.4.0.224.195 linux-image-extra-virtual-lts-xenial - 4.4.0.224.195 linux-headers-generic-lts-xenial - 4.4.0.224.195 linux-signed-lowlatency-lts-xenial - 4.4.0.224.195 linux-lowlatency-lts-xenial - 4.4.0.224.195 linux-signed-generic-lts-xenial - 4.4.0.224.195 linux-headers-lowlatency-lts-xenial - 4.4.0.224.195 linux-generic-lts-xenial - 4.4.0.224.195 linux-image-lowlatency-lts-xenial - 4.4.0.224.195 linux-image-generic-lts-xenial - 4.4.0.224.195 linux-signed-image-generic-lts-xenial - 4.4.0.224.195 linux-headers-virtual-lts-xenial - 4.4.0.224.195 linux-tools-virtual-lts-xenial - 4.4.0.224.195 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.224.195 linux-image-virtual-lts-xenial - 4.4.0.224.195 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-27820 CVE-2021-39713 CVE-2021-4157 CVE-2022-26490 CVE-2022-27223 CVE-2022-28390 Ubuntu 14.04 LTS Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23042) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) Update Instructions: Run `sudo pro fix USN-5418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-tools-4.15.0-1138 - 4.15.0-1138.151~14.04.1 linux-azure-headers-4.15.0-1138 - 4.15.0-1138.151~14.04.1 linux-modules-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-modules-extra-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-image-unsigned-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-azure-cloud-tools-4.15.0-1138 - 4.15.0-1138.151~14.04.1 linux-tools-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-buildinfo-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-cloud-tools-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-image-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 linux-headers-4.15.0-1138-azure - 4.15.0-1138.151~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1138.110 linux-headers-azure - 4.15.0.1138.110 linux-signed-image-azure - 4.15.0.1138.110 linux-modules-extra-azure - 4.15.0.1138.110 linux-image-azure - 4.15.0.1138.110 linux-cloud-tools-azure - 4.15.0.1138.110 linux-azure - 4.15.0.1138.110 linux-tools-azure - 4.15.0.1138.110 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-26401 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23042 CVE-2022-24958 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 CVE-2022-27223 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35522) Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891) It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865) Update Instructions: Run `sudo pro fix USN-5421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm1 libtiffxx5 - 4.0.3-7ubuntu0.11+esm1 libtiff5-dev - 4.0.3-7ubuntu0.11+esm1 libtiff4-dev - 4.0.3-7ubuntu0.11+esm1 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm1 libtiff5 - 4.0.3-7ubuntu0.11+esm1 libtiff-tools - 4.0.3-7ubuntu0.11+esm1 libtiff-doc - 4.0.3-7ubuntu0.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35522 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 Ubuntu 14.04 LTS Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-29824) Update Instructions: Run `sudo pro fix USN-5422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm3 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13+esm3 python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm3 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13+esm3 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-23308 CVE-2022-29824 Ubuntu 14.04 LTS USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770) Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771) Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785) Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792) Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796) Update Instructions: Run `sudo pro fix USN-5423-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 Ubuntu 14.04 LTS USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. Update Instructions: Run `sudo pro fix USN-5424-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.5+esm5 libldap2-dev - 2.4.31-1+nmu2ubuntu8.5+esm5 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.5+esm5 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.5+esm5 slapd - 2.4.31-1+nmu2ubuntu8.5+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-29155 Ubuntu 14.04 LTS Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838) It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155) Update Instructions: Run `sudo pro fix USN-5425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pcregrep - 1:8.31-2ubuntu2.3+esm1 libpcre3-dev - 1:8.31-2ubuntu2.3+esm1 libpcre3 - 1:8.31-2ubuntu2.3+esm1 libpcrecpp0 - 1:8.31-2ubuntu2.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-20838 CVE-2020-14155 Ubuntu 14.04 LTS USN-5438-1 fixed a vulnerability in HTMLDOC. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5438-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: htmldoc - 1.8.27-8ubuntu1+esm2 htmldoc-common - 1.8.27-8ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23165 Ubuntu 14.04 LTS Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-29581) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5443-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-azure-tools-4.15.0-1139 - 4.15.0-1139.152~14.04.1 linux-image-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-cloud-tools-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-modules-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-modules-extra-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-image-unsigned-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-headers-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 linux-azure-cloud-tools-4.15.0-1139 - 4.15.0-1139.152~14.04.1 linux-azure-headers-4.15.0-1139 - 4.15.0-1139.152~14.04.1 linux-tools-4.15.0-1139-azure - 4.15.0-1139.152~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1139.111 linux-signed-azure - 4.15.0.1139.111 linux-signed-image-azure - 4.15.0.1139.111 linux-modules-extra-azure - 4.15.0.1139.111 linux-headers-azure - 4.15.0.1139.111 linux-cloud-tools-azure - 4.15.0.1139.111 linux-tools-azure - 4.15.0.1139.111 linux-image-azure - 4.15.0.1139.111 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-29581 CVE-2022-30594 Ubuntu 14.04 LTS It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. (CVE-2017-10684) It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code. (CVE-2017-10685) It was discovered that ncurses was incorrectly performing memory management operations and was not blocking access attempts to illegal memory locations. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11112, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734) It was discovered that ncurses was not properly performing checks on pointer values before attempting to access the related memory locations, which could lead to NULL pointer dereferencing. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11113) It was discovered that ncurses was incorrectly handling loops in libtic, which could lead to the execution of an infinite loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13728) Update Instructions: Run `sudo pro fix USN-5448-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 5.9+20140118-1ubuntu1+esm1 lib32tinfo-dev - 5.9+20140118-1ubuntu1+esm1 ncurses-examples - 5.9+20140118-1ubuntu1+esm1 lib32ncurses5-dev - 5.9+20140118-1ubuntu1+esm1 lib32ncursesw5 - 5.9+20140118-1ubuntu1+esm1 libtinfo-dev - 5.9+20140118-1ubuntu1+esm1 libncursesw5 - 5.9+20140118-1ubuntu1+esm1 libtinfo5 - 5.9+20140118-1ubuntu1+esm1 lib32ncurses5 - 5.9+20140118-1ubuntu1+esm1 lib64tinfo5 - 5.9+20140118-1ubuntu1+esm1 ncurses-bin - 5.9+20140118-1ubuntu1+esm1 lib64ncurses5 - 5.9+20140118-1ubuntu1+esm1 lib64ncurses5-dev - 5.9+20140118-1ubuntu1+esm1 libncurses5 - 5.9+20140118-1ubuntu1+esm1 libncurses5-dev - 5.9+20140118-1ubuntu1+esm1 libx32ncurses5-dev - 5.9+20140118-1ubuntu1+esm1 lib32tinfo5 - 5.9+20140118-1ubuntu1+esm1 ncurses-base - 5.9+20140118-1ubuntu1+esm1 lib32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm1 ncurses-doc - 5.9+20140118-1ubuntu1+esm1 libx32ncursesw5 - 5.9+20140118-1ubuntu1+esm1 libx32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm1 libx32tinfo-dev - 5.9+20140118-1ubuntu1+esm1 libx32tinfo5 - 5.9+20140118-1ubuntu1+esm1 libncursesw5-dev - 5.9+20140118-1ubuntu1+esm1 ncurses-term - 5.9+20140118-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 Ubuntu 14.04 LTS It was discovered that NTFS-3G was incorrectly validating NTFS metadata in its ntfsck tool by not performing boundary checks. A local attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2013.1.13AR.1-2ubuntu2+esm2 ntfs-3g-dev - 1:2013.1.13AR.1-2ubuntu2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-46790 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm2 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm2 imagemagick - 8:6.7.7.10-6ubuntu3.13+esm2 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13+esm2 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm2 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm2 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13+esm2 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13+esm2 libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm2 perlmagick - 8:6.7.7.10-6ubuntu3.13+esm2 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-28463 Ubuntu 14.04 LTS USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel. (CVE-2022-30783) It was discovered that NTFS-3G incorrectly handled certain NTFS disk images. If a user or automated system were tricked into mounting a specially crafted disk image, a remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789) Roman Fiedler discovered that NTFS-3G incorrectly handled certain file handles. A local attacker could possibly use this issue to read and write arbitrary memory. (CVE-2022-30785, CVE-2022-30787) Update Instructions: Run `sudo pro fix USN-5463-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2013.1.13AR.1-2ubuntu2+esm3 ntfs-3g-dev - 1:2013.1.13AR.1-2ubuntu2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 Ubuntu 14.04 LTS Nils Bars discovered that e2fsprogs incorrectly handled certain file systems. A local attacker could use this issue with a crafted file system image to possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.9-3ubuntu1.3+esm3 e2fslibs-dev - 1.42.9-3ubuntu1.3+esm3 e2fsprogs - 1.42.9-3ubuntu1.3+esm3 e2fsck-static - 1.42.9-3ubuntu1.3+esm3 e2fslibs - 1.42.9-3ubuntu1.3+esm3 libcomerr2 - 1.42.9-3ubuntu1.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro ss-dev - 2.0-1.42.9-3ubuntu1.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro comerr-dev - 2.1-1.42.9-3ubuntu1.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1304 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5465-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1107-aws - 4.4.0-1107.113 linux-aws-headers-4.4.0-1107 - 4.4.0-1107.113 linux-aws-cloud-tools-4.4.0-1107 - 4.4.0-1107.113 linux-modules-4.4.0-1107-aws - 4.4.0-1107.113 linux-headers-4.4.0-1107-aws - 4.4.0-1107.113 linux-image-4.4.0-1107-aws - 4.4.0-1107.113 linux-aws-tools-4.4.0-1107 - 4.4.0-1107.113 linux-cloud-tools-4.4.0-1107-aws - 4.4.0-1107.113 linux-tools-4.4.0-1107-aws - 4.4.0-1107.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 linux-image-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 linux-buildinfo-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-headers-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-image-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-modules-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 linux-tools-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-headers-4.4.0-227 - 4.4.0-227.261~14.04.1 linux-tools-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-227 - 4.4.0-227.261~14.04.1 linux-cloud-tools-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 linux-modules-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-image-unsigned-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-modules-extra-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-headers-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 linux-cloud-tools-4.4.0-227-generic - 4.4.0-227.261~14.04.1 linux-lts-xenial-tools-4.4.0-227 - 4.4.0-227.261~14.04.1 linux-buildinfo-4.4.0-227-lowlatency - 4.4.0-227.261~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1107.104 linux-aws - 4.4.0.1107.104 linux-headers-aws - 4.4.0.1107.104 linux-image-aws - 4.4.0.1107.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.227.197 linux-cloud-tools-generic-lts-xenial - 4.4.0.227.197 linux-cloud-tools-virtual-lts-xenial - 4.4.0.227.197 linux-tools-generic-lts-xenial - 4.4.0.227.197 linux-signed-image-lowlatency-lts-xenial - 4.4.0.227.197 linux-tools-lowlatency-lts-xenial - 4.4.0.227.197 linux-image-extra-virtual-lts-xenial - 4.4.0.227.197 linux-headers-generic-lts-xenial - 4.4.0.227.197 linux-signed-lowlatency-lts-xenial - 4.4.0.227.197 linux-lowlatency-lts-xenial - 4.4.0.227.197 linux-signed-generic-lts-xenial - 4.4.0.227.197 linux-headers-lowlatency-lts-xenial - 4.4.0.227.197 linux-generic-lts-xenial - 4.4.0.227.197 linux-image-lowlatency-lts-xenial - 4.4.0.227.197 linux-image-generic-lts-xenial - 4.4.0.227.197 linux-signed-image-generic-lts-xenial - 4.4.0.227.197 linux-headers-virtual-lts-xenial - 4.4.0.227.197 linux-tools-virtual-lts-xenial - 4.4.0.227.197 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.227.197 linux-image-virtual-lts-xenial - 4.4.0.227.197 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-21499 CVE-2022-30594 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update Instructions: Run `sudo pro fix USN-5466-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-azure-cloud-tools-4.15.0-1142 - 4.15.0-1142.156~14.04.1 linux-azure-headers-4.15.0-1142 - 4.15.0-1142.156~14.04.1 linux-azure-tools-4.15.0-1142 - 4.15.0-1142.156~14.04.1 linux-modules-extra-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-cloud-tools-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-modules-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-image-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-headers-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-buildinfo-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 linux-image-unsigned-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1142.113 linux-signed-azure - 4.15.0.1142.113 linux-modules-extra-azure - 4.15.0.1142.113 linux-image-azure - 4.15.0.1142.113 linux-cloud-tools-azure - 4.15.0.1142.113 linux-headers-azure - 4.15.0.1142.113 linux-signed-image-azure - 4.15.0.1142.113 linux-tools-azure - 4.15.0.1142.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3772 CVE-2021-4149 CVE-2022-1016 CVE-2022-1419 CVE-2022-21499 CVE-2022-28356 CVE-2022-28390 Ubuntu 14.04 LTS Hosein Askari discovered that ncurses was incorrectly performing memory management operations when dealing with long filenames while writing structures into the file system. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-16879) Chung-Yi Lin discovered that ncurses was incorrectly handling access to invalid memory areas when parsing terminfo or termcap entries where the use-name had invalid syntax. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19211) It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-29458) Update Instructions: Run `sudo pro fix USN-5477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 5.9+20140118-1ubuntu1+esm2 lib32tinfo-dev - 5.9+20140118-1ubuntu1+esm2 ncurses-examples - 5.9+20140118-1ubuntu1+esm2 lib32ncurses5-dev - 5.9+20140118-1ubuntu1+esm2 lib32ncursesw5 - 5.9+20140118-1ubuntu1+esm2 libtinfo-dev - 5.9+20140118-1ubuntu1+esm2 libncursesw5 - 5.9+20140118-1ubuntu1+esm2 libtinfo5 - 5.9+20140118-1ubuntu1+esm2 lib32ncurses5 - 5.9+20140118-1ubuntu1+esm2 lib64tinfo5 - 5.9+20140118-1ubuntu1+esm2 ncurses-bin - 5.9+20140118-1ubuntu1+esm2 lib64ncurses5 - 5.9+20140118-1ubuntu1+esm2 lib64ncurses5-dev - 5.9+20140118-1ubuntu1+esm2 libncurses5 - 5.9+20140118-1ubuntu1+esm2 libncurses5-dev - 5.9+20140118-1ubuntu1+esm2 libx32ncurses5-dev - 5.9+20140118-1ubuntu1+esm2 lib32tinfo5 - 5.9+20140118-1ubuntu1+esm2 ncurses-base - 5.9+20140118-1ubuntu1+esm2 lib32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm2 ncurses-doc - 5.9+20140118-1ubuntu1+esm2 libx32ncursesw5 - 5.9+20140118-1ubuntu1+esm2 libx32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm2 libx32tinfo-dev - 5.9+20140118-1ubuntu1+esm2 libx32tinfo5 - 5.9+20140118-1ubuntu1+esm2 libncursesw5-dev - 5.9+20140118-1ubuntu1+esm2 ncurses-term - 5.9+20140118-1ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-16879 CVE-2018-19211 CVE-2019-17594 CVE-2019-17595 CVE-2021-39537 CVE-2022-29458 Ubuntu 14.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39713) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update Instructions: Run `sudo pro fix USN-5484-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-common - 3.13.0-190.241 linux-cloud-tools-3.13.0-190 - 3.13.0-190.241 linux-cloud-tools-3.13.0-190-lowlatency - 3.13.0-190.241 linux-image-3.13.0-190-generic-lpae - 3.13.0-190.241 linux-doc - 3.13.0-190.241 linux-modules-3.13.0-190-generic-lpae - 3.13.0-190.241 linux-tools-3.13.0-190 - 3.13.0-190.241 linux-tools-3.13.0-190-generic-lpae - 3.13.0-190.241 linux-headers-3.13.0-190-lowlatency - 3.13.0-190.241 linux-libc-dev - 3.13.0-190.241 linux-image-3.13.0-190-generic - 3.13.0-190.241 linux-source-3.13.0 - 3.13.0-190.241 linux-cloud-tools-3.13.0-190-generic - 3.13.0-190.241 linux-buildinfo-3.13.0-190-generic-lpae - 3.13.0-190.241 linux-image-unsigned-3.13.0-190-lowlatency - 3.13.0-190.241 linux-headers-3.13.0-190 - 3.13.0-190.241 linux-image-3.13.0-190-lowlatency - 3.13.0-190.241 linux-tools-3.13.0-190-lowlatency - 3.13.0-190.241 linux-image-unsigned-3.13.0-190-generic - 3.13.0-190.241 linux-tools-3.13.0-190-generic - 3.13.0-190.241 linux-modules-extra-3.13.0-190-generic - 3.13.0-190.241 linux-headers-3.13.0-190-generic - 3.13.0-190.241 linux-buildinfo-3.13.0-190-generic - 3.13.0-190.241 linux-buildinfo-3.13.0-190-lowlatency - 3.13.0-190.241 linux-cloud-tools-common - 3.13.0-190.241 linux-headers-3.13.0-190-generic-lpae - 3.13.0-190.241 linux-modules-3.13.0-190-lowlatency - 3.13.0-190.241 linux-modules-3.13.0-190-generic - 3.13.0-190.241 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-generic-lts-saucy - 3.13.0.190.199 linux-cloud-tools-virtual - 3.13.0.190.199 linux-signed-generic-lts-raring - 3.13.0.190.199 linux-headers-generic-lpae - 3.13.0.190.199 linux-image-virtual - 3.13.0.190.199 linux-image-omap - 3.13.0.190.199 linux-headers-lowlatency-pae - 3.13.0.190.199 linux-image-generic-pae - 3.13.0.190.199 linux-tools-lowlatency - 3.13.0.190.199 linux-headers-generic-pae - 3.13.0.190.199 linux-image-lowlatency-pae - 3.13.0.190.199 linux-signed-image-generic-lts-raring - 3.13.0.190.199 linux-signed-image-generic-lts-saucy - 3.13.0.190.199 linux-image-generic-lpae-lts-trusty - 3.13.0.190.199 linux-signed-image-generic-lts-trusty - 3.13.0.190.199 linux-generic-pae - 3.13.0.190.199 linux-tools-lts-trusty - 3.13.0.190.199 linux-image-generic-lts-raring - 3.13.0.190.199 linux-headers-generic-lpae-lts-trusty - 3.13.0.190.199 linux-crashdump - 3.13.0.190.199 linux-headers-highbank - 3.13.0.190.199 linux-tools-generic-lts-trusty - 3.13.0.190.199 linux-tools-generic-lts-saucy - 3.13.0.190.199 linux-source - 3.13.0.190.199 linux-signed-image-generic - 3.13.0.190.199 linux-lowlatency - 3.13.0.190.199 linux-image-highbank - 3.13.0.190.199 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.190.199 linux-tools-generic-lpae - 3.13.0.190.199 linux-cloud-tools-generic - 3.13.0.190.199 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.190.199 linux-tools-lts-saucy - 3.13.0.190.199 linux-tools-lts-quantal - 3.13.0.190.199 linux-image-hwe-generic-trusty - 3.13.0.190.199 linux-virtual - 3.13.0.190.199 linux-headers-generic-lts-raring - 3.13.0.190.199 linux-lowlatency-pae - 3.13.0.190.199 linux-tools-virtual - 3.13.0.190.199 linux-image-server - 3.13.0.190.199 linux-image-extra-virtual - 3.13.0.190.199 linux-generic-lts-quantal-eol-upgrade - 3.13.0.190.199 linux-signed-generic-lts-quantal - 3.13.0.190.199 linux-signed-generic-lts-trusty - 3.13.0.190.199 linux-generic-lpae - 3.13.0.190.199 linux-generic-lpae-lts-saucy - 3.13.0.190.199 linux-headers-server - 3.13.0.190.199 linux-generic - 3.13.0.190.199 linux-image-generic-lts-quantal - 3.13.0.190.199 linux-server - 3.13.0.190.199 linux-image-generic-lts-saucy - 3.13.0.190.199 linux-image-generic-lts-trusty - 3.13.0.190.199 linux-generic-lts-quantal - 3.13.0.190.199 linux-tools-lts-raring - 3.13.0.190.199 linux-tools-generic-lpae-lts-saucy - 3.13.0.190.199 linux-omap - 3.13.0.190.199 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.190.199 linux-tools-generic-lpae-lts-trusty - 3.13.0.190.199 linux-image-hwe-virtual-trusty - 3.13.0.190.199 linux-generic-lpae-lts-saucy-eol-upgrade - 3.13.0.190.199 linux-highbank - 3.13.0.190.199 linux-signed-image-generic-lts-quantal - 3.13.0.190.199 linux-headers-generic-lts-quantal - 3.13.0.190.199 linux-image-generic-lpae - 3.13.0.190.199 linux-hwe-generic-trusty - 3.13.0.190.199 linux-tools-generic - 3.13.0.190.199 linux-generic-lts-raring - 3.13.0.190.199 linux-generic-lts-trusty - 3.13.0.190.199 linux-headers-generic-lpae-lts-saucy - 3.13.0.190.199 linux-signed-generic-lts-saucy - 3.13.0.190.199 linux-cloud-tools-lowlatency - 3.13.0.190.199 linux-signed-generic - 3.13.0.190.199 hv-kvp-daemon-init - 3.13.0.190.199 linux-headers-generic - 3.13.0.190.199 linux-image-generic - 3.13.0.190.199 linux-generic-lpae-lts-trusty - 3.13.0.190.199 linux-generic-lts-raring-eol-upgrade - 3.13.0.190.199 linux-generic-lts-saucy-eol-upgrade - 3.13.0.190.199 linux-headers-virtual - 3.13.0.190.199 linux-headers-generic-lts-trusty - 3.13.0.190.199 linux-headers-lowlatency - 3.13.0.190.199 linux-headers-omap - 3.13.0.190.199 linux-generic-lts-saucy - 3.13.0.190.199 linux-image-generic-lpae-lts-saucy - 3.13.0.190.199 linux-hwe-virtual-trusty - 3.13.0.190.199 linux-image-lowlatency - 3.13.0.190.199 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-39713 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21499 Ubuntu 14.04 LTS It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update Instructions: Run `sudo pro fix USN-5485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-image-unsigned-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-azure-headers-4.15.0-1145 - 4.15.0-1145.160~14.04.1 linux-azure-cloud-tools-4.15.0-1145 - 4.15.0-1145.160~14.04.1 linux-buildinfo-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-azure-tools-4.15.0-1145 - 4.15.0-1145.160~14.04.1 linux-modules-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-cloud-tools-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-tools-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-image-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 linux-headers-4.15.0-1145-azure - 4.15.0-1145.160~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1145.114 linux-image-azure - 4.15.0.1145.114 linux-modules-extra-azure - 4.15.0.1145.114 linux-headers-azure - 4.15.0.1145.114 linux-azure - 4.15.0.1145.114 linux-tools-azure - 4.15.0.1145.114 linux-cloud-tools-azure - 4.15.0.1145.114 linux-signed-image-azure - 4.15.0.1145.114 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 Ubuntu 14.04 LTS It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm5 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm5 apache2.2-bin - 2.4.7-1ubuntu4.22+esm5 apache2-utils - 2.4.7-1ubuntu4.22+esm5 apache2-dev - 2.4.7-1ubuntu4.22+esm5 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm5 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm5 apache2-suexec - 2.4.7-1ubuntu4.22+esm5 apache2 - 2.4.7-1ubuntu4.22+esm5 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm5 apache2-doc - 2.4.7-1ubuntu4.22+esm5 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm5 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm5 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm5 apache2-bin - 2.4.7-1ubuntu4.22+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 Ubuntu 14.04 LTS USN-5487-1 fixed several vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm6 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm6 apache2.2-bin - 2.4.7-1ubuntu4.22+esm6 apache2-utils - 2.4.7-1ubuntu4.22+esm6 apache2-dev - 2.4.7-1ubuntu4.22+esm6 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm6 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm6 apache2-suexec - 2.4.7-1ubuntu4.22+esm6 apache2 - 2.4.7-1ubuntu4.22+esm6 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm6 apache2-doc - 2.4.7-1ubuntu4.22+esm6 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm6 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm6 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm6 apache2-bin - 2.4.7-1ubuntu4.22+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1979577 Ubuntu 14.04 LTS USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm8 libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2-data - 2.4.7-1ubuntu4.22+esm8 apache2-utils - 2.4.7-1ubuntu4.22+esm8 apache2-dev - 2.4.7-1ubuntu4.22+esm8 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm8 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm8 apache2-suexec - 2.4.7-1ubuntu4.22+esm8 apache2 - 2.4.7-1ubuntu4.22+esm8 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm8 apache2-doc - 2.4.7-1ubuntu4.22+esm8 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm8 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm8 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm8 apache2-bin - 2.4.7-1ubuntu4.22+esm8 apache2.2-bin - 2.4.7-1ubuntu4.22+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 https://launchpad.net/bugs/1979577 https://launchpad.net/bugs/1979641 Ubuntu 14.04 LTS It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11212) Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service. (CVE-2018-11813) Sheng Shu and Dongdong She discovered that Libjpeg6b was not properly limiting the amount of memory being used when it was performing decompression or multi-pass compression operations. An attacker could possibly use this issue to force excessive memory consumption and cause a denial of service. (CVE-2020-14152) Update Instructions: Run `sudo pro fix USN-5497-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg62 - 6b1-4ubuntu1+esm1 libjpeg62-dev - 6b1-4ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2020-14152 Ubuntu 14.04 LTS Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. (CVE-2022-27781) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-2022-32208) Update Instructions: Run `sudo pro fix USN-5499-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm11 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm11 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm11 libcurl4-doc - 7.35.0-1ubuntu2.20+esm11 libcurl3-nss - 7.35.0-1ubuntu2.20+esm11 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm11 libcurl3 - 7.35.0-1ubuntu2.20+esm11 curl - 7.35.0-1ubuntu2.20+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-27781 CVE-2022-32208 Ubuntu 14.04 LTS USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures. Update Instructions: Run `sudo pro fix USN-5503-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.16-1ubuntu2.6+esm1 gpgv - 1.4.16-1ubuntu2.6+esm1 gnupg - 1.4.16-1ubuntu2.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-34903 Ubuntu 14.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Update Instructions: Run `sudo pro fix USN-5505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-lts-xenial-tools-4.4.0-229 - 4.4.0-229.263~14.04.1 linux-image-unsigned-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-cloud-tools-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 linux-tools-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-image-unsigned-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 linux-buildinfo-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-tools-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 linux-headers-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-cloud-tools-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-modules-extra-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-image-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 linux-modules-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-229 - 4.4.0-229.263~14.04.1 linux-buildinfo-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 linux-image-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-modules-4.4.0-229-generic - 4.4.0-229.263~14.04.1 linux-headers-4.4.0-229 - 4.4.0-229.263~14.04.1 linux-headers-4.4.0-229-lowlatency - 4.4.0-229.263~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-virtual-lts-xenial - 4.4.0.229.199 linux-tools-generic-lts-xenial - 4.4.0.229.199 linux-signed-image-lowlatency-lts-xenial - 4.4.0.229.199 linux-tools-lowlatency-lts-xenial - 4.4.0.229.199 linux-image-extra-virtual-lts-xenial - 4.4.0.229.199 linux-headers-generic-lts-xenial - 4.4.0.229.199 linux-signed-lowlatency-lts-xenial - 4.4.0.229.199 linux-signed-generic-lts-xenial - 4.4.0.229.199 linux-headers-lowlatency-lts-xenial - 4.4.0.229.199 linux-generic-lts-xenial - 4.4.0.229.199 linux-image-lowlatency-lts-xenial - 4.4.0.229.199 linux-image-generic-lts-xenial - 4.4.0.229.199 linux-signed-image-generic-lts-xenial - 4.4.0.229.199 linux-lowlatency-lts-xenial - 4.4.0.229.199 linux-headers-virtual-lts-xenial - 4.4.0.229.199 linux-cloud-tools-generic-lts-xenial - 4.4.0.229.199 linux-tools-virtual-lts-xenial - 4.4.0.229.199 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.229.199 linux-virtual-lts-xenial - 4.4.0.229.199 linux-image-virtual-lts-xenial - 4.4.0.229.199 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3609 CVE-2021-3752 CVE-2021-3760 CVE-2021-39685 CVE-2021-39714 CVE-2021-4197 CVE-2021-4202 CVE-2022-0330 CVE-2022-1353 CVE-2022-1419 CVE-2022-1652 CVE-2022-1679 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-24958 CVE-2022-28356 CVE-2022-28388 Ubuntu 14.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Update Instructions: Run `sudo pro fix USN-5513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-headers-4.4.0-1109 - 4.4.0-1109.115 linux-image-4.4.0-1109-aws - 4.4.0-1109.115 linux-tools-4.4.0-1109-aws - 4.4.0-1109.115 linux-buildinfo-4.4.0-1109-aws - 4.4.0-1109.115 linux-modules-4.4.0-1109-aws - 4.4.0-1109.115 linux-aws-cloud-tools-4.4.0-1109 - 4.4.0-1109.115 linux-cloud-tools-4.4.0-1109-aws - 4.4.0-1109.115 linux-aws-tools-4.4.0-1109 - 4.4.0-1109.115 linux-headers-4.4.0-1109-aws - 4.4.0-1109.115 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1109.106 linux-aws - 4.4.0.1109.106 linux-headers-aws - 4.4.0.1109.106 linux-image-aws - 4.4.0.1109.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3609 CVE-2021-3752 CVE-2021-3760 CVE-2021-39685 CVE-2021-39714 CVE-2021-4197 CVE-2021-4202 CVE-2022-0330 CVE-2022-1353 CVE-2022-1419 CVE-2022-1652 CVE-2022-1679 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-24958 CVE-2022-28356 CVE-2022-28388 Ubuntu 14.04 LTS Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) Update Instructions: Run `sudo pro fix USN-5515-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-image-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-tools-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-cloud-tools-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-azure-headers-4.15.0-1146 - 4.15.0-1146.161~14.04.1 linux-azure-tools-4.15.0-1146 - 4.15.0-1146.161~14.04.1 linux-headers-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-azure-cloud-tools-4.15.0-1146 - 4.15.0-1146.161~14.04.1 linux-image-unsigned-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-modules-extra-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 linux-buildinfo-4.15.0-1146-azure - 4.15.0-1146.161~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1146.115 linux-headers-azure - 4.15.0.1146.115 linux-signed-image-azure - 4.15.0.1146.115 linux-modules-extra-azure - 4.15.0.1146.115 linux-cloud-tools-azure - 4.15.0.1146.115 linux-azure - 4.15.0.1146.115 linux-tools-azure - 4.15.0.1146.115 linux-image-azure - 4.15.0.1146.115 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4197 CVE-2022-1011 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-2380 CVE-2022-28389 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.6-8ubuntu0.6+esm11 python2.7-doc - 2.7.6-8ubuntu0.6+esm11 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm11 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm11 libpython2.7 - 2.7.6-8ubuntu0.6+esm11 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm11 python2.7 - 2.7.6-8ubuntu0.6+esm11 idle-python2.7 - 2.7.6-8ubuntu0.6+esm11 python2.7-examples - 2.7.6-8ubuntu0.6+esm11 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm11 python2.7-minimal - 2.7.6-8ubuntu0.6+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.4-examples - 3.4.3-1ubuntu1~14.04.7+esm13 libpython3.4-testsuite - 3.4.3-1ubuntu1~14.04.7+esm13 python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm13 python3.4-venv - 3.4.3-1ubuntu1~14.04.7+esm13 python3.4-doc - 3.4.3-1ubuntu1~14.04.7+esm13 libpython3.4-stdlib - 3.4.3-1ubuntu1~14.04.7+esm13 python3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm13 idle-python3.4 - 3.4.3-1ubuntu1~14.04.7+esm13 libpython3.4-dev - 3.4.3-1ubuntu1~14.04.7+esm13 python3.4 - 3.4.3-1ubuntu1~14.04.7+esm13 libpython3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm13 libpython3.4 - 3.4.3-1ubuntu1~14.04.7+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-20107 Ubuntu 14.04 LTS USN-5520-1 fixed a vulnerability in HTTP-Daemon. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Update Instructions: Run `sudo pro fix USN-5520-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttp-daemon-perl - 6.01-1ubuntu0.14.04~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-31081 Ubuntu 14.04 LTS It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0907, CVE-2022-0908) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0909) It was discovered that LibTIFF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-0924) It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bounds checking operations, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2020-19131) It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2020-19144) It was discovered that LibTIFF was not properly performing checks when setting the value for data later used as reference during memory access, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-22844) Update Instructions: Run `sudo pro fix USN-5523-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm2 libtiff-tools - 4.0.3-7ubuntu0.11+esm2 libtiff5-dev - 4.0.3-7ubuntu0.11+esm2 libtiff4-dev - 4.0.3-7ubuntu0.11+esm2 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm2 libtiff5 - 4.0.3-7ubuntu0.11+esm2 libtiffxx5 - 4.0.3-7ubuntu0.11+esm2 libtiff-doc - 4.0.3-7ubuntu0.11+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19131 CVE-2020-19144 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844 Ubuntu 14.04 LTS USN-5532-1 fixed a vulnerability in Bottle. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM Original advisory details: It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. (CVE-2022-31799) Update Instructions: Run `sudo pro fix USN-5532-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-bottle - 0.12.0-1ubuntu0.1~esm3 python-bottle - 0.12.0-1ubuntu0.1~esm3 python-bottle-doc - 0.12.0-1ubuntu0.1~esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-31799 Ubuntu 14.04 LTS Liu Jian discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20141) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Update Instructions: Run `sudo pro fix USN-5540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1110-aws - 4.4.0-1110.116 linux-headers-4.4.0-1110-aws - 4.4.0-1110.116 linux-image-4.4.0-1110-aws - 4.4.0-1110.116 linux-aws-headers-4.4.0-1110 - 4.4.0-1110.116 linux-modules-4.4.0-1110-aws - 4.4.0-1110.116 linux-cloud-tools-4.4.0-1110-aws - 4.4.0-1110.116 linux-tools-4.4.0-1110-aws - 4.4.0-1110.116 linux-aws-tools-4.4.0-1110 - 4.4.0-1110.116 linux-aws-cloud-tools-4.4.0-1110 - 4.4.0-1110.116 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-image-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 linux-tools-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-230 - 4.4.0-230.264~14.04.1 linux-tools-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-image-unsigned-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-buildinfo-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 linux-lts-xenial-tools-4.4.0-230 - 4.4.0-230.264~14.04.1 linux-image-unsigned-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 linux-modules-extra-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-headers-4.4.0-230 - 4.4.0-230.264~14.04.1 linux-cloud-tools-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-headers-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-modules-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 linux-cloud-tools-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 linux-image-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-buildinfo-4.4.0-230-generic - 4.4.0-230.264~14.04.1 linux-headers-4.4.0-230-lowlatency - 4.4.0-230.264~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1110.107 linux-aws - 4.4.0.1110.107 linux-headers-aws - 4.4.0.1110.107 linux-image-aws - 4.4.0.1110.107 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-virtual-lts-xenial - 4.4.0.230.200 linux-image-generic-lts-xenial - 4.4.0.230.200 linux-cloud-tools-virtual-lts-xenial - 4.4.0.230.200 linux-tools-generic-lts-xenial - 4.4.0.230.200 linux-tools-lowlatency-lts-xenial - 4.4.0.230.200 linux-image-extra-virtual-lts-xenial - 4.4.0.230.200 linux-signed-image-generic-lts-xenial - 4.4.0.230.200 linux-headers-generic-lts-xenial - 4.4.0.230.200 linux-virtual-lts-xenial - 4.4.0.230.200 linux-signed-lowlatency-lts-xenial - 4.4.0.230.200 linux-lowlatency-lts-xenial - 4.4.0.230.200 linux-headers-lowlatency-lts-xenial - 4.4.0.230.200 linux-signed-generic-lts-xenial - 4.4.0.230.200 linux-image-lowlatency-lts-xenial - 4.4.0.230.200 linux-generic-lts-xenial - 4.4.0.230.200 linux-headers-virtual-lts-xenial - 4.4.0.230.200 linux-cloud-tools-generic-lts-xenial - 4.4.0.230.200 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.230.200 linux-signed-image-lowlatency-lts-xenial - 4.4.0.230.200 linux-image-virtual-lts-xenial - 4.4.0.230.200 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20141 CVE-2022-25258 CVE-2022-25375 CVE-2022-34918 Ubuntu 14.04 LTS It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11813) It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-14498) It was discovered that libjpeg-turbo was not properly limiting the amount of main memory being consumed by the system during decompression or multi-pass compression operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14152) It was discovered that libjpeg-turbo was not properly setting variable sizes when performing certain kinds of encoding operations, which could lead to a stack-based buffer overflow. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-17541) Update Instructions: Run `sudo pro fix USN-5553-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.3.0-0ubuntu2.1+esm2 libjpeg-turbo-test - 1.3.0-0ubuntu2.1+esm2 libjpeg-turbo8-dev - 1.3.0-0ubuntu2.1+esm2 libturbojpeg - 1.3.0-0ubuntu2.1+esm2 libjpeg-turbo-progs - 1.3.0-0ubuntu2.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-11813 CVE-2018-14498 CVE-2020-14152 CVE-2020-17541 Ubuntu 14.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) Update Instructions: Run `sudo pro fix USN-5557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.4.0-1111-aws - 4.4.0-1111.117 linux-modules-4.4.0-1111-aws - 4.4.0-1111.117 linux-headers-4.4.0-1111-aws - 4.4.0-1111.117 linux-buildinfo-4.4.0-1111-aws - 4.4.0-1111.117 linux-aws-headers-4.4.0-1111 - 4.4.0-1111.117 linux-image-4.4.0-1111-aws - 4.4.0-1111.117 linux-tools-4.4.0-1111-aws - 4.4.0-1111.117 linux-aws-tools-4.4.0-1111 - 4.4.0-1111.117 linux-aws-cloud-tools-4.4.0-1111 - 4.4.0-1111.117 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-image-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-image-unsigned-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-231 - 4.4.0-231.265~14.04.1 linux-modules-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-headers-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-image-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-modules-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-lts-xenial-tools-4.4.0-231 - 4.4.0-231.265~14.04.1 linux-buildinfo-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-cloud-tools-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-image-unsigned-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-headers-4.4.0-231 - 4.4.0-231.265~14.04.1 linux-buildinfo-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-modules-extra-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-tools-4.4.0-231-lowlatency - 4.4.0-231.265~14.04.1 linux-cloud-tools-4.4.0-231-generic - 4.4.0-231.265~14.04.1 linux-headers-4.4.0-231-generic - 4.4.0-231.265~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1111.108 linux-aws - 4.4.0.1111.108 linux-headers-aws - 4.4.0.1111.108 linux-image-aws - 4.4.0.1111.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.231.201 linux-cloud-tools-generic-lts-xenial - 4.4.0.231.201 linux-cloud-tools-virtual-lts-xenial - 4.4.0.231.201 linux-tools-generic-lts-xenial - 4.4.0.231.201 linux-signed-image-lowlatency-lts-xenial - 4.4.0.231.201 linux-tools-lowlatency-lts-xenial - 4.4.0.231.201 linux-image-extra-virtual-lts-xenial - 4.4.0.231.201 linux-headers-generic-lts-xenial - 4.4.0.231.201 linux-signed-lowlatency-lts-xenial - 4.4.0.231.201 linux-lowlatency-lts-xenial - 4.4.0.231.201 linux-signed-generic-lts-xenial - 4.4.0.231.201 linux-headers-lowlatency-lts-xenial - 4.4.0.231.201 linux-image-lowlatency-lts-xenial - 4.4.0.231.201 linux-generic-lts-xenial - 4.4.0.231.201 linux-image-generic-lts-xenial - 4.4.0.231.201 linux-signed-image-generic-lts-xenial - 4.4.0.231.201 linux-headers-virtual-lts-xenial - 4.4.0.231.201 linux-tools-virtual-lts-xenial - 4.4.0.231.201 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.231.201 linux-image-virtual-lts-xenial - 4.4.0.231.201 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-2586 CVE-2022-2588 Ubuntu 14.04 LTS Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2017-18198, CVE-2017-18199) Update Instructions: Run `sudo pro fix USN-5558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcdio-paranoia1 - 0.83-4.1ubuntu1+esm1 libcdio-cdda-dev - 0.83-4.1ubuntu1+esm1 libcdio-paranoia-dev - 0.83-4.1ubuntu1+esm1 libcdio-cdda1 - 0.83-4.1ubuntu1+esm1 libcdio-utils - 0.83-4.1ubuntu1+esm1 libcdio13 - 0.83-4.1ubuntu1+esm1 libudf-dev - 0.83-4.1ubuntu1+esm1 libiso9660-dev - 0.83-4.1ubuntu1+esm1 libiso9660-8 - 0.83-4.1ubuntu1+esm1 libcdio-dev - 0.83-4.1ubuntu1+esm1 libudf0 - 0.83-4.1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-18198 CVE-2017-18199 Ubuntu 14.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Update Instructions: Run `sudo pro fix USN-5560-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-tools-4.15.0-1149 - 4.15.0-1149.164~14.04.1 linux-azure-headers-4.15.0-1149 - 4.15.0-1149.164~14.04.1 linux-azure-cloud-tools-4.15.0-1149 - 4.15.0-1149.164~14.04.1 linux-image-unsigned-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-buildinfo-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-cloud-tools-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-tools-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-headers-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-image-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-modules-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 linux-modules-extra-4.15.0-1149-azure - 4.15.0-1149.164~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1149.118 linux-cloud-tools-azure - 4.15.0.1149.118 linux-modules-extra-azure - 4.15.0.1149.118 linux-tools-azure - 4.15.0.1149.118 linux-headers-azure - 4.15.0.1149.118 linux-azure - 4.15.0.1149.118 linux-image-azure - 4.15.0.1149.118 linux-signed-image-azure - 4.15.0.1149.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-0494 CVE-2022-1048 CVE-2022-1195 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2586 CVE-2022-2588 CVE-2022-33981 CVE-2022-34918 Ubuntu 14.04 LTS Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm2 lib64z1 - 1:1.2.8.dfsg-1ubuntu1.1+esm2 libx32z1 - 1:1.2.8.dfsg-1ubuntu1.1+esm2 zlib-bin - 1:1.2.8.dfsg-1ubuntu1.1+esm2 lib64z1-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm2 lib32z1 - 1:1.2.8.dfsg-1ubuntu1.1+esm2 zlib1g - 1:1.2.8.dfsg-1ubuntu1.1+esm2 lib32z1-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm2 zlib1g-dev - 1:1.2.8.dfsg-1ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-37434 Ubuntu 14.04 LTS Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Update Instructions: Run `sudo pro fix USN-5572-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1112-aws - 4.4.0-1112.118 linux-aws-tools-4.4.0-1112 - 4.4.0-1112.118 linux-aws-headers-4.4.0-1112 - 4.4.0-1112.118 linux-image-4.4.0-1112-aws - 4.4.0-1112.118 linux-headers-4.4.0-1112-aws - 4.4.0-1112.118 linux-cloud-tools-4.4.0-1112-aws - 4.4.0-1112.118 linux-aws-cloud-tools-4.4.0-1112 - 4.4.0-1112.118 linux-modules-4.4.0-1112-aws - 4.4.0-1112.118 linux-tools-4.4.0-1112-aws - 4.4.0-1112.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1112.109 linux-aws - 4.4.0.1112.109 linux-headers-aws - 4.4.0.1112.109 linux-image-aws - 4.4.0.1112.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 Ubuntu 14.04 LTS It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5574-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.82-3ubuntu2.4+esm4 eximon4 - 4.82-3ubuntu2.4+esm4 exim4 - 4.82-3ubuntu2.4+esm4 exim4-daemon-light - 4.82-3ubuntu2.4+esm4 exim4-config - 4.82-3ubuntu2.4+esm4 exim4-daemon-heavy - 4.82-3ubuntu2.4+esm4 exim4-base - 4.82-3ubuntu2.4+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-37452 Ubuntu 14.04 LTS USN-5575-1 fixed vulnerabilities in Libxslt. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-5815) Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2021-30560) Update Instructions: Run `sudo pro fix USN-5575-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2ubuntu0.2+esm2 libxslt1-dev - 1.1.28-2ubuntu0.2+esm2 libxslt1.1 - 1.1.28-2ubuntu0.2+esm2 xsltproc - 1.1.28-2ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5815 CVE-2021-30560 Ubuntu 14.04 LTS Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Update Instructions: Run `sudo pro fix USN-5579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-tools-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 linux-image-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 linux-headers-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-tools-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-233 - 4.4.0-233.267~14.04.1 linux-image-unsigned-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-cloud-tools-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-buildinfo-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-image-unsigned-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 linux-buildinfo-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 linux-lts-xenial-tools-4.4.0-233 - 4.4.0-233.267~14.04.1 linux-headers-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 linux-modules-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-modules-extra-4.4.0-233-generic - 4.4.0-233.267~14.04.1 linux-cloud-tools-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 linux-headers-4.4.0-233 - 4.4.0-233.267~14.04.1 linux-modules-4.4.0-233-lowlatency - 4.4.0-233.267~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.233.202 linux-cloud-tools-virtual-lts-xenial - 4.4.0.233.202 linux-tools-generic-lts-xenial - 4.4.0.233.202 linux-signed-image-lowlatency-lts-xenial - 4.4.0.233.202 linux-tools-lowlatency-lts-xenial - 4.4.0.233.202 linux-image-extra-virtual-lts-xenial - 4.4.0.233.202 linux-headers-generic-lts-xenial - 4.4.0.233.202 linux-signed-lowlatency-lts-xenial - 4.4.0.233.202 linux-lowlatency-lts-xenial - 4.4.0.233.202 linux-signed-generic-lts-xenial - 4.4.0.233.202 linux-headers-lowlatency-lts-xenial - 4.4.0.233.202 linux-generic-lts-xenial - 4.4.0.233.202 linux-image-lowlatency-lts-xenial - 4.4.0.233.202 linux-image-generic-lts-xenial - 4.4.0.233.202 linux-signed-image-generic-lts-xenial - 4.4.0.233.202 linux-headers-virtual-lts-xenial - 4.4.0.233.202 linux-cloud-tools-generic-lts-xenial - 4.4.0.233.202 linux-tools-virtual-lts-xenial - 4.4.0.233.202 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.233.202 linux-image-virtual-lts-xenial - 4.4.0.233.202 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 Ubuntu 14.04 LTS Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Update Instructions: Run `sudo pro fix USN-5587-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm12 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm12 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm12 libcurl4-doc - 7.35.0-1ubuntu2.20+esm12 libcurl3-nss - 7.35.0-1ubuntu2.20+esm12 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm12 libcurl3 - 7.35.0-1ubuntu2.20+esm12 curl - 7.35.0-1ubuntu2.20+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-35252 Ubuntu 14.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5588-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-source-3.13.0 - 3.13.0-191.242 linux-tools-common - 3.13.0-191.242 linux-headers-3.13.0-191 - 3.13.0-191.242 linux-libc-dev - 3.13.0-191.242 linux-cloud-tools-3.13.0-191-generic - 3.13.0-191.242 linux-buildinfo-3.13.0-191-lowlatency - 3.13.0-191.242 linux-image-3.13.0-191-lowlatency - 3.13.0-191.242 linux-headers-3.13.0-191-generic - 3.13.0-191.242 linux-tools-3.13.0-191-generic - 3.13.0-191.242 linux-headers-3.13.0-191-lowlatency - 3.13.0-191.242 linux-tools-3.13.0-191-lowlatency - 3.13.0-191.242 linux-cloud-tools-3.13.0-191 - 3.13.0-191.242 linux-doc - 3.13.0-191.242 linux-tools-3.13.0-191 - 3.13.0-191.242 linux-image-unsigned-3.13.0-191-generic - 3.13.0-191.242 linux-modules-3.13.0-191-lowlatency - 3.13.0-191.242 linux-modules-extra-3.13.0-191-generic - 3.13.0-191.242 linux-modules-3.13.0-191-generic - 3.13.0-191.242 linux-image-unsigned-3.13.0-191-lowlatency - 3.13.0-191.242 linux-buildinfo-3.13.0-191-generic - 3.13.0-191.242 linux-cloud-tools-common - 3.13.0-191.242 linux-image-3.13.0-191-generic - 3.13.0-191.242 linux-cloud-tools-3.13.0-191-lowlatency - 3.13.0-191.242 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.191.201 linux-image-extra-virtual - 3.13.0.191.201 linux-signed-generic-lts-raring - 3.13.0.191.201 linux-signed-generic-lts-quantal - 3.13.0.191.201 linux-signed-generic-lts-saucy - 3.13.0.191.201 linux-signed-image-generic-lts-raring - 3.13.0.191.201 linux-cloud-tools-lowlatency - 3.13.0.191.201 linux-headers-generic-lts-saucy - 3.13.0.191.201 linux-image-generic-lts-saucy - 3.13.0.191.201 linux-cloud-tools-virtual - 3.13.0.191.201 linux-signed-image-generic-lts-trusty - 3.13.0.191.201 linux-hwe-virtual-trusty - 3.13.0.191.201 linux-tools-generic-lts-trusty - 3.13.0.191.201 linux-headers-server - 3.13.0.191.201 linux-generic - 3.13.0.191.201 linux-image-generic-lts-quantal - 3.13.0.191.201 hv-kvp-daemon-init - 3.13.0.191.201 linux-server - 3.13.0.191.201 linux-crashdump - 3.13.0.191.201 linux-headers-generic - 3.13.0.191.201 linux-image-virtual - 3.13.0.191.201 linux-image-generic-lts-trusty - 3.13.0.191.201 linux-signed-image-generic - 3.13.0.191.201 linux-image-lowlatency - 3.13.0.191.201 linux-generic-lts-raring-eol-upgrade - 3.13.0.191.201 linux-generic-lts-quantal - 3.13.0.191.201 linux-tools-lts-trusty - 3.13.0.191.201 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.191.201 linux-tools-lowlatency - 3.13.0.191.201 linux-tools-generic-lts-saucy - 3.13.0.191.201 linux-source - 3.13.0.191.201 linux-image-generic - 3.13.0.191.201 linux-tools-lts-raring - 3.13.0.191.201 linux-lowlatency - 3.13.0.191.201 linux-generic-lts-saucy-eol-upgrade - 3.13.0.191.201 linux-headers-lowlatency - 3.13.0.191.201 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.191.201 linux-headers-virtual - 3.13.0.191.201 linux-cloud-tools-generic - 3.13.0.191.201 linux-generic-lts-quantal-eol-upgrade - 3.13.0.191.201 linux-headers-generic-lts-trusty - 3.13.0.191.201 linux-image-hwe-virtual-trusty - 3.13.0.191.201 linux-tools-lts-quantal - 3.13.0.191.201 linux-image-hwe-generic-trusty - 3.13.0.191.201 linux-virtual - 3.13.0.191.201 linux-generic-lts-trusty - 3.13.0.191.201 linux-headers-generic-lts-raring - 3.13.0.191.201 linux-signed-image-generic-lts-saucy - 3.13.0.191.201 linux-signed-generic-lts-trusty - 3.13.0.191.201 linux-generic-lts-saucy - 3.13.0.191.201 linux-signed-image-generic-lts-quantal - 3.13.0.191.201 linux-tools-lts-saucy - 3.13.0.191.201 linux-headers-generic-lts-quantal - 3.13.0.191.201 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.191.201 linux-image-generic-lts-raring - 3.13.0.191.201 linux-signed-generic - 3.13.0.191.201 linux-hwe-generic-trusty - 3.13.0.191.201 linux-tools-generic - 3.13.0.191.201 linux-generic-lts-raring - 3.13.0.191.201 linux-tools-virtual - 3.13.0.191.201 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-2588 Ubuntu 14.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-headers-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-image-unsigned-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-modules-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-azure-cloud-tools-4.15.0-1150 - 4.15.0-1150.165~14.04.1 linux-azure-tools-4.15.0-1150 - 4.15.0-1150.165~14.04.1 linux-azure-headers-4.15.0-1150 - 4.15.0-1150.165~14.04.1 linux-modules-extra-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-buildinfo-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-tools-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 linux-image-4.15.0-1150-azure - 4.15.0-1150.165~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-azure - 4.15.0.1150.119 linux-modules-extra-azure - 4.15.0.1150.119 linux-image-azure - 4.15.0.1150.119 linux-signed-azure - 4.15.0.1150.119 linux-headers-azure - 4.15.0.1150.119 linux-cloud-tools-azure - 4.15.0.1150.119 linux-azure - 4.15.0.1150.119 linux-tools-azure - 4.15.0.1150.119 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33656 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-2867, CVE-2022-2869) It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2868) Update Instructions: Run `sudo pro fix USN-5604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm3 libtiff-tools - 4.0.3-7ubuntu0.11+esm3 libtiff5-dev - 4.0.3-7ubuntu0.11+esm3 libtiff4-dev - 4.0.3-7ubuntu0.11+esm3 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm3 libtiff5 - 4.0.3-7ubuntu0.11+esm3 libtiffxx5 - 4.0.3-7ubuntu0.11+esm3 libtiff-doc - 4.0.3-7ubuntu0.11+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 Ubuntu 14.04 LTS It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. (CVE-2022-1154) It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. (CVE-2022-1420) It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616) It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619) It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620) It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621) Update Instructions: Run `sudo pro fix USN-5613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm5 vim-gnome - 2:7.4.052-1ubuntu3.1+esm5 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm5 vim-athena - 2:7.4.052-1ubuntu3.1+esm5 vim-gtk - 2:7.4.052-1ubuntu3.1+esm5 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm5 vim - 2:7.4.052-1ubuntu3.1+esm5 vim-doc - 2:7.4.052-1ubuntu3.1+esm5 vim-tiny - 2:7.4.052-1ubuntu3.1+esm5 vim-runtime - 2:7.4.052-1ubuntu3.1+esm5 vim-nox - 2:7.4.052-1ubuntu3.1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 Ubuntu 14.04 LTS It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19131) It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144) It was discovered that LibTIFF did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TIFF file using tiffinfo tool, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1354) It was discovered that LibTIFF did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TIFF file using tiffcp tool, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-1355) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behaviour situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) Update Instructions: Run `sudo pro fix USN-5619-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm4 libtiffxx5 - 4.0.3-7ubuntu0.11+esm4 libtiff5-dev - 4.0.3-7ubuntu0.11+esm4 libtiff4-dev - 4.0.3-7ubuntu0.11+esm4 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm4 libtiff5 - 4.0.3-7ubuntu0.11+esm4 libtiff-tools - 4.0.3-7ubuntu0.11+esm4 libtiff-doc - 4.0.3-7ubuntu0.11+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19131 CVE-2020-19144 CVE-2022-1354 CVE-2022-1355 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 Ubuntu 14.04 LTS USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. (CVE-2022-2795) It was discovered that Bind incorrectly handled memory when processing ECDSA DNSSEC verification. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2022-38177) Update Instructions: Run `sudo pro fix USN-5626-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm7 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm7 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm7 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm7 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 host - 1:9.9.5.dfsg-3ubuntu0.19+esm7 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm7 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm7 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2795 CVE-2022-38177 Ubuntu 14.04 LTS It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sosreport - 3.5-1~ubuntu14.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2806 Ubuntu 14.04 LTS It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5637-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.3.0-2ubuntu0.1~esm2 libvpx1 - 1.3.0-2ubuntu0.1~esm2 libvpx-doc - 1.3.0-2ubuntu0.1~esm2 vpx-tools - 1.3.0-2ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-0034 Ubuntu 14.04 LTS USN-5638-1 fixed several vulnerabilities in Expat. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5638-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1 - 2.1.0-4ubuntu1.4+esm7 lib64expat1-dev - 2.1.0-4ubuntu1.4+esm7 expat - 2.1.0-4ubuntu1.4+esm7 libexpat1-dev - 2.1.0-4ubuntu1.4+esm7 libexpat1 - 2.1.0-4ubuntu1.4+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40674 CVE-2022-43680 Ubuntu 14.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Christian Brauner discovered that the XFS file system implementation in the Linux kernel did not properly handle setgid file creation. A local attacker could use this to gain elevated privileges. (CVE-2021-4037) It was discovered that the ext4 file system implementation in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0850) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Packet network protocol implementation in the Linux kernel contained an out-of-bounds access. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2022-20368) It was discovered that the Open vSwitch implementation in the Linux kernel contained an out of bounds write vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2639) Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the Linux kernel contained multiple out-of-bounds vulnerabilities. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2964) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Journaled File System (JFS) in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3202) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1113-aws - 4.4.0-1113.119 linux-cloud-tools-4.4.0-1113-aws - 4.4.0-1113.119 linux-headers-4.4.0-1113-aws - 4.4.0-1113.119 linux-image-4.4.0-1113-aws - 4.4.0-1113.119 linux-aws-headers-4.4.0-1113 - 4.4.0-1113.119 linux-buildinfo-4.4.0-1113-aws - 4.4.0-1113.119 linux-aws-tools-4.4.0-1113 - 4.4.0-1113.119 linux-modules-4.4.0-1113-aws - 4.4.0-1113.119 linux-aws-cloud-tools-4.4.0-1113 - 4.4.0-1113.119 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-cloud-tools-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 linux-modules-extra-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-buildinfo-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 linux-cloud-tools-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-buildinfo-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-234 - 4.4.0-234.268~14.04.1 linux-image-unsigned-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-modules-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 linux-headers-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 linux-headers-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-lts-xenial-tools-4.4.0-234 - 4.4.0-234.268~14.04.1 linux-image-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 linux-tools-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-headers-4.4.0-234 - 4.4.0-234.268~14.04.1 linux-modules-4.4.0-234-generic - 4.4.0-234.268~14.04.1 linux-tools-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 linux-image-unsigned-4.4.0-234-lowlatency - 4.4.0-234.268~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1113.110 linux-aws - 4.4.0.1113.110 linux-headers-aws - 4.4.0.1113.110 linux-image-aws - 4.4.0.1113.110 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.234.203 linux-tools-virtual-lts-xenial - 4.4.0.234.203 linux-image-generic-lts-xenial - 4.4.0.234.203 linux-cloud-tools-virtual-lts-xenial - 4.4.0.234.203 linux-tools-generic-lts-xenial - 4.4.0.234.203 linux-signed-image-lowlatency-lts-xenial - 4.4.0.234.203 linux-tools-lowlatency-lts-xenial - 4.4.0.234.203 linux-headers-generic-lts-xenial - 4.4.0.234.203 linux-signed-lowlatency-lts-xenial - 4.4.0.234.203 linux-lowlatency-lts-xenial - 4.4.0.234.203 linux-image-extra-virtual-lts-xenial - 4.4.0.234.203 linux-headers-lowlatency-lts-xenial - 4.4.0.234.203 linux-generic-lts-xenial - 4.4.0.234.203 linux-image-lowlatency-lts-xenial - 4.4.0.234.203 linux-headers-virtual-lts-xenial - 4.4.0.234.203 linux-cloud-tools-generic-lts-xenial - 4.4.0.234.203 linux-signed-image-generic-lts-xenial - 4.4.0.234.203 linux-signed-generic-lts-xenial - 4.4.0.234.203 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.234.203 linux-image-virtual-lts-xenial - 4.4.0.234.203 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33655 CVE-2021-33656 CVE-2021-4037 CVE-2022-0850 CVE-2022-1199 CVE-2022-1204 CVE-2022-1729 CVE-2022-20368 CVE-2022-2639 CVE-2022-2964 CVE-2022-2978 CVE-2022-3028 CVE-2022-3202 CVE-2022-36946 Ubuntu 14.04 LTS USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points (CDP) in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack. Update Instructions: Run `sudo pro fix USN-5651-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-pam - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-simaka-pseudonym - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-unbound - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-farp - 5.1.2-0ubuntu2.11+esm3 strongswan-ikev1 - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-gcrypt - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-xauth-noauth - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-error-notify - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-ipseckey - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-sql - 5.1.2-0ubuntu2.11+esm3 strongswan-tnc-ifmap - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-coupling - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-xauth-generic - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-lookip - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-ttls - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-af-alg - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-aka-3gpp2 - 5.1.2-0ubuntu2.11+esm3 strongswan-ike - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-dnskey - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-aka - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-sim-file - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-simaka-sql - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-sqlite - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-duplicheck - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-ntru - 5.1.2-0ubuntu2.11+esm3 strongswan-tnc-server - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-attr-sql - 5.1.2-0ubuntu2.11+esm3 strongswan-tnc-base - 5.1.2-0ubuntu2.11+esm3 strongswan - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-peap - 5.1.2-0ubuntu2.11+esm3 strongswan-starter - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-curl - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-radattr - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-dynamic - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-gtc - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-tls - 5.1.2-0ubuntu2.11+esm3 strongswan-nm - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-tnc - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-radius - 5.1.2-0ubuntu2.11+esm3 strongswan-ikev2 - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-mysql - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-simaka-reauth - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-openssl - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-dnscert - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-pubkey - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-md5 - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-whitelist - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-fips-prf - 5.1.2-0ubuntu2.11+esm3 strongswan-pt-tls-client - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-soup - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-sshkey - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-ldap - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-certexpire - 5.1.2-0ubuntu2.11+esm3 strongswan-tnc-pdp - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-unity - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-sim - 5.1.2-0ubuntu2.11+esm3 strongswan-tnc-client - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-xauth-eap - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-dhcp - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-eap-sim-pcsc - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-gmp - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-agent - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-kernel-libipsec - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-load-tester - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-pgp - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-led - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-pkcs11 - 5.1.2-0ubuntu2.11+esm3 strongswan-plugin-systime-fix - 5.1.2-0ubuntu2.11+esm3 libstrongswan - 5.1.2-0ubuntu2.11+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40617 Ubuntu 14.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5652-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-azure-headers-4.15.0-1151 - 4.15.0-1151.166~14.04.1 linux-azure-tools-4.15.0-1151 - 4.15.0-1151.166~14.04.1 linux-cloud-tools-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-tools-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-modules-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-azure-cloud-tools-4.15.0-1151 - 4.15.0-1151.166~14.04.1 linux-image-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-modules-extra-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-buildinfo-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 linux-image-unsigned-4.15.0-1151-azure - 4.15.0-1151.166~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1151.120 linux-signed-azure - 4.15.0.1151.120 linux-signed-image-azure - 4.15.0.1151.120 linux-modules-extra-azure - 4.15.0.1151.120 linux-image-azure - 4.15.0.1151.120 linux-cloud-tools-azure - 4.15.0.1151.120 linux-headers-azure - 4.15.0.1151.120 linux-tools-azure - 4.15.0.1151.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33655 CVE-2022-36946 Ubuntu 14.04 LTS USN-5658-1 fixed several vulnerabilities in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. (CVE-2022-2928) It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service. (CVE-2022-2929) Update Instructions: Run `sudo pro fix USN-5658-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-dev - 4.2.4-7ubuntu12.13+esm2 isc-dhcp-client-noddns - 4.2.4-7ubuntu12.13+esm2 isc-dhcp-relay - 4.2.4-7ubuntu12.13+esm2 isc-dhcp-client - 4.2.4-7ubuntu12.13+esm2 isc-dhcp-common - 4.2.4-7ubuntu12.13+esm2 isc-dhcp-server - 4.2.4-7ubuntu12.13+esm2 isc-dhcp-server-ldap - 4.2.4-7ubuntu12.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2928 CVE-2022-2929 Ubuntu 14.04 LTS It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246) It was discovered that Oniguruma incorrectly handled memory when using certain UChar pointers. An attacker could possibly use this issue to cause a denial of service or sensitive information disclosure. (CVE-2019-19203) Update Instructions: Run `sudo pro fix USN-5662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libonig2 - 5.9.1-1ubuntu1.1+esm3 libonig-dev - 5.9.1-1ubuntu1.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-16163 CVE-2019-19012 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 Ubuntu 14.04 LTS USN-5672-1 fixed a vulnerability in GMP. This update provides the corresponsing update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5672-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgmp10-doc - 2:5.1.3+dfsg-1ubuntu1+esm1 libgmpxx4ldbl - 2:5.1.3+dfsg-1ubuntu1+esm1 libgmp3-dev - 2:5.1.3+dfsg-1ubuntu1+esm1 libgmp10 - 2:5.1.3+dfsg-1ubuntu1+esm1 libgmp-dev - 2:5.1.3+dfsg-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-43618 Ubuntu 14.04 LTS It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-4217) It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0529, CVE-2022-0530) Update Instructions: Run `sudo pro fix USN-5673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-9ubuntu1.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4217 CVE-2022-0529 CVE-2022-0530 https://launchpad.net/bugs/1957077 Ubuntu 14.04 LTS Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the application. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-16860) It was discovered that Heimdal was not properly handling the verification of key exchanges when an anonymous PKINIT was being used. An attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-12098) Joseph Sutton discovered that Heimdal was not properly handling memory management operations when dealing with TGS-REQ tickets that were missing information. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3671) Michał Kępień discovered that Heimdal was not properly handling logical conditions that related to memory management operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3116) Update Instructions: Run `sudo pro fix USN-5675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heimdal-servers-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libhcrypto4-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libwind0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libroken18-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libgssapi3-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-kcm - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libhdb9-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libasn1-8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libsl0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libkadm5clnt7-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-kdc - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libkdc2-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-servers - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-clients-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libheimntlm0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-docs - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libheimbase1-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libkrb5-26-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libotp0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-dev - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libkafs0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libhx509-5-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-multidev - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 libkadm5srv8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 heimdal-clients - 1.6~git20131207+dfsg-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-16860 CVE-2019-12098 CVE-2021-3671 CVE-2022-3116 Ubuntu 14.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-modules-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-azure-headers-4.15.0-1153 - 4.15.0-1153.168~14.04.1 linux-azure-cloud-tools-4.15.0-1153 - 4.15.0-1153.168~14.04.1 linux-image-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-headers-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-cloud-tools-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-buildinfo-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-azure-tools-4.15.0-1153 - 4.15.0-1153.168~14.04.1 linux-tools-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 linux-modules-extra-4.15.0-1153-azure - 4.15.0-1153.168~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1153.122 linux-signed-image-azure - 4.15.0.1153.122 linux-modules-extra-azure - 4.15.0.1153.122 linux-azure - 4.15.0.1153.122 linux-cloud-tools-azure - 4.15.0.1153.122 linux-headers-azure - 4.15.0.1153.122 linux-tools-azure - 4.15.0.1153.122 linux-image-azure - 4.15.0.1153.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 14.04 LTS It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service (application crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5688-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.0-3ubuntu0.14.04.2+esm1 libksba-dev - 1.3.0-3ubuntu0.14.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3515 Ubuntu 14.04 LTS It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Update Instructions: Run `sudo pro fix USN-5689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.7+esm4 perl-doc - 5.18.2-2ubuntu1.7+esm4 libperl5.18 - 5.18.2-2ubuntu1.7+esm4 perl-base - 5.18.2-2ubuntu1.7+esm4 perl-modules - 5.18.2-2ubuntu1.7+esm4 libcgi-fast-perl - 5.18.2-2ubuntu1.7+esm4 perl - 5.18.2-2ubuntu1.7+esm4 perl-debug - 5.18.2-2ubuntu1.7+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-16156 Ubuntu 14.04 LTS It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain another user's key. Update Instructions: Run `sudo pro fix USN-5690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxdmcp-dev - 1:1.1.1-1ubuntu0.1~esm1 libxdmcp6 - 1:1.1.1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-2625 Ubuntu 14.04 LTS USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Update Instructions: Run `sudo pro fix USN-5702-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm13 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm13 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm13 libcurl4-doc - 7.35.0-1ubuntu2.20+esm13 libcurl3-nss - 7.35.0-1ubuntu2.20+esm13 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm13 libcurl3 - 7.35.0-1ubuntu2.20+esm13 curl - 7.35.0-1ubuntu2.20+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-32221 Ubuntu 14.04 LTS It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42010) It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42011) It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42012) Update Instructions: Run `sudo pro fix USN-5704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.6.18-0ubuntu4.5+esm3 dbus-x11 - 1.6.18-0ubuntu4.5+esm3 libdbus-1-3 - 1.6.18-0ubuntu4.5+esm3 libdbus-1-dev - 1.6.18-0ubuntu4.5+esm3 dbus-1-doc - 1.6.18-0ubuntu4.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 Ubuntu 14.04 LTS USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM. Original advisory details: Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges. Update Instructions: Run `sudo pro fix USN-5711-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2013.1.13AR.1-2ubuntu2+esm4 ntfs-3g-dev - 1:2013.1.13AR.1-2ubuntu2+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40284 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2953) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2867, CVE-2022-2868, CVE-2022-2869) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffsplit. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-34526) Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions when using tiffcrop. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3570) It was discovered that LibTIFF incorrectly handled memory in certain conditions when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3598) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. (CVE-2022-3599) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 22.10. (CVE-2022-3597, CVE-2022-3626, CVE-2022-3627) Update Instructions: Run `sudo pro fix USN-5714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm5 libtiffxx5 - 4.0.3-7ubuntu0.11+esm5 libtiff5-dev - 4.0.3-7ubuntu0.11+esm5 libtiff4-dev - 4.0.3-7ubuntu0.11+esm5 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm5 libtiff5 - 4.0.3-7ubuntu0.11+esm5 libtiff-tools - 4.0.3-7ubuntu0.11+esm5 libtiff-doc - 4.0.3-7ubuntu0.11+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-34526 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 Ubuntu 14.04 LTS USN-5716-1 fixed a vulnerability in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5716-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.8.2-1ubuntu2.2+esm3 sqlite3-doc - 3.8.2-1ubuntu2.2+esm3 libsqlite3-0 - 3.8.2-1ubuntu2.2+esm3 libsqlite3-tcl - 3.8.2-1ubuntu2.2+esm3 sqlite3 - 3.8.2-1ubuntu2.2+esm3 libsqlite3-dev - 3.8.2-1ubuntu2.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-35737 Ubuntu 14.04 LTS USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5718-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpixman-1-0 - 0.30.2-2ubuntu1.2+esm1 libpixman-1-dev - 0.30.2-2ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-44638 Ubuntu 14.04 LTS It was discovered that nginx incorrectly handled certain memory operations in the ngx_http_mp4_module module. A local attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2022-41741, CVE-2022-41742) Update Instructions: Run `sudo pro fix USN-5722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.4.6-1ubuntu3.9+esm4 nginx-core - 1.4.6-1ubuntu3.9+esm4 nginx-common - 1.4.6-1ubuntu3.9+esm4 nginx-full - 1.4.6-1ubuntu3.9+esm4 nginx - 1.4.6-1ubuntu3.9+esm4 nginx-doc - 1.4.6-1ubuntu3.9+esm4 nginx-naxsi - 1.4.6-1ubuntu3.9+esm4 nginx-naxsi-ui - 1.4.6-1ubuntu3.9+esm4 nginx-light - 1.4.6-1ubuntu3.9+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-41741 CVE-2022-41742 Ubuntu 14.04 LTS It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2017-6888) It was discovered that FLAC was not properly performing bounds checking operations when decoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-0499) It was discovered that FLAC was not properly performing bounds checking operations when encoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. (CVE-2021-0561) Update Instructions: Run `sudo pro fix USN-5733-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflac-doc - 1.3.0-2ubuntu0.14.04.1+esm1 libflac-dev - 1.3.0-2ubuntu0.14.04.1+esm1 libflac++-dev - 1.3.0-2ubuntu0.14.04.1+esm1 flac - 1.3.0-2ubuntu0.14.04.1+esm1 libflac++6 - 1.3.0-2ubuntu0.14.04.1+esm1 libflac8 - 1.3.0-2ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-6888 CVE-2020-0499 CVE-2021-0561 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244) It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 22.10. (CVE-2021-20313) It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file using the convert command, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-3574) It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 22.10. (CVE-2021-39212) It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219) It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of servicei, or expose sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-1114) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10. (CVE-2022-28463) It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547) Update Instructions: Run `sudo pro fix USN-5736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm3 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm3 imagemagick - 8:6.7.7.10-6ubuntu3.13+esm3 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13+esm3 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm3 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm3 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13+esm3 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13+esm3 libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm3 perlmagick - 8:6.7.7.10-6ubuntu3.13+esm3 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20224 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 Ubuntu 14.04 LTS It was discovered that APR-util did not properly handle memory when using SDBM database files. A local attacker with write access to the database can make a program or process using these functions crash, and cause a denial of service. Update Instructions: Run `sudo pro fix USN-5737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaprutil1-dbd-odbc - 1.5.3-1ubuntu0.1~esm1 libaprutil1 - 1.5.3-1ubuntu0.1~esm1 libaprutil1-dbd-mysql - 1.5.3-1ubuntu0.1~esm1 libaprutil1-ldap - 1.5.3-1ubuntu0.1~esm1 libaprutil1-dbd-sqlite3 - 1.5.3-1ubuntu0.1~esm1 libaprutil1-dbd-pgsql - 1.5.3-1ubuntu0.1~esm1 libaprutil1-dev - 1.5.3-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-12618 Ubuntu 14.04 LTS It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm6 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm6 xdmx - 2:1.15.1-0ubuntu2.11+esm6 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm6 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm6 xvfb - 2:1.15.1-0ubuntu2.11+esm6 xnest - 2:1.15.1-0ubuntu2.11+esm6 xserver-common - 2:1.15.1-0ubuntu2.11+esm6 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm6 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3550 CVE-2022-3551 Ubuntu 14.04 LTS It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5742-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jbigkit-bin - 2.0-2ubuntu4.1+esm1 libjbig-dev - 2.0-2ubuntu4.1+esm1 libjbig0 - 2.0-2ubuntu4.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2017-9937 Ubuntu 14.04 LTS Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Update Instructions: Run `sudo pro fix USN-5745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.1.5.1-1ubuntu9.5+esm2 login - 1:4.1.5.1-1ubuntu9.5+esm2 uidmap - 1:4.1.5.1-1ubuntu9.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2013-4235 Ubuntu 14.04 LTS USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Update Instructions: Run `sudo pro fix USN-5745-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.1.5.1-1ubuntu9.5+esm3 login - 1:4.1.5.1-1ubuntu9.5+esm3 uidmap - 1:4.1.5.1-1ubuntu9.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1998169 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2016-2775) It was discovered that Bind incorrectly handled large zone data size received via AXFR response. A remote authenticated attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6170) Update Instructions: Run `sudo pro fix USN-5747-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm9 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm9 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm9 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm9 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 host - 1:9.9.5.dfsg-3ubuntu0.19+esm9 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm9 bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm9 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-2775 CVE-2016-6170 Ubuntu 14.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update Instructions: Run `sudo pro fix USN-5758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.4.0-1114-aws - 4.4.0-1114.120 linux-headers-4.4.0-1114-aws - 4.4.0-1114.120 linux-image-4.4.0-1114-aws - 4.4.0-1114.120 linux-tools-4.4.0-1114-aws - 4.4.0-1114.120 linux-aws-headers-4.4.0-1114 - 4.4.0-1114.120 linux-buildinfo-4.4.0-1114-aws - 4.4.0-1114.120 linux-cloud-tools-4.4.0-1114-aws - 4.4.0-1114.120 linux-aws-tools-4.4.0-1114 - 4.4.0-1114.120 linux-aws-cloud-tools-4.4.0-1114 - 4.4.0-1114.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-headers-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-buildinfo-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-image-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-buildinfo-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-235 - 4.4.0-235.269~14.04.1 linux-modules-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-cloud-tools-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-modules-extra-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-headers-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-modules-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-lts-xenial-tools-4.4.0-235 - 4.4.0-235.269~14.04.1 linux-tools-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-tools-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-image-unsigned-4.4.0-235-generic - 4.4.0-235.269~14.04.1 linux-cloud-tools-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-image-unsigned-4.4.0-235-lowlatency - 4.4.0-235.269~14.04.1 linux-headers-4.4.0-235 - 4.4.0-235.269~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1114.111 linux-aws - 4.4.0.1114.111 linux-headers-aws - 4.4.0.1114.111 linux-image-aws - 4.4.0.1114.111 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.235.204 linux-image-generic-lts-xenial - 4.4.0.235.204 linux-cloud-tools-virtual-lts-xenial - 4.4.0.235.204 linux-tools-generic-lts-xenial - 4.4.0.235.204 linux-signed-image-lowlatency-lts-xenial - 4.4.0.235.204 linux-tools-lowlatency-lts-xenial - 4.4.0.235.204 linux-image-extra-virtual-lts-xenial - 4.4.0.235.204 linux-headers-generic-lts-xenial - 4.4.0.235.204 linux-signed-lowlatency-lts-xenial - 4.4.0.235.204 linux-lowlatency-lts-xenial - 4.4.0.235.204 linux-signed-generic-lts-xenial - 4.4.0.235.204 linux-headers-lowlatency-lts-xenial - 4.4.0.235.204 linux-generic-lts-xenial - 4.4.0.235.204 linux-image-lowlatency-lts-xenial - 4.4.0.235.204 linux-cloud-tools-generic-lts-xenial - 4.4.0.235.204 linux-signed-image-generic-lts-xenial - 4.4.0.235.204 linux-headers-virtual-lts-xenial - 4.4.0.235.204 linux-tools-virtual-lts-xenial - 4.4.0.235.204 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.235.204 linux-image-virtual-lts-xenial - 4.4.0.235.204 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3239 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-3635 CVE-2022-3649 CVE-2022-40768 CVE-2022-42703 CVE-2022-43750 Ubuntu 14.04 LTS USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2022-40303) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304) Update Instructions: Run `sudo pro fix USN-5760-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm4 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm4 python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm4 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13+esm4 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40303 CVE-2022-40304 Ubuntu 14.04 LTS USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package. Update Instructions: Run `sudo pro fix USN-5761-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20211016~14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/XXXXXX Ubuntu 14.04 LTS It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heimdal-servers-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libhcrypto4-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libwind0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libroken18-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libgssapi3-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-kcm - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libhdb9-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libasn1-8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libsl0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libkadm5clnt7-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-kdc - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libkdc2-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-servers - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-clients-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libheimntlm0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-docs - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libheimbase1-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libkrb5-26-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libotp0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-dev - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libkafs0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libhx509-5-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-multidev - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 libkadm5srv8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 heimdal-clients - 1.6~git20131207+dfsg-1ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-41916 Ubuntu 14.04 LTS USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061) Update Instructions: Run `sudo pro fix USN-5767-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm13 libpython2.7 - 2.7.6-8ubuntu0.6+esm13 python2.7 - 2.7.6-8ubuntu0.6+esm13 python2.7-minimal - 2.7.6-8ubuntu0.6+esm13 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm13 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm13 idle-python2.7 - 2.7.6-8ubuntu0.6+esm13 python2.7-doc - 2.7.6-8ubuntu0.6+esm13 python2.7-dev - 2.7.6-8ubuntu0.6+esm13 python2.7-examples - 2.7.6-8ubuntu0.6+esm13 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-45061 Ubuntu 14.04 LTS It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682) It was discovered that QEMU did not properly manage memory when it transfers the USB packets. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MODE SELECT commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3930) It was discovered that QEMU did not properly manage memory when it processing repeated messages to cancel the current SCSI request. A malicious privileged guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2022-0216) It was discovered that QEMU did not properly manage memory when it using Tulip device emulation. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2962) It was discovered that QEMU did not properly manage memory when processing ClientCutText messages. A attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3165) Update Instructions: Run `sudo pro fix USN-5772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-user-static - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-kvm - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-user - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-utils - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-common - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.47+esm2 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.47+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3682 CVE-2021-3750 CVE-2021-3930 CVE-2022-0216 CVE-2022-2962 CVE-2022-3165 Ubuntu 14.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Update Instructions: Run `sudo pro fix USN-5774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-tools-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-cloud-tools-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-azure-headers-4.15.0-1157 - 4.15.0-1157.172~14.04.2 linux-azure-tools-4.15.0-1157 - 4.15.0-1157.172~14.04.2 linux-modules-extra-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-azure-cloud-tools-4.15.0-1157 - 4.15.0-1157.172~14.04.2 linux-image-unsigned-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-modules-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-image-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 linux-buildinfo-4.15.0-1157-azure - 4.15.0-1157.172~14.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1157.124 linux-modules-extra-azure - 4.15.0.1157.124 linux-signed-image-azure - 4.15.0.1157.124 linux-cloud-tools-azure - 4.15.0.1157.124 linux-headers-azure - 4.15.0.1157.124 linux-azure - 4.15.0.1157.124 linux-tools-azure - 4.15.0.1157.124 linux-image-azure - 4.15.0.1157.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-3028 CVE-2022-3239 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-3635 CVE-2022-36879 CVE-2022-40768 CVE-2022-42703 Ubuntu 14.04 LTS USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Update Instructions: Run `sudo pro fix USN-5778-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm7 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm7 xdmx - 2:1.15.1-0ubuntu2.11+esm7 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm7 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm7 xvfb - 2:1.15.1-0ubuntu2.11+esm7 xnest - 2:1.15.1-0ubuntu2.11+esm7 xserver-common - 2:1.15.1-0ubuntu2.11+esm7 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm7 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2023-0494 Ubuntu 14.04 LTS It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libusbredirparser-dev - 0.6-2ubuntu1.1+esm1 libusbredirhost-dev - 0.6-2ubuntu1.1+esm1 usbredirserver - 0.6-2ubuntu1.1+esm1 libusbredirhost1 - 0.6-2ubuntu1.1+esm1 libusbredirparser1 - 0.6-2ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-3700 Ubuntu 14.04 LTS USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5787-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.0-3ubuntu0.14.04.2+esm2 libksba-dev - 1.3.0-3ubuntu0.14.04.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47629 Ubuntu 14.04 LTS It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) Update Instructions: Run `sudo pro fix USN-5790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1158 - 4.15.0-1158.173~14.04.1 linux-azure-tools-4.15.0-1158 - 4.15.0-1158.173~14.04.1 linux-image-unsigned-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-modules-extra-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-tools-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-azure-headers-4.15.0-1158 - 4.15.0-1158.173~14.04.1 linux-image-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-cloud-tools-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-headers-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-modules-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 linux-buildinfo-4.15.0-1158-azure - 4.15.0-1158.173~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-azure - 4.15.0.1158.125 linux-signed-azure - 4.15.0.1158.125 linux-signed-image-azure - 4.15.0.1158.125 linux-modules-extra-azure - 4.15.0.1158.125 linux-cloud-tools-azure - 4.15.0.1158.125 linux-headers-azure - 4.15.0.1158.125 linux-azure - 4.15.0.1158.125 linux-image-azure - 4.15.0.1158.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4159 CVE-2022-20421 CVE-2022-3061 CVE-2022-3586 CVE-2022-39188 CVE-2022-40307 CVE-2022-4095 Ubuntu 14.04 LTS USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service. Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5795-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsnmp-perl - 5.7.2~dfsg-8.1ubuntu3.3+esm3 libsnmp-dev - 5.7.2~dfsg-8.1ubuntu3.3+esm3 libsnmp-base - 5.7.2~dfsg-8.1ubuntu3.3+esm3 snmp - 5.7.2~dfsg-8.1ubuntu3.3+esm3 libsnmp30 - 5.7.2~dfsg-8.1ubuntu3.3+esm3 tkmib - 5.7.2~dfsg-8.1ubuntu3.3+esm3 snmpd - 5.7.2~dfsg-8.1ubuntu3.3+esm3 python-netsnmp - 5.7.2~dfsg-8.1ubuntu3.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 CVE-2022-44792 CVE-2022-44793 Ubuntu 14.04 LTS USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5796-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m-img - 0.5.3-15ubuntu0.2+esm1 w3m - 0.5.3-15ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-38223 Ubuntu 14.04 LTS It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-3437) Greg Hudson discovered that Kerberos PAC implementation used in Heimdal incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) It was discovered that Heimdal's KDC did not properly handle certain error conditions. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-44640) Update Instructions: Run `sudo pro fix USN-5800-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heimdal-servers-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libhcrypto4-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libwind0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libroken18-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libgssapi3-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-kcm - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libhdb9-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libasn1-8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libsl0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libkadm5clnt7-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-kdc - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libkdc2-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-servers - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-clients-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libheimntlm0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-docs - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libheimbase1-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libkrb5-26-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libotp0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-dev - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libkafs0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libhx509-5-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-multidev - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 libkadm5srv8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 heimdal-clients - 1.6~git20131207+dfsg-1ubuntu1.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-44758 CVE-2022-3437 CVE-2022-42898 CVE-2022-44640 Ubuntu 14.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-tools-4.4.0-1115 - 4.4.0-1115.121 linux-cloud-tools-4.4.0-1115-aws - 4.4.0-1115.121 linux-buildinfo-4.4.0-1115-aws - 4.4.0-1115.121 linux-tools-4.4.0-1115-aws - 4.4.0-1115.121 linux-aws-headers-4.4.0-1115 - 4.4.0-1115.121 linux-headers-4.4.0-1115-aws - 4.4.0-1115.121 linux-modules-4.4.0-1115-aws - 4.4.0-1115.121 linux-image-4.4.0-1115-aws - 4.4.0-1115.121 linux-aws-cloud-tools-4.4.0-1115 - 4.4.0-1115.121 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-headers-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-buildinfo-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-modules-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-cloud-tools-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-236 - 4.4.0-236.270~14.04.1 linux-image-unsigned-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-lts-xenial-tools-4.4.0-236 - 4.4.0-236.270~14.04.1 linux-tools-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-modules-extra-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-headers-4.4.0-236 - 4.4.0-236.270~14.04.1 linux-buildinfo-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-modules-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-cloud-tools-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-image-unsigned-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-image-4.4.0-236-lowlatency - 4.4.0-236.270~14.04.1 linux-tools-4.4.0-236-generic - 4.4.0-236.270~14.04.1 linux-headers-4.4.0-236-generic - 4.4.0-236.270~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1115.112 linux-headers-aws - 4.4.0.1115.112 linux-image-aws - 4.4.0.1115.112 linux-aws - 4.4.0.1115.112 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.236.205 linux-cloud-tools-generic-lts-xenial - 4.4.0.236.205 linux-cloud-tools-virtual-lts-xenial - 4.4.0.236.205 linux-tools-generic-lts-xenial - 4.4.0.236.205 linux-signed-image-lowlatency-lts-xenial - 4.4.0.236.205 linux-tools-lowlatency-lts-xenial - 4.4.0.236.205 linux-image-extra-virtual-lts-xenial - 4.4.0.236.205 linux-headers-generic-lts-xenial - 4.4.0.236.205 linux-signed-lowlatency-lts-xenial - 4.4.0.236.205 linux-lowlatency-lts-xenial - 4.4.0.236.205 linux-signed-generic-lts-xenial - 4.4.0.236.205 linux-headers-lowlatency-lts-xenial - 4.4.0.236.205 linux-generic-lts-xenial - 4.4.0.236.205 linux-image-lowlatency-lts-xenial - 4.4.0.236.205 linux-image-generic-lts-xenial - 4.4.0.236.205 linux-signed-image-generic-lts-xenial - 4.4.0.236.205 linux-headers-virtual-lts-xenial - 4.4.0.236.205 linux-tools-virtual-lts-xenial - 4.4.0.236.205 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.236.205 linux-image-virtual-lts-xenial - 4.4.0.236.205 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 14.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5804-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-azure-headers-4.15.0-1159 - 4.15.0-1159.174~14.04.1 linux-azure-tools-4.15.0-1159 - 4.15.0-1159.174~14.04.1 linux-modules-extra-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-cloud-tools-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-image-unsigned-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-azure-cloud-tools-4.15.0-1159 - 4.15.0-1159.174~14.04.1 linux-modules-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-headers-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-buildinfo-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 linux-tools-4.15.0-1159-azure - 4.15.0-1159.174~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1159.126 linux-cloud-tools-azure - 4.15.0.1159.126 linux-modules-extra-azure - 4.15.0.1159.126 linux-image-azure - 4.15.0.1159.126 linux-signed-azure - 4.15.0.1159.126 linux-headers-azure - 4.15.0.1159.126 linux-tools-azure - 4.15.0.1159.126 linux-signed-image-azure - 4.15.0.1159.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 14.04 LTS USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. (CVE-2022-46285) Update Instructions: Run `sudo pro fix USN-5807-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxpm-dev - 1:3.5.10-1ubuntu0.1+esm1 libxpm4 - 1:3.5.10-1ubuntu0.1+esm1 xpmutils - 1:3.5.10-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-46285 Ubuntu 14.04 LTS USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Update Instructions: Run `sudo pro fix USN-5810-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:1.9.1-1ubuntu0.10+esm1 gitweb - 1:1.9.1-1ubuntu0.10+esm1 git-all - 1:1.9.1-1ubuntu0.10+esm1 git-daemon-sysvinit - 1:1.9.1-1ubuntu0.10+esm1 git-arch - 1:1.9.1-1ubuntu0.10+esm1 git-bzr - 1:1.9.1-1ubuntu0.10+esm1 git-el - 1:1.9.1-1ubuntu0.10+esm1 gitk - 1:1.9.1-1ubuntu0.10+esm1 git-gui - 1:1.9.1-1ubuntu0.10+esm1 git-mediawiki - 1:1.9.1-1ubuntu0.10+esm1 git-daemon-run - 1:1.9.1-1ubuntu0.10+esm1 git-man - 1:1.9.1-1ubuntu0.10+esm1 git-doc - 1:1.9.1-1ubuntu0.10+esm1 git-svn - 1:1.9.1-1ubuntu0.10+esm1 git-cvs - 1:1.9.1-1ubuntu0.10+esm1 git-core - 1:1.9.1-1ubuntu0.10+esm1 git-email - 1:1.9.1-1ubuntu0.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-23521 CVE-2022-41903 Ubuntu 14.04 LTS USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. (CVE-2023-22809) Update Instructions: Run `sudo pro fix USN-5811-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.9p5-1ubuntu1.5+esm7 sudo - 1.8.9p5-1ubuntu1.5+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22809 Ubuntu 14.04 LTS Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-setuptools - 3.3-1ubuntu2+esm1 python-setuptools-doc - 3.3-1ubuntu2+esm1 python3-pkg-resources - 3.3-1ubuntu2+esm1 python-setuptools-whl - 3.3-1ubuntu2+esm1 python-pkg-resources - 3.3-1ubuntu2+esm1 python3-setuptools - 3.3-1ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40897 Ubuntu 14.04 LTS Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-wheel - 0.24.0-1~ubuntu1.1+esm1 python-wheel-common - 0.24.0-1~ubuntu1.1+esm1 python3-wheel - 0.24.0-1~ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40898 Ubuntu 14.04 LTS USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 1.5.4-1ubuntu4+esm3 python-pip-whl - 1.5.4-1ubuntu4+esm3 python3-pip - 1.5.4-1ubuntu4+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40898 Ubuntu 14.04 LTS USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 1.5.4-1ubuntu4+esm4 python-pip-whl - 1.5.4-1ubuntu4+esm4 python3-pip - 1.5.4-1ubuntu4+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2009130 Ubuntu 14.04 LTS It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-5825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-1ubuntu2.2+esm1 libpam0g-dev - 1.1.8-1ubuntu2.2+esm1 libpam-modules - 1.1.8-1ubuntu2.2+esm1 libpam-modules-bin - 1.1.8-1ubuntu2.2+esm1 libpam-doc - 1.1.8-1ubuntu2.2+esm1 libpam-cracklib - 1.1.8-1ubuntu2.2+esm1 libpam0g - 1.1.8-1ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2022-28321 Ubuntu 14.04 LTS USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-5825-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-1ubuntu2.2+esm3 libpam0g-dev - 1.1.8-1ubuntu2.2+esm3 libpam-modules - 1.1.8-1ubuntu2.2+esm3 libpam-modules-bin - 1.1.8-1ubuntu2.2+esm3 libpam-doc - 1.1.8-1ubuntu2.2+esm3 libpam-cracklib - 1.1.8-1ubuntu2.2+esm3 libpam0g - 1.1.8-1ubuntu2.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2022-28321 https://launchpad.net/bugs/2006073 Ubuntu 14.04 LTS It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-20217) Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) Update Instructions: Run `sudo pro fix USN-5828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.12+dfsg-2ubuntu5.4+esm3 libkadm5srv-mit8 - 1.12+dfsg-2ubuntu5.4+esm3 libk5crypto3 - 1.12+dfsg-2ubuntu5.4+esm3 krb5-user - 1.12+dfsg-2ubuntu5.4+esm3 libgssrpc4 - 1.12+dfsg-2ubuntu5.4+esm3 libkrb5support0 - 1.12+dfsg-2ubuntu5.4+esm3 krb5-doc - 1.12+dfsg-2ubuntu5.4+esm3 libkrb5-dev - 1.12+dfsg-2ubuntu5.4+esm3 krb5-pkinit - 1.12+dfsg-2ubuntu5.4+esm3 libkrb5-3 - 1.12+dfsg-2ubuntu5.4+esm3 krb5-kdc-ldap - 1.12+dfsg-2ubuntu5.4+esm3 krb5-otp - 1.12+dfsg-2ubuntu5.4+esm3 libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu5.4+esm3 krb5-gss-samples - 1.12+dfsg-2ubuntu5.4+esm3 krb5-multidev - 1.12+dfsg-2ubuntu5.4+esm3 krb5-locales - 1.12+dfsg-2ubuntu5.4+esm3 libgssapi-krb5-2 - 1.12+dfsg-2ubuntu5.4+esm3 krb5-kdc - 1.12+dfsg-2ubuntu5.4+esm3 libkrad-dev - 1.12+dfsg-2ubuntu5.4+esm3 libkrad0 - 1.12+dfsg-2ubuntu5.4+esm3 libkdb5-7 - 1.12+dfsg-2ubuntu5.4+esm3 krb5-admin-server - 1.12+dfsg-2ubuntu5.4+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20217 CVE-2022-42898 Ubuntu 14.04 LTS It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5836-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm6 vim-gnome - 2:7.4.052-1ubuntu3.1+esm6 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm6 vim-athena - 2:7.4.052-1ubuntu3.1+esm6 vim-gtk - 2:7.4.052-1ubuntu3.1+esm6 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm6 vim - 2:7.4.052-1ubuntu3.1+esm6 vim-doc - 2:7.4.052-1ubuntu3.1+esm6 vim-tiny - 2:7.4.052-1ubuntu3.1+esm6 vim-runtime - 2:7.4.052-1ubuntu3.1+esm6 vim-nox - 2:7.4.052-1ubuntu3.1+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47024 CVE-2023-0049 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 Ubuntu 14.04 LTS It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467) It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347) It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291) It was discovered that Long Range ZIP incorrectly handled memory allocation, which could lead to a heap memory corruption. An attacker could possibly use this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-28044) Update Instructions: Run `sudo pro fix USN-5840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lrzip - 0.616-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-5786 CVE-2020-25467 CVE-2021-27345 CVE-2021-27347 CVE-2022-26291 CVE-2022-28044 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. (CVE-2019-14973, CVE-2019-17546, CVE-2020-35523, CVE-2020-35524, CVE-2022-3970) It was discovered that LibTIFF was incorrectly acessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-48281) Update Instructions: Run `sudo pro fix USN-5841-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm6 libtiffxx5 - 4.0.3-7ubuntu0.11+esm6 libtiff5-dev - 4.0.3-7ubuntu0.11+esm6 libtiff4-dev - 4.0.3-7ubuntu0.11+esm6 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm6 libtiff5 - 4.0.3-7ubuntu0.11+esm6 libtiff-tools - 4.0.3-7ubuntu0.11+esm6 libtiff-doc - 4.0.3-7ubuntu0.11+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14973 CVE-2019-17546 CVE-2020-35523 CVE-2020-35524 CVE-2022-3970 CVE-2022-48281 Ubuntu 14.04 LTS It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tmux - 1.8-5ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47016 Ubuntu 14.04 LTS USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Update Instructions: Run `sudo pro fix USN-5845-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.1f-1ubuntu2.27+esm6 openssl - 1.0.1f-1ubuntu2.27+esm6 libssl-doc - 1.0.1f-1ubuntu2.27+esm6 libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0215 CVE-2023-0286 Ubuntu 14.04 LTS Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5849-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heimdal-servers-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libhcrypto4-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libwind0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libroken18-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libgssapi3-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-kcm - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libhdb9-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libasn1-8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libsl0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libkadm5clnt7-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-kdc - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libkdc2-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-servers - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-clients-x - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libheimntlm0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-docs - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libheimbase1-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libkrb5-26-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libotp0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-dev - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libkafs0-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libhx509-5-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-multidev - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 libkadm5srv8-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 heimdal-clients - 1.6~git20131207+dfsg-1ubuntu1.2+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-45142 Ubuntu 14.04 LTS USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images. Update Instructions: Run `sudo pro fix USN-5855-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm5 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm5 imagemagick - 8:6.7.7.10-6ubuntu3.13+esm5 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13+esm5 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm5 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm5 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13+esm5 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13+esm5 libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm5 perlmagick - 8:6.7.7.10-6ubuntu3.13+esm5 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-44267 CVE-2022-44268 Ubuntu 14.04 LTS Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaprutil1-dbd-odbc - 1.5.3-1ubuntu0.1~esm2 libaprutil1 - 1.5.3-1ubuntu0.1~esm2 libaprutil1-dbd-mysql - 1.5.3-1ubuntu0.1~esm2 libaprutil1-ldap - 1.5.3-1ubuntu0.1~esm2 libaprutil1-dbd-sqlite3 - 1.5.3-1ubuntu0.1~esm2 libaprutil1-dbd-pgsql - 1.5.3-1ubuntu0.1~esm2 libaprutil1-dev - 1.5.3-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-25147 Ubuntu 14.04 LTS Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2022-22747) Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-34480) Update Instructions: Run `sudo pro fix USN-5872-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm11 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm11 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm11 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm11 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-22747 CVE-2022-34480 Ubuntu 14.04 LTS Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2023-20032) Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2023-20052) Update Instructions: Run `sudo pro fix USN-5887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20032 CVE-2023-20052 Ubuntu 14.04 LTS USN-5892-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-0767) Update Instructions: Run `sudo pro fix USN-5892-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.14.04.5+esm12 libnss3-dev - 2:3.28.4-0ubuntu0.14.04.5+esm12 libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm12 libnss3-1d - 2:3.28.4-0ubuntu0.14.04.5+esm12 libnss3-tools - 2:3.28.4-0ubuntu0.14.04.5+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0767 Ubuntu 14.04 LTS Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925) It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-43552) Update Instructions: Run `sudo pro fix USN-5894-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm14 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm14 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm14 libcurl4-doc - 7.35.0-1ubuntu2.20+esm14 libcurl3-nss - 7.35.0-1ubuntu2.20+esm14 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm14 libcurl3 - 7.35.0-1ubuntu2.20+esm14 curl - 7.35.0-1ubuntu2.20+esm14 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22898 CVE-2021-22925 CVE-2022-43552 Ubuntu 14.04 LTS It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Update Instructions: Run `sudo pro fix USN-5900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.27.1-1ubuntu0.1+esm3 tar - 1.27.1-1ubuntu0.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48303 Ubuntu 14.04 LTS Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Update Instructions: Run `sudo pro fix USN-5904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.1-3ubuntu1.1+esm2 libsox-fmt-pulse - 14.4.1-3ubuntu1.1+esm2 libsox-fmt-ao - 14.4.1-3ubuntu1.1+esm2 sox - 14.4.1-3ubuntu1.1+esm2 libsox2 - 14.4.1-3ubuntu1.1+esm2 libsox-fmt-base - 14.4.1-3ubuntu1.1+esm2 libsox-fmt-all - 14.4.1-3ubuntu1.1+esm2 libsox-dev - 14.4.1-3ubuntu1.1+esm2 libsox-fmt-alsa - 14.4.1-3ubuntu1.1+esm2 libsox-fmt-oss - 14.4.1-3ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-13590 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 Ubuntu 14.04 LTS USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory details: Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Update Instructions: Run `sudo pro fix USN-5904-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.1-3ubuntu1.1+esm3 libsox-fmt-pulse - 14.4.1-3ubuntu1.1+esm3 libsox-fmt-ao - 14.4.1-3ubuntu1.1+esm3 sox - 14.4.1-3ubuntu1.1+esm3 libsox2 - 14.4.1-3ubuntu1.1+esm3 libsox-fmt-base - 14.4.1-3ubuntu1.1+esm3 libsox-fmt-all - 14.4.1-3ubuntu1.1+esm3 libsox-dev - 14.4.1-3ubuntu1.1+esm3 libsox-fmt-alsa - 14.4.1-3ubuntu1.1+esm3 libsox-fmt-oss - 14.4.1-3ubuntu1.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33844 Ubuntu 14.04 LTS It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571) It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572) Update Instructions: Run `sudo pro fix USN-5910-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librack-ruby - 1.5.2-3+deb8u3ubuntu1~esm6 librack-ruby1.8 - 1.5.2-3+deb8u3ubuntu1~esm6 librack-ruby1.9.1 - 1.5.2-3+deb8u3ubuntu1~esm6 ruby-rack - 1.5.2-3+deb8u3ubuntu1~esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 Ubuntu 14.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5916-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-3.13.0-192-lowlatency - 3.13.0-192.243 linux-buildinfo-3.13.0-192-generic - 3.13.0-192.243 linux-modules-3.13.0-192-generic - 3.13.0-192.243 linux-tools-common - 3.13.0-192.243 linux-cloud-tools-3.13.0-192-generic - 3.13.0-192.243 linux-headers-3.13.0-192 - 3.13.0-192.243 linux-image-3.13.0-192-generic - 3.13.0-192.243 linux-buildinfo-3.13.0-192-lowlatency - 3.13.0-192.243 linux-cloud-tools-3.13.0-192 - 3.13.0-192.243 linux-modules-extra-3.13.0-192-generic - 3.13.0-192.243 linux-headers-3.13.0-192-generic - 3.13.0-192.243 linux-doc - 3.13.0-192.243 linux-image-3.13.0-192-lowlatency - 3.13.0-192.243 linux-headers-3.13.0-192-lowlatency - 3.13.0-192.243 linux-modules-3.13.0-192-lowlatency - 3.13.0-192.243 linux-source-3.13.0 - 3.13.0-192.243 linux-libc-dev - 3.13.0-192.243 linux-tools-3.13.0-192 - 3.13.0-192.243 linux-tools-3.13.0-192-generic - 3.13.0-192.243 linux-cloud-tools-3.13.0-192-lowlatency - 3.13.0-192.243 linux-image-unsigned-3.13.0-192-generic - 3.13.0-192.243 linux-cloud-tools-common - 3.13.0-192.243 linux-image-unsigned-3.13.0-192-lowlatency - 3.13.0-192.243 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-server - 3.13.0.192.202 linux-image-extra-virtual - 3.13.0.192.202 linux-signed-generic-lts-quantal - 3.13.0.192.202 linux-signed-generic-lts-saucy - 3.13.0.192.202 linux-signed-image-generic-lts-raring - 3.13.0.192.202 linux-cloud-tools-lowlatency - 3.13.0.192.202 linux-headers-generic-lts-saucy - 3.13.0.192.202 linux-signed-image-generic-lts-saucy - 3.13.0.192.202 linux-cloud-tools-virtual - 3.13.0.192.202 linux-signed-generic-lts-raring - 3.13.0.192.202 linux-hwe-virtual-trusty - 3.13.0.192.202 linux-tools-generic-lts-trusty - 3.13.0.192.202 linux-headers-server - 3.13.0.192.202 linux-generic - 3.13.0.192.202 linux-image-generic-lts-quantal - 3.13.0.192.202 hv-kvp-daemon-init - 3.13.0.192.202 linux-headers-generic - 3.13.0.192.202 linux-server - 3.13.0.192.202 linux-virtual - 3.13.0.192.202 linux-headers-generic-lts-trusty - 3.13.0.192.202 linux-crashdump - 3.13.0.192.202 linux-image-virtual - 3.13.0.192.202 linux-image-generic-lts-trusty - 3.13.0.192.202 linux-signed-image-generic - 3.13.0.192.202 linux-generic-lts-raring-eol-upgrade - 3.13.0.192.202 linux-generic-lts-quantal - 3.13.0.192.202 linux-tools-lts-trusty - 3.13.0.192.202 linux-lowlatency - 3.13.0.192.202 linux-tools-generic-lts-saucy - 3.13.0.192.202 linux-source - 3.13.0.192.202 linux-image-generic - 3.13.0.192.202 linux-tools-lts-raring - 3.13.0.192.202 linux-image-hwe-generic-trusty - 3.13.0.192.202 linux-headers-lowlatency - 3.13.0.192.202 linux-tools-lowlatency - 3.13.0.192.202 linux-headers-virtual - 3.13.0.192.202 linux-cloud-tools-generic - 3.13.0.192.202 linux-generic-lts-quantal-eol-upgrade - 3.13.0.192.202 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.192.202 linux-signed-image-generic-lts-trusty - 3.13.0.192.202 linux-image-hwe-virtual-trusty - 3.13.0.192.202 linux-tools-lts-quantal - 3.13.0.192.202 linux-generic-lts-saucy-eol-upgrade - 3.13.0.192.202 linux-image-generic-lts-saucy - 3.13.0.192.202 linux-generic-lts-trusty - 3.13.0.192.202 linux-headers-generic-lts-raring - 3.13.0.192.202 linux-signed-generic-lts-trusty - 3.13.0.192.202 linux-generic-lts-saucy - 3.13.0.192.202 linux-signed-image-generic-lts-quantal - 3.13.0.192.202 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.192.202 linux-tools-lts-saucy - 3.13.0.192.202 linux-headers-generic-lts-quantal - 3.13.0.192.202 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.192.202 linux-image-generic-lts-raring - 3.13.0.192.202 linux-signed-generic - 3.13.0.192.202 linux-hwe-generic-trusty - 3.13.0.192.202 linux-tools-generic - 3.13.0.192.202 linux-image-lowlatency - 3.13.0.192.202 linux-generic-lts-raring - 3.13.0.192.202 linux-tools-virtual - 3.13.0.192.202 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-42703 Ubuntu 14.04 LTS It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. (CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804) Update Instructions: Run `sudo pro fix USN-5923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.3-7ubuntu0.11+esm7 libtiffxx5 - 4.0.3-7ubuntu0.11+esm7 libtiff5-dev - 4.0.3-7ubuntu0.11+esm7 libtiff4-dev - 4.0.3-7ubuntu0.11+esm7 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm7 libtiff5 - 4.0.3-7ubuntu0.11+esm7 libtiff-tools - 4.0.3-7ubuntu0.11+esm7 libtiff-doc - 4.0.3-7ubuntu0.11+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 Ubuntu 14.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update Instructions: Run `sudo pro fix USN-5924-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-headers-4.15.0-1162 - 4.15.0-1162.177~14.04.1 linux-tools-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 linux-azure-tools-4.15.0-1162 - 4.15.0-1162.177~14.04.1 linux-modules-extra-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 linux-modules-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 linux-headers-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 linux-image-unsigned-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 linux-azure-cloud-tools-4.15.0-1162 - 4.15.0-1162.177~14.04.1 linux-cloud-tools-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 linux-buildinfo-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1162-azure - 4.15.0-1162.177~14.04.1+1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1162.128 linux-signed-image-azure - 4.15.0.1162.128 linux-modules-extra-azure - 4.15.0.1162.128 linux-tools-azure - 4.15.0.1162.128 linux-cloud-tools-azure - 4.15.0.1162.128 linux-headers-azure - 4.15.0.1162.128 linux-azure - 4.15.0.1162.128 linux-image-azure - 4.15.0.1162.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3669 CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3424 CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-36280 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-43750 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-23455 CVE-2023-23559 Ubuntu 14.04 LTS Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20566) Duoming Zhou discovered that a race condition existed in the SLIP driver in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-41858) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update Instructions: Run `sudo pro fix USN-5926-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.4.0-1116-aws - 4.4.0-1116.122 linux-modules-4.4.0-1116-aws - 4.4.0-1116.122 linux-tools-4.4.0-1116-aws - 4.4.0-1116.122 linux-buildinfo-4.4.0-1116-aws - 4.4.0-1116.122 linux-headers-4.4.0-1116-aws - 4.4.0-1116.122 linux-aws-headers-4.4.0-1116 - 4.4.0-1116.122 linux-aws-tools-4.4.0-1116 - 4.4.0-1116.122 linux-image-4.4.0-1116-aws - 4.4.0-1116.122 linux-aws-cloud-tools-4.4.0-1116 - 4.4.0-1116.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-modules-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-modules-extra-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-cloud-tools-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 linux-tools-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-image-unsigned-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-headers-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-cloud-tools-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-headers-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-237 - 4.4.0-237.271~14.04.1 linux-lts-xenial-tools-4.4.0-237 - 4.4.0-237.271~14.04.1 linux-modules-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 linux-image-4.4.0-237-generic - 4.4.0-237.271~14.04.1 linux-image-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 linux-tools-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 linux-image-unsigned-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 linux-headers-4.4.0-237 - 4.4.0-237.271~14.04.1 linux-buildinfo-4.4.0-237-lowlatency - 4.4.0-237.271~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1116.113 linux-aws - 4.4.0.1116.113 linux-headers-aws - 4.4.0.1116.113 linux-image-aws - 4.4.0.1116.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.237.206 linux-image-generic-lts-xenial - 4.4.0.237.206 linux-cloud-tools-virtual-lts-xenial - 4.4.0.237.206 linux-tools-generic-lts-xenial - 4.4.0.237.206 linux-tools-lowlatency-lts-xenial - 4.4.0.237.206 linux-image-extra-virtual-lts-xenial - 4.4.0.237.206 linux-signed-image-lowlatency-lts-xenial - 4.4.0.237.206 linux-headers-generic-lts-xenial - 4.4.0.237.206 linux-signed-lowlatency-lts-xenial - 4.4.0.237.206 linux-signed-generic-lts-xenial - 4.4.0.237.206 linux-headers-lowlatency-lts-xenial - 4.4.0.237.206 linux-image-lowlatency-lts-xenial - 4.4.0.237.206 linux-cloud-tools-generic-lts-xenial - 4.4.0.237.206 linux-signed-image-generic-lts-xenial - 4.4.0.237.206 linux-headers-virtual-lts-xenial - 4.4.0.237.206 linux-tools-virtual-lts-xenial - 4.4.0.237.206 linux-generic-lts-xenial - 4.4.0.237.206 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.237.206 linux-lowlatency-lts-xenial - 4.4.0.237.206 linux-image-virtual-lts-xenial - 4.4.0.237.206 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4155 CVE-2022-20566 CVE-2022-41858 CVE-2022-42895 CVE-2023-0045 CVE-2023-23559 Ubuntu 14.04 LTS It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan() function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3821) It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415) It was discovered that systemd did not properly manage a crash with long backtrace data. A local attacker could possibly use this issue to cause a deadlock, leading to a denial of service attack. This issue only affected Ubuntu 22.10. (CVE-2022-45873) Update Instructions: Run `sudo pro fix USN-5928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgudev-1.0-dev - 1:204-5ubuntu20.31+esm2 gir1.2-gudev-1.0 - 1:204-5ubuntu20.31+esm2 libgudev-1.0-0 - 1:204-5ubuntu20.31+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libsystemd-id128-dev - 204-5ubuntu20.31+esm2 systemd - 204-5ubuntu20.31+esm2 python-systemd - 204-5ubuntu20.31+esm2 libsystemd-journal0 - 204-5ubuntu20.31+esm2 libsystemd-journal-dev - 204-5ubuntu20.31+esm2 libsystemd-id128-0 - 204-5ubuntu20.31+esm2 libudev1 - 204-5ubuntu20.31+esm2 systemd-services - 204-5ubuntu20.31+esm2 libpam-systemd - 204-5ubuntu20.31+esm2 libsystemd-daemon0 - 204-5ubuntu20.31+esm2 libsystemd-login-dev - 204-5ubuntu20.31+esm2 udev - 204-5ubuntu20.31+esm2 libsystemd-daemon-dev - 204-5ubuntu20.31+esm2 libudev-dev - 204-5ubuntu20.31+esm2 libsystemd-login0 - 204-5ubuntu20.31+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3821 CVE-2022-4415 CVE-2022-45873 Ubuntu 14.04 LTS It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749, CVE-2022-38750) It was discovered that SnakeYAML did not limit the maximal data matched with regular expressions when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751) Update Instructions: Run `sudo pro fix USN-5944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyaml-snake-java - 1.12-2ubuntu0.14.04.1~esm1 libyaml-snake-java-doc - 1.12-2ubuntu0.14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 Ubuntu 14.04 LTS It was discovered that Protocol Buffers did not properly validate field com.google.protobuf.UnknownFieldSet in protobuf-java. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected protobuf Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2021-22569) It was discovered that Protocol Buffers did not properly parse certain symbols. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2021-22570) It was discovered that Protocol Buffers did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1941) Update Instructions: Run `sudo pro fix USN-5945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprotoc-dev - 2.5.0-9ubuntu1+esm1 libprotoc8 - 2.5.0-9ubuntu1+esm1 python-protobuf - 2.5.0-9ubuntu1+esm1 libprotobuf8 - 2.5.0-9ubuntu1+esm1 libprotobuf-dev - 2.5.0-9ubuntu1+esm1 libprotobuf-lite8 - 2.5.0-9ubuntu1+esm1 libprotobuf-java - 2.5.0-9ubuntu1+esm1 protobuf-compiler - 2.5.0-9ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-22569 CVE-2021-22570 CVE-2022-1941 Ubuntu 14.04 LTS Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39140) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39139, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39151, CVE-2021-39153, CVE-2021-39154) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39150, CVE-2021-39152) Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-41966) Update Instructions: Run `sudo pro fix USN-5946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxstream-java - 1.4.7-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2022-41966 Ubuntu 14.04 LTS It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery (CSRF) attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-5607) It was discovered that IPython did not properly manage cross user temporary files. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2022-21699) Update Instructions: Run `sudo pro fix USN-5953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ipython3-notebook - 1.2.1-2ubuntu0.1~esm1 ipython3 - 1.2.1-2ubuntu0.1~esm1 ipython-notebook-common - 1.2.1-2ubuntu0.1~esm1 ipython-doc - 1.2.1-2ubuntu0.1~esm1 ipython - 1.2.1-2ubuntu0.1~esm1 ipython3-qtconsole - 1.2.1-2ubuntu0.1~esm1 ipython-notebook - 1.2.1-2ubuntu0.1~esm1 ipython-qtconsole - 1.2.1-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-5607 CVE-2022-21699 Ubuntu 14.04 LTS Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters. Update Instructions: Run `sudo pro fix USN-5960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm14 libpython2.7 - 2.7.6-8ubuntu0.6+esm14 python2.7 - 2.7.6-8ubuntu0.6+esm14 python2.7-minimal - 2.7.6-8ubuntu0.6+esm14 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm14 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm14 idle-python2.7 - 2.7.6-8ubuntu0.6+esm14 python2.7-doc - 2.7.6-8ubuntu0.6+esm14 python2.7-dev - 2.7.6-8ubuntu0.6+esm14 python2.7-examples - 2.7.6-8ubuntu0.6+esm14 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm14 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24329 Ubuntu 14.04 LTS It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-0051) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-1170, CVE-2023-1175) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-1264) Update Instructions: Run `sudo pro fix USN-5963-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm7 vim-gnome - 2:7.4.052-1ubuntu3.1+esm7 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm7 vim-athena - 2:7.4.052-1ubuntu3.1+esm7 vim-gtk - 2:7.4.052-1ubuntu3.1+esm7 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm7 vim - 2:7.4.052-1ubuntu3.1+esm7 vim-doc - 2:7.4.052-1ubuntu3.1+esm7 vim-tiny - 2:7.4.052-1ubuntu3.1+esm7 vim-runtime - 2:7.4.052-1ubuntu3.1+esm7 vim-nox - 2:7.4.052-1ubuntu3.1+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47024 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 Ubuntu 14.04 LTS USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. (CVE-2023-27533) Harry Sintonen discovered that curl incorrectly reused certain FTP connections. This could lead to the wrong credentials being reused, contrary to expectations. (CVE-2023-27535) Harry Sintonen discovered that curl incorrectly reused connections when the GSS delegation option had been changed. This could lead to the option being reused, contrary to expectations. (CVE-2023-27536) Update Instructions: Run `sudo pro fix USN-5964-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm15 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm15 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm15 libcurl4-doc - 7.35.0-1ubuntu2.20+esm15 libcurl3-nss - 7.35.0-1ubuntu2.20+esm15 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm15 libcurl3 - 7.35.0-1ubuntu2.20+esm15 curl - 7.35.0-1ubuntu2.20+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 Ubuntu 14.04 LTS Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.3.3-2ubuntu1.1 amanda-common - 1:3.3.3-2ubuntu1.1 amanda-server - 1:3.3.3-2ubuntu1.1 No subscription required High CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 Ubuntu 14.04 LTS USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.3.3-2ubuntu1.1+esm2 amanda-common - 1:3.3.3-2ubuntu1.1+esm2 amanda-server - 1:3.3.3-2ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2012536 Ubuntu 14.04 LTS It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-5968-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-git - 0.3.2~RC1-3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-24439 Ubuntu 14.04 LTS It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10196) It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11023) It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution. These issues only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-18032) Update Instructions: Run `sudo pro fix USN-5971-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgv-perl - 2.36.0-0ubuntu3.2+esm1 libcgraph6 - 2.36.0-0ubuntu3.2+esm1 libgv-tcl - 2.36.0-0ubuntu3.2+esm1 libgv-guile - 2.36.0-0ubuntu3.2+esm1 libxdot4 - 2.36.0-0ubuntu3.2+esm1 libgvc6-plugins-gtk - 2.36.0-0ubuntu3.2+esm1 libcdt5 - 2.36.0-0ubuntu3.2+esm1 graphviz - 2.36.0-0ubuntu3.2+esm1 libgv-php5 - 2.36.0-0ubuntu3.2+esm1 libgv-python - 2.36.0-0ubuntu3.2+esm1 libgv-lua - 2.36.0-0ubuntu3.2+esm1 libpathplan4 - 2.36.0-0ubuntu3.2+esm1 graphviz-doc - 2.36.0-0ubuntu3.2+esm1 libgvpr2 - 2.36.0-0ubuntu3.2+esm1 libgraphviz-dev - 2.36.0-0ubuntu3.2+esm1 graphviz-dev - 2.36.0-0ubuntu3.2+esm1 libgvc6 - 2.36.0-0ubuntu3.2+esm1 libgv-ruby - 2.36.0-0ubuntu3.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-10196 CVE-2019-11023 CVE-2020-18032 Ubuntu 14.04 LTS It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184) It was discovered that GraphicsMagick was not properly validating bits per pixel data when processing DIB image files. If a user or automated system were tricked into processing a specially crafted DIB image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20189) It was discovered that GraphicsMagick was not properly processing bit-field mask values in BMP image files, which could result in the execution of an infinite loop. If a user or automated system were tricked into processing a specially crafted BMP image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685) It was discovered that GraphicsMagick was not properly validating data used in arithmetic operations when processing MNG image files, which could result in a divide-by-zero error. If a user or automated system were tricked into processing a specially crafted MNG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018) It was discovered that GraphicsMagick was not properly performing bounds checks when processing MIFF image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MIFF image file, an attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-11006) It was discovered that GraphicsMagick did not properly magnify certain MNG image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MNG image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-12672) It was discovered that GraphicsMagick was not properly performing bounds checks when parsing certain MIFF image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MIFF image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1270) Update Instructions: Run `sudo pro fix USN-5974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphicsmagick++3 - 1.3.18-1ubuntu3.1+esm8 libgraphics-magick-perl - 1.3.18-1ubuntu3.1+esm8 libgraphicsmagick1-dev - 1.3.18-1ubuntu3.1+esm8 libgraphicsmagick3 - 1.3.18-1ubuntu3.1+esm8 graphicsmagick - 1.3.18-1ubuntu3.1+esm8 graphicsmagick-imagemagick-compat - 1.3.18-1ubuntu3.1+esm8 graphicsmagick-libmagick-dev-compat - 1.3.18-1ubuntu3.1+esm8 libgraphicsmagick++1-dev - 1.3.18-1ubuntu3.1+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20184 CVE-2018-20189 CVE-2018-5685 CVE-2018-9018 CVE-2019-11006 CVE-2020-12672 CVE-2022-1270 Ubuntu 14.04 LTS It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-14697) It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928) Update Instructions: Run `sudo pro fix USN-5990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: musl-dev - 0.9.15-1ubuntu0.1~esm2 musl-tools - 0.9.15-1ubuntu0.1~esm2 musl - 0.9.15-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14697 CVE-2020-28928 Ubuntu 14.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980) Update Instructions: Run `sudo pro fix USN-5995-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm8 vim-gnome - 2:7.4.052-1ubuntu3.1+esm8 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm8 vim-athena - 2:7.4.052-1ubuntu3.1+esm8 vim-gtk - 2:7.4.052-1ubuntu3.1+esm8 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm8 vim - 2:7.4.052-1ubuntu3.1+esm8 vim-doc - 2:7.4.052-1ubuntu3.1+esm8 vim-tiny - 2:7.4.052-1ubuntu3.1+esm8 vim-runtime - 2:7.4.052-1ubuntu3.1+esm8 vim-nox - 2:7.4.052-1ubuntu3.1+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0413 CVE-2022-1629 CVE-2022-1674 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2183 CVE-2022-2206 CVE-2022-2304 CVE-2022-2344 CVE-2022-2345 CVE-2022-2571 CVE-2022-2581 CVE-2022-2845 CVE-2022-2849 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 Ubuntu 14.04 LTS It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6008-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexo-common - 0.10.2-3ubuntu1.14.04.2+esm1 libexo-1-dev - 0.10.2-3ubuntu1.14.04.2+esm1 libexo-1-0 - 0.10.2-3ubuntu1.14.04.2+esm1 libexo-helpers - 0.10.2-3ubuntu1.14.04.2+esm1 exo-utils - 0.10.2-3ubuntu1.14.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-32278 Ubuntu 14.04 LTS Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28712, CVE-2021-28713) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) It was discovered that the IEEE 802.15.4 wireless network subsystem in the Linux kernel did not properly handle certain error conditions, leading to a null pointer dereference vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-3659) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) Jann Horn discovered that the socket subsystem in the Linux kernel contained a race condition when handling listen() and connect() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2021-4203) It was discovered that the file system quotas implementation in the Linux kernel did not properly validate the quota block number. An attacker could use this to construct a malicious file system image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-45868) Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0487) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the tty subsystem in the Linux kernel contained a race condition in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2022-1462) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) It was discovered that the HID subsystem in the Linux kernel did not properly validate inputs in certain conditions. A local attacker with physical access could plug in a specially crafted USB device to expose sensitive information. (CVE-2022-20132) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20572, CVE-2022-2503) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did not properly handle data lengths in certain situations. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2991) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Jiasheng Jiang discovered that the wm8350 charger driver in the Linux kernel did not properly deallocate memory, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3111) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB core subsystem in the Linux kernel did not properly handle nested reset events. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (kernel deadlock). (CVE-2022-4662) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly initialize a data structure, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1095) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-26607) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6013-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1117-aws - 4.4.0-1117.123 linux-buildinfo-4.4.0-1117-aws - 4.4.0-1117.123 linux-cloud-tools-4.4.0-1117-aws - 4.4.0-1117.123 linux-aws-tools-4.4.0-1117 - 4.4.0-1117.123 linux-aws-headers-4.4.0-1117 - 4.4.0-1117.123 linux-headers-4.4.0-1117-aws - 4.4.0-1117.123 linux-modules-4.4.0-1117-aws - 4.4.0-1117.123 linux-aws-cloud-tools-4.4.0-1117 - 4.4.0-1117.123 linux-image-4.4.0-1117-aws - 4.4.0-1117.123 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1117.114 linux-headers-aws - 4.4.0.1117.114 linux-image-aws - 4.4.0.1117.114 linux-aws - 4.4.0.1117.114 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36516 CVE-2021-26401 CVE-2021-28712 CVE-2021-28713 CVE-2021-3428 CVE-2021-3659 CVE-2021-3669 CVE-2021-3732 CVE-2021-3772 CVE-2021-4149 CVE-2021-4203 CVE-2021-45868 CVE-2022-0487 CVE-2022-0494 CVE-2022-0617 CVE-2022-1016 CVE-2022-1195 CVE-2022-1205 CVE-2022-1462 CVE-2022-1516 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20572 CVE-2022-2318 CVE-2022-2380 CVE-2022-2503 CVE-2022-2663 CVE-2022-2991 CVE-2022-3061 CVE-2022-3111 CVE-2022-3303 CVE-2022-3628 CVE-2022-36280 CVE-2022-3646 CVE-2022-36879 CVE-2022-3903 CVE-2022-39188 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-4662 CVE-2022-47929 CVE-2023-0394 CVE-2023-1074 CVE-2023-1095 CVE-2023-1118 CVE-2023-23455 CVE-2023-26545 CVE-2023-26607 Ubuntu 14.04 LTS Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) It was discovered that the IEEE 802.15.4 wireless network subsystem in the Linux kernel did not properly handle certain error conditions, leading to a null pointer dereference vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-3659) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) Jann Horn discovered that the socket subsystem in the Linux kernel contained a race condition when handling listen() and connect() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2021-4203) It was discovered that the file system quotas implementation in the Linux kernel did not properly validate the quota block number. An attacker could use this to construct a malicious file system image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-45868) Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0487) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the tty subsystem in the Linux kernel contained a race condition in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2022-1462) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) It was discovered that the HID subsystem in the Linux kernel did not properly validate inputs in certain conditions. A local attacker with physical access could plug in a specially crafted USB device to expose sensitive information. (CVE-2022-20132) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20572, CVE-2022-2503) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did not properly handle data lengths in certain situations. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2991) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Jiasheng Jiang discovered that the wm8350 charger driver in the Linux kernel did not properly deallocate memory, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3111) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB core subsystem in the Linux kernel did not properly handle nested reset events. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (kernel deadlock). (CVE-2022-4662) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly initialize a data structure, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1095) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-26607) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-image-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-239 - 4.4.0-239.273~14.04.1 linux-image-unsigned-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 linux-cloud-tools-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 linux-headers-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 linux-tools-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-cloud-tools-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-lts-xenial-tools-4.4.0-239 - 4.4.0-239.273~14.04.1 linux-buildinfo-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 linux-headers-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-buildinfo-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-modules-extra-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-image-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 linux-modules-4.4.0-239-generic - 4.4.0-239.273~14.04.1 linux-headers-4.4.0-239 - 4.4.0-239.273~14.04.1 linux-modules-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 linux-tools-4.4.0-239-lowlatency - 4.4.0-239.273~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.239.207 linux-cloud-tools-virtual-lts-xenial - 4.4.0.239.207 linux-tools-generic-lts-xenial - 4.4.0.239.207 linux-signed-image-lowlatency-lts-xenial - 4.4.0.239.207 linux-tools-lowlatency-lts-xenial - 4.4.0.239.207 linux-image-extra-virtual-lts-xenial - 4.4.0.239.207 linux-headers-generic-lts-xenial - 4.4.0.239.207 linux-signed-lowlatency-lts-xenial - 4.4.0.239.207 linux-lowlatency-lts-xenial - 4.4.0.239.207 linux-signed-generic-lts-xenial - 4.4.0.239.207 linux-headers-lowlatency-lts-xenial - 4.4.0.239.207 linux-generic-lts-xenial - 4.4.0.239.207 linux-image-lowlatency-lts-xenial - 4.4.0.239.207 linux-image-generic-lts-xenial - 4.4.0.239.207 linux-signed-image-generic-lts-xenial - 4.4.0.239.207 linux-headers-virtual-lts-xenial - 4.4.0.239.207 linux-cloud-tools-generic-lts-xenial - 4.4.0.239.207 linux-tools-virtual-lts-xenial - 4.4.0.239.207 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.239.207 linux-image-virtual-lts-xenial - 4.4.0.239.207 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36516 CVE-2021-26401 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-3428 CVE-2021-3659 CVE-2021-3669 CVE-2021-3732 CVE-2021-3772 CVE-2021-4149 CVE-2021-4203 CVE-2021-45868 CVE-2022-0487 CVE-2022-0494 CVE-2022-0617 CVE-2022-1016 CVE-2022-1195 CVE-2022-1205 CVE-2022-1462 CVE-2022-1516 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20572 CVE-2022-2318 CVE-2022-2380 CVE-2022-2503 CVE-2022-2663 CVE-2022-2991 CVE-2022-3061 CVE-2022-3111 CVE-2022-3303 CVE-2022-3628 CVE-2022-36280 CVE-2022-3646 CVE-2022-36879 CVE-2022-3903 CVE-2022-39188 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-4662 CVE-2022-47929 CVE-2023-0394 CVE-2023-1074 CVE-2023-1095 CVE-2023-1118 CVE-2023-23455 CVE-2023-26545 CVE-2023-26607 Ubuntu 14.04 LTS It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4166) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192) It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554) It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629) It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685) It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714) It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729) It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207) Update Instructions: Run `sudo pro fix USN-6026-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm9 vim-gnome - 2:7.4.052-1ubuntu3.1+esm9 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm9 vim-athena - 2:7.4.052-1ubuntu3.1+esm9 vim-gtk - 2:7.4.052-1ubuntu3.1+esm9 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm9 vim - 2:7.4.052-1ubuntu3.1+esm9 vim-doc - 2:7.4.052-1ubuntu3.1+esm9 vim-tiny - 2:7.4.052-1ubuntu3.1+esm9 vim-runtime - 2:7.4.052-1ubuntu3.1+esm9 vim-nox - 2:7.4.052-1ubuntu3.1+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408 CVE-2022-0443 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0714 CVE-2022-0729 CVE-2022-2207 Ubuntu 14.04 LTS It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2023-28484) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. (CVE-2023-29469) Update Instructions: Run `sudo pro fix USN-6028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm5 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13+esm5 python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm5 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13+esm5 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28484 CVE-2023-29469 Ubuntu 14.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) Update Instructions: Run `sudo pro fix USN-6029-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-headers-4.15.0-1163 - 4.15.0-1163.178~14.04.1 linux-azure-tools-4.15.0-1163 - 4.15.0-1163.178~14.04.1 linux-cloud-tools-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-headers-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-buildinfo-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-modules-extra-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-azure-cloud-tools-4.15.0-1163 - 4.15.0-1163.178~14.04.1 linux-image-unsigned-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-modules-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-tools-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 linux-image-4.15.0-1163-azure - 4.15.0-1163.178~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1163.129 linux-cloud-tools-azure - 4.15.0.1163.129 linux-modules-extra-azure - 4.15.0.1163.129 linux-headers-azure - 4.15.0.1163.129 linux-azure - 4.15.0.1163.129 linux-tools-azure - 4.15.0.1163.129 linux-image-azure - 4.15.0.1163.129 linux-signed-image-azure - 4.15.0.1163.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3903 CVE-2023-1073 CVE-2023-1074 CVE-2023-1281 CVE-2023-26545 Ubuntu 14.04 LTS It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP. Update Instructions: Run `sudo pro fix USN-6034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.68-1ubuntu0.2+esm2 dnsmasq-utils - 2.68-1ubuntu0.2+esm2 dnsmasq-base - 2.68-1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-28450 Ubuntu 14.04 LTS It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3996) David Benjamin discovered that OpenSSL was not properly performing the verification of X.509 certificate chains that include policy constraints, which could lead to excessive resource consumption. If a user or automated system were tricked into processing a specially crafted X.509 certificate chain that includes policy constraints, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0464) David Benjamin discovered that OpenSSL was not properly handling invalid certificate policies in leaf certificates, which would result in certain policy checks being skipped for the certificate. If a user or automated system were tricked into processing a specially crafted certificate, a remote attacker could possibly use this issue to assert invalid certificate policies and circumvent policy checking. (CVE-2023-0465) David Benjamin discovered that OpenSSL incorrectly documented the functionalities of function X509_VERIFY_PARAM_add0_policy, stating that it would implicitly enable certificate policy checks when doing certificate verifications, contrary to its implementation. This could cause users and applications to not perform certificate policy checks even when expected to do so. (CVE-2023-0466) Update Instructions: Run `sudo pro fix USN-6039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.1f-1ubuntu2.27+esm7 openssl - 1.0.1f-1ubuntu2.27+esm7 libssl-doc - 1.0.1f-1ubuntu2.27+esm7 libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-3996 CVE-2023-0464 CVE-2023-0466 Ubuntu 14.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. (CVE-2023-1829) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate the queue of socket buffers (skb) when handling certain UDP packets. A remote attacker could use this to cause a denial of service. (CVE-2023-1390) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1670) Update Instructions: Run `sudo pro fix USN-6045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.4.0-1118-aws - 4.4.0-1118.124 linux-modules-4.4.0-1118-aws - 4.4.0-1118.124 linux-cloud-tools-4.4.0-1118-aws - 4.4.0-1118.124 linux-buildinfo-4.4.0-1118-aws - 4.4.0-1118.124 linux-tools-4.4.0-1118-aws - 4.4.0-1118.124 linux-aws-headers-4.4.0-1118 - 4.4.0-1118.124 linux-aws-tools-4.4.0-1118 - 4.4.0-1118.124 linux-image-4.4.0-1118-aws - 4.4.0-1118.124 linux-aws-cloud-tools-4.4.0-1118 - 4.4.0-1118.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-modules-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-headers-4.4.0-240 - 4.4.0-240.274~14.04.1 linux-modules-extra-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-buildinfo-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-tools-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-image-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-cloud-tools-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-240 - 4.4.0-240.274~14.04.1 linux-headers-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-image-unsigned-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-image-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-tools-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-lts-xenial-tools-4.4.0-240 - 4.4.0-240.274~14.04.1 linux-headers-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-modules-4.4.0-240-generic - 4.4.0-240.274~14.04.1 linux-image-unsigned-4.4.0-240-lowlatency - 4.4.0-240.274~14.04.1 linux-cloud-tools-4.4.0-240-generic - 4.4.0-240.274~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1118.115 linux-aws - 4.4.0.1118.115 linux-headers-aws - 4.4.0.1118.115 linux-image-aws - 4.4.0.1118.115 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.240.208 linux-cloud-tools-generic-lts-xenial - 4.4.0.240.208 linux-cloud-tools-virtual-lts-xenial - 4.4.0.240.208 linux-tools-generic-lts-xenial - 4.4.0.240.208 linux-signed-image-lowlatency-lts-xenial - 4.4.0.240.208 linux-tools-lowlatency-lts-xenial - 4.4.0.240.208 linux-image-extra-virtual-lts-xenial - 4.4.0.240.208 linux-headers-generic-lts-xenial - 4.4.0.240.208 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.240.208 linux-signed-lowlatency-lts-xenial - 4.4.0.240.208 linux-lowlatency-lts-xenial - 4.4.0.240.208 linux-signed-generic-lts-xenial - 4.4.0.240.208 linux-headers-lowlatency-lts-xenial - 4.4.0.240.208 linux-generic-lts-xenial - 4.4.0.240.208 linux-image-generic-lts-xenial - 4.4.0.240.208 linux-signed-image-generic-lts-xenial - 4.4.0.240.208 linux-headers-virtual-lts-xenial - 4.4.0.240.208 linux-image-lowlatency-lts-xenial - 4.4.0.240.208 linux-tools-virtual-lts-xenial - 4.4.0.240.208 linux-image-virtual-lts-xenial - 4.4.0.240.208 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3586 CVE-2022-4095 CVE-2023-1390 CVE-2023-1670 CVE-2023-1829 Ubuntu 14.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-headers-4.15.0-1164 - 4.15.0-1164.179~14.04.1 linux-image-unsigned-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-azure-cloud-tools-4.15.0-1164 - 4.15.0-1164.179~14.04.1 linux-cloud-tools-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-modules-extra-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-modules-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-buildinfo-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-azure-tools-4.15.0-1164 - 4.15.0-1164.179~14.04.1 linux-image-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-tools-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 linux-headers-4.15.0-1164-azure - 4.15.0-1164.179~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-azure - 4.15.0.1164.130 linux-signed-azure - 4.15.0.1164.130 linux-signed-image-azure - 4.15.0.1164.130 linux-modules-extra-azure - 4.15.0.1164.130 linux-cloud-tools-azure - 4.15.0.1164.130 linux-headers-azure - 4.15.0.1164.130 linux-azure - 4.15.0.1164.130 linux-image-azure - 4.15.0.1164.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1829 Ubuntu 14.04 LTS It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library. Update Instructions: Run `sudo pro fix USN-6048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzen-dev - 0.4.29-1ubuntu0.1~esm1 libzen-doc - 0.4.29-1ubuntu0.1~esm1 libzen0 - 0.4.29-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36646 Ubuntu 14.04 LTS USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations. Update Instructions: Run `sudo pro fix USN-6054-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 1.6.11-0ubuntu1.3+esm6 python-django - 1.6.11-0ubuntu1.3+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-31047 Ubuntu 14.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-azure-tools-4.15.0-1165 - 4.15.0-1165.180~14.04.1 linux-buildinfo-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-modules-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-image-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-azure-headers-4.15.0-1165 - 4.15.0-1165.180~14.04.1 linux-azure-cloud-tools-4.15.0-1165 - 4.15.0-1165.180~14.04.1 linux-headers-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-cloud-tools-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-image-unsigned-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 linux-tools-4.15.0-1165-azure - 4.15.0-1165.180~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-azure - 4.15.0.1165.131 linux-cloud-tools-azure - 4.15.0.1165.131 linux-tools-azure - 4.15.0.1165.131 linux-signed-image-azure - 4.15.0.1165.131 linux-signed-azure - 4.15.0.1165.131 linux-headers-azure - 4.15.0.1165.131 linux-azure - 4.15.0.1165.131 linux-image-azure - 4.15.0.1165.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 14.04 LTS It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-19035) It was discovered that Jhead did not properly handle certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301) It was discovered that Jhead did not properly handle certain crafted images while processing IPTC data. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302) Binbin Li discovered that Jhead did not properly handle certain crafted images while processing the DQT data. An attacker could cause Jhead to crash. (CVE-2020-6624) Binbin Li discovered that Jhead did not properly handle certain crafted images while processing longitude data. An attacker could cause Jhead to crash. (CVE-2020-6625) Feng Zhao Yang discovered that Jhead did not properly handle certain crafted images while reading JPEG sections. An attacker could cause Jhead to crash. (CVE-2020-26208) It was discovered that Jhead did not properly handle certain crafted images while processing Canon images. An attacker could cause Jhead to crash. (CVE-2021-28276) It was discovered that Jhead did not properly handle certain crafted images when removing a certain type of sections. An attacker could cause Jhead to crash. (CVE-2021-28278) Update Instructions: Run `sudo pro fix USN-6098-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:2.97-1+deb8u2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-1010301 CVE-2019-1010302 CVE-2019-19035 CVE-2020-26208 CVE-2020-6624 CVE-2020-6625 CVE-2021-28276 CVE-2021-28278 Ubuntu 14.04 LTS It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458) It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491) Update Instructions: Run `sudo pro fix USN-6099-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 5.9+20140118-1ubuntu1+esm3 lib32tinfo-dev - 5.9+20140118-1ubuntu1+esm3 ncurses-examples - 5.9+20140118-1ubuntu1+esm3 ncurses-bin - 5.9+20140118-1ubuntu1+esm3 lib32ncurses5-dev - 5.9+20140118-1ubuntu1+esm3 lib32ncursesw5 - 5.9+20140118-1ubuntu1+esm3 libtinfo-dev - 5.9+20140118-1ubuntu1+esm3 lib32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm3 lib32tinfo5 - 5.9+20140118-1ubuntu1+esm3 libtinfo5 - 5.9+20140118-1ubuntu1+esm3 lib32ncurses5 - 5.9+20140118-1ubuntu1+esm3 lib64tinfo5 - 5.9+20140118-1ubuntu1+esm3 libncurses5-dev - 5.9+20140118-1ubuntu1+esm3 lib64ncurses5 - 5.9+20140118-1ubuntu1+esm3 lib64ncurses5-dev - 5.9+20140118-1ubuntu1+esm3 libncurses5 - 5.9+20140118-1ubuntu1+esm3 libx32ncurses5-dev - 5.9+20140118-1ubuntu1+esm3 libncursesw5 - 5.9+20140118-1ubuntu1+esm3 ncurses-base - 5.9+20140118-1ubuntu1+esm3 libx32tinfo-dev - 5.9+20140118-1ubuntu1+esm3 ncurses-doc - 5.9+20140118-1ubuntu1+esm3 libx32ncursesw5 - 5.9+20140118-1ubuntu1+esm3 libx32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm3 libx32tinfo5 - 5.9+20140118-1ubuntu1+esm3 libncursesw5-dev - 5.9+20140118-1ubuntu1+esm3 ncurses-term - 5.9+20140118-1ubuntu1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17594 CVE-2019-17595 CVE-2021-39537 CVE-2022-29458 CVE-2023-29491 Ubuntu 14.04 LTS It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service (ReDoS). Update Instructions: Run `sudo pro fix USN-6100-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhtml-stripscripts-perl - 1.05-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24038 Ubuntu 14.04 LTS It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. (CVE-2023-1579) It was discovered that GNU binutils did not properly verify the version definitions in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-1972) It was discovered that GNU binutils did not properly validate the size of length parameter in vms-alpha. An attacker could possibly use this issue to cause a crash or access sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-25584) It was discovered that GNU binutils did not properly initialized the file_table field of struct module and the_bfd field of asymbol. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-25585, CVE-2023-25588) Update Instructions: Run `sudo pro fix USN-6101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.24-5ubuntu14.2+esm1 binutils-multiarch-dev - 2.24-5ubuntu14.2+esm1 binutils-static - 2.24-5ubuntu14.2+esm1 binutils-doc - 2.24-5ubuntu14.2+esm1 binutils-multiarch - 2.24-5ubuntu14.2+esm1 binutils - 2.24-5ubuntu14.2+esm1 binutils-source - 2.24-5ubuntu14.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1579 CVE-2023-1972 CVE-2023-25584 CVE-2023-25585 CVE-2023-25588 Ubuntu 14.04 LTS USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-6105-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20230311~14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/ Ubuntu 14.04 LTS It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-34055) Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2022-41751) Update Instructions: Run `sudo pro fix USN-6108-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:2.97-1+deb8u2ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-34055 CVE-2022-41751 Ubuntu 14.04 LTS It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-3496) It was discovered that Jhead did not properly handle certain crafted images when printing Canon-specific information. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 20.04. (CVE-2021-28275) It was discovered that Jhead did not properly handle certain crafted images when removing unknown sections. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-28277) Kyle Brown discovered that Jhead did not properly handle certain crafted images when editing their comments. An attacker could possibly use this to crash Jhead, resulting in a denial of service. (LP: #2020068) Update Instructions: Run `sudo pro fix USN-6110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:2.97-1+deb8u2ubuntu0.1~esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-28275 CVE-2021-28277 CVE-2021-3496 https://launchpad.net/bugs/2020068 Ubuntu 14.04 LTS It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules. Update Instructions: Run `sudo pro fix USN-6112-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.18.2-2ubuntu1.7+esm5 perl-doc - 5.18.2-2ubuntu1.7+esm5 libcgi-fast-perl - 5.18.2-2ubuntu1.7+esm5 perl - 5.18.2-2ubuntu1.7+esm5 perl-base - 5.18.2-2ubuntu1.7+esm5 perl-modules - 5.18.2-2ubuntu1.7+esm5 perl-debug - 5.18.2-2ubuntu1.7+esm5 libperl5.18 - 5.18.2-2ubuntu1.7+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31484 Ubuntu 14.04 LTS It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6113-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:2.97-1+deb8u2ubuntu0.1~esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-6612 Ubuntu 14.04 LTS It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648) It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. (CVE-2022-40146) It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890) Update Instructions: Run `sudo pro fix USN-6117-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbatik-java - 1.7.ubuntu-8ubuntu2.14.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17566 CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146 CVE-2022-41704 CVE-2022-42890 Ubuntu 14.04 LTS USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6129-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.6.31-4ubuntu1.3+esm2 avahi-daemon - 0.6.31-4ubuntu1.3+esm2 avahi-discover - 0.6.31-4ubuntu1.3+esm2 avahi-dnsconfd - 0.6.31-4ubuntu1.3+esm2 avahi-ui-utils - 0.6.31-4ubuntu1.3+esm2 avahi-utils - 0.6.31-4ubuntu1.3+esm2 libavahi-client-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-client3 - 0.6.31-4ubuntu1.3+esm2 libavahi-common-data - 0.6.31-4ubuntu1.3+esm2 libavahi-common-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-common3 - 0.6.31-4ubuntu1.3+esm2 libavahi-compat-libdnssd-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-compat-libdnssd1 - 0.6.31-4ubuntu1.3+esm2 libavahi-core-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-core7 - 0.6.31-4ubuntu1.3+esm2 libavahi-glib-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-glib1 - 0.6.31-4ubuntu1.3+esm2 libavahi-gobject-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-gobject0 - 0.6.31-4ubuntu1.3+esm2 libavahi-qt4-1 - 0.6.31-4ubuntu1.3+esm2 libavahi-qt4-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-ui-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-ui-gtk3-0 - 0.6.31-4ubuntu1.3+esm2 libavahi-ui-gtk3-dev - 0.6.31-4ubuntu1.3+esm2 libavahi-ui0 - 0.6.31-4ubuntu1.3+esm2 python-avahi - 0.6.31-4ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1981 Ubuntu 14.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Update Instructions: Run `sudo pro fix USN-6130-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-azure-tools-4.15.0-1166 - 4.15.0-1166.181~14.04.1 linux-tools-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-azure-headers-4.15.0-1166 - 4.15.0-1166.181~14.04.1 linux-modules-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-image-unsigned-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-azure-cloud-tools-4.15.0-1166 - 4.15.0-1166.181~14.04.1 linux-image-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-modules-extra-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-headers-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 linux-cloud-tools-4.15.0-1166-azure - 4.15.0-1166.181~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1166.132 linux-signed-image-azure - 4.15.0.1166.132 linux-cloud-tools-azure - 4.15.0.1166.132 linux-modules-extra-azure - 4.15.0.1166.132 linux-headers-azure - 4.15.0.1166.132 linux-azure - 4.15.0.1166.132 linux-tools-azure - 4.15.0.1166.132 linux-image-azure - 4.15.0.1166.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1380 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 Ubuntu 14.04 LTS Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. (CVE-2023-24329) Update Instructions: Run `sudo pro fix USN-6139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm15 libpython2.7 - 2.7.6-8ubuntu0.6+esm15 python2.7 - 2.7.6-8ubuntu0.6+esm15 python2.7-dev - 2.7.6-8ubuntu0.6+esm15 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm15 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm15 python2.7-minimal - 2.7.6-8ubuntu0.6+esm15 idle-python2.7 - 2.7.6-8ubuntu0.6+esm15 python2.7-doc - 2.7.6-8ubuntu0.6+esm15 python2.7-examples - 2.7.6-8ubuntu0.6+esm15 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24329 Ubuntu 14.04 LTS It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377) It was discovered that Sysstat incorrectly handled certain arithmetic multiplications in 64-bit systems, as a result of an incomplete fix for CVE-2022-39377. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-33204) Update Instructions: Run `sudo pro fix USN-6145-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 10.2.0-1ubuntu0.1~esm1 sysstat - 10.2.0-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-39377 CVE-2023-33204 Ubuntu 14.04 LTS It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-31439) It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0194) It was discovered that Netatalk did not properly handle errors when parsing AppleDouble entries. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23121) It was discovered that Netatalk did not properly validate the length of user-supplied data in the setfilparams function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23122) It was discovered that Netatalk did not properly validate the length of user-supplied data in the getdirparams function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123) It was discovered that Netatalk did not properly validate the length of user-supplied data in the get_finderinfo function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23124) It was discovered that Netatalk did not properly validate the length of user-supplied data in the copyapplfile function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125) It was discovered that Netatalk did not properly validate the length of user-supplied data in the dsi_writeinit function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43634) It was discovered that Netatalk did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted .appl file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-45188) Update Instructions: Run `sudo pro fix USN-6146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: netatalk - 2.2.2-1ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 Ubuntu 14.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-6149-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1119-aws - 4.4.0-1119.125 linux-modules-4.4.0-1119-aws - 4.4.0-1119.125 linux-headers-4.4.0-1119-aws - 4.4.0-1119.125 linux-aws-cloud-tools-4.4.0-1119 - 4.4.0-1119.125 linux-aws-headers-4.4.0-1119 - 4.4.0-1119.125 linux-image-4.4.0-1119-aws - 4.4.0-1119.125 linux-aws-tools-4.4.0-1119 - 4.4.0-1119.125 linux-cloud-tools-4.4.0-1119-aws - 4.4.0-1119.125 linux-tools-4.4.0-1119-aws - 4.4.0-1119.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-headers-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-tools-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 linux-cloud-tools-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 linux-image-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 linux-headers-4.4.0-241 - 4.4.0-241.275~14.04.1 linux-cloud-tools-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-modules-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-lts-xenial-tools-4.4.0-241 - 4.4.0-241.275~14.04.1 linux-image-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-241 - 4.4.0-241.275~14.04.1 linux-modules-extra-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-headers-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 linux-image-unsigned-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-tools-4.4.0-241-generic - 4.4.0-241.275~14.04.1 linux-modules-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 linux-buildinfo-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 linux-image-unsigned-4.4.0-241-lowlatency - 4.4.0-241.275~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-aws - 4.4.0.1119.116 linux-aws - 4.4.0.1119.116 linux-headers-aws - 4.4.0.1119.116 linux-image-aws - 4.4.0.1119.116 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-virtual-lts-xenial - 4.4.0.241.209 linux-image-generic-lts-xenial - 4.4.0.241.209 linux-cloud-tools-virtual-lts-xenial - 4.4.0.241.209 linux-tools-generic-lts-xenial - 4.4.0.241.209 linux-signed-image-lowlatency-lts-xenial - 4.4.0.241.209 linux-tools-lowlatency-lts-xenial - 4.4.0.241.209 linux-image-extra-virtual-lts-xenial - 4.4.0.241.209 linux-signed-lowlatency-lts-xenial - 4.4.0.241.209 linux-lowlatency-lts-xenial - 4.4.0.241.209 linux-signed-generic-lts-xenial - 4.4.0.241.209 linux-headers-lowlatency-lts-xenial - 4.4.0.241.209 linux-generic-lts-xenial - 4.4.0.241.209 linux-image-lowlatency-lts-xenial - 4.4.0.241.209 linux-cloud-tools-generic-lts-xenial - 4.4.0.241.209 linux-signed-image-generic-lts-xenial - 4.4.0.241.209 linux-headers-generic-lts-xenial - 4.4.0.241.209 linux-headers-virtual-lts-xenial - 4.4.0.241.209 linux-tools-virtual-lts-xenial - 4.4.0.241.209 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.241.209 linux-image-virtual-lts-xenial - 4.4.0.241.209 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1073 CVE-2023-1380 CVE-2023-28328 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 Ubuntu 14.04 LTS It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-2426) It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-2609) It was discovered that Vim was not properly limiting the length of substitution expression strings, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-2610) Update Instructions: Run `sudo pro fix USN-6154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.052-1ubuntu3.1+esm10 vim-gnome - 2:7.4.052-1ubuntu3.1+esm10 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm10 vim-athena - 2:7.4.052-1ubuntu3.1+esm10 vim-gtk - 2:7.4.052-1ubuntu3.1+esm10 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm10 vim - 2:7.4.052-1ubuntu3.1+esm10 vim-doc - 2:7.4.052-1ubuntu3.1+esm10 vim-tiny - 2:7.4.052-1ubuntu3.1+esm10 vim-runtime - 2:7.4.052-1ubuntu3.1+esm10 vim-nox - 2:7.4.052-1ubuntu3.1+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 Ubuntu 14.04 LTS It was discovered that pano13 did not properly validate the prefix provided for PTcrop's output. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307) It was discovered that pano13 did not properly handle certain crafted TIFF images. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service. (CVE-2021-33293) Update Instructions: Run `sudo pro fix USN-6163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpano13-dev - 2.9.18+dfsg-6ubuntu2+esm1 libpano13-bin - 2.9.18+dfsg-6ubuntu2+esm1 libpano13-2 - 2.9.18+dfsg-6ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20307 CVE-2021-33293 Ubuntu 14.04 LTS USN-6165-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks. Update Instructions: Run `sudo pro fix USN-6165-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.40.2-0ubuntu1.1+esm6 libglib2.0-0-refdbg - 2.40.2-0ubuntu1.1+esm6 libglib2.0-bin - 2.40.2-0ubuntu1.1+esm6 libglib2.0-data - 2.40.2-0ubuntu1.1+esm6 libglib2.0-dev - 2.40.2-0ubuntu1.1+esm6 libglib2.0-doc - 2.40.2-0ubuntu1.1+esm6 libglib2.0-tests - 2.40.2-0ubuntu1.1+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 Ubuntu 14.04 LTS USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-2603) Update Instructions: Run `sudo pro fix USN-6166-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcap2 - 1:2.24-0ubuntu2+esm1 libcap2-bin - 1:2.24-0ubuntu2+esm1 libpam-cap - 1:2.24-0ubuntu2+esm1 libcap-dev - 1:2.24-0ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2603 Ubuntu 14.04 LTS It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1050) It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4144) It was discovered that QEMU did not properly manage memory in the ACPI Error Record Serialization Table (ERST) device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-4172) It was discovered that QEMU did not properly manage memory when DMA memory writes happen repeatedly in the lsi53c895a device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2023-0330) Update Instructions: Run `sudo pro fix USN-6167-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-misc - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-arm - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-kvm - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-user - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-keymaps - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-utils - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-user-static - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-common - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-guest-agent - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.47+esm3 qemu-system-mips - 2.0.0+dfsg-2ubuntu1.47+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1050 CVE-2022-4144 CVE-2022-4172 CVE-2023-0330 Ubuntu 14.04 LTS USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6168-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.2-1ubuntu2.1+esm3 libx11-data - 2:1.6.2-1ubuntu2.1+esm3 libx11-dev - 2:1.6.2-1ubuntu2.1+esm3 libx11-doc - 2:1.6.2-1ubuntu2.1+esm3 libx11-xcb-dev - 2:1.6.2-1ubuntu2.1+esm3 libx11-xcb1 - 2:1.6.2-1ubuntu2.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3138 Ubuntu 14.04 LTS It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgsasl7 - 1.8.0-2ubuntu2+esm1 libgsasl7-dev - 1.8.0-2ubuntu2+esm1 gsasl - 1.8.0-2ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-2469 Ubuntu 14.04 LTS USN-6183-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-2828) It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-2911) Update Instructions: Run `sudo pro fix USN-6183-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm10 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm10 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm10 dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm10 host - 1:9.9.5.dfsg-3ubuntu0.19+esm10 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm10 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm10 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2828 Ubuntu 14.04 LTS Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6188-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.1f-1ubuntu2.27+esm9 libssl-doc - 1.0.1f-1ubuntu2.27+esm9 libssl1.0.0 - 1.0.1f-1ubuntu2.27+esm9 openssl - 1.0.1f-1ubuntu2.27+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2650 Ubuntu 14.04 LTS USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6190-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: accountsservice - 0.6.35-0ubuntu7.3+esm3 gir1.2-accountsservice-1.0 - 0.6.35-0ubuntu7.3+esm3 libaccountsservice-dev - 0.6.35-0ubuntu7.3+esm3 libaccountsservice-doc - 0.6.35-0ubuntu7.3+esm3 libaccountsservice0 - 0.6.35-0ubuntu7.3+esm3 libpam-pin - 0.6.35-0ubuntu7.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3297 Ubuntu 14.04 LTS It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6197-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.31-1+nmu2ubuntu8.5+esm6 libldap-2.4-2 - 2.4.31-1+nmu2ubuntu8.5+esm6 libldap2-dev - 2.4.31-1+nmu2ubuntu8.5+esm6 slapd - 2.4.31-1+nmu2ubuntu8.5+esm6 slapd-smbk5pwd - 2.4.31-1+nmu2ubuntu8.5+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-2953 Ubuntu 14.04 LTS It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application. Update Instructions: Run `sudo pro fix USN-6198-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.1.0~20120320gitdb59704-9ubuntu0.1~esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-24626 Ubuntu 14.04 LTS Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to crash Gerbv (resulting in a denial of service), or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40391, CVE-2021-40394) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv (resulting in a denial of service), or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40393) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information. (CVE-2021-40400, CVE-2021-40403) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv (resulting in a denial of service), or execute arbitrary code. (CVE-2021-40401) Update Instructions: Run `sudo pro fix USN-6209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gerbv - 2.6.0-1ubuntu0.14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-40391 CVE-2021-40393 CVE-2021-40394 CVE-2021-40400 CVE-2021-40401 CVE-2021-40403 Ubuntu 14.04 LTS USN-6130-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message. Update Instructions: Run `sudo pro fix USN-6211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1167 - 4.15.0-1167.182~14.04.1 linux-azure-headers-4.15.0-1167 - 4.15.0-1167.182~14.04.1 linux-azure-tools-4.15.0-1167 - 4.15.0-1167.182~14.04.1 linux-buildinfo-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-cloud-tools-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-headers-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-image-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-image-unsigned-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-modules-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-modules-extra-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 linux-tools-4.15.0-1167-azure - 4.15.0-1167.182~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1167.133 linux-cloud-tools-azure - 4.15.0.1167.133 linux-headers-azure - 4.15.0.1167.133 linux-image-azure - 4.15.0.1167.133 linux-modules-extra-azure - 4.15.0.1167.133 linux-signed-azure - 4.15.0.1167.133 linux-signed-image-azure - 4.15.0.1167.133 linux-tools-azure - 4.15.0.1167.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2020279 Ubuntu 14.04 LTS It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) Update Instructions: Run `sudo pro fix USN-6221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1120 - 4.4.0-1120.126 linux-aws-headers-4.4.0-1120 - 4.4.0-1120.126 linux-aws-tools-4.4.0-1120 - 4.4.0-1120.126 linux-buildinfo-4.4.0-1120-aws - 4.4.0-1120.126 linux-cloud-tools-4.4.0-1120-aws - 4.4.0-1120.126 linux-headers-4.4.0-1120-aws - 4.4.0-1120.126 linux-image-4.4.0-1120-aws - 4.4.0-1120.126 linux-modules-4.4.0-1120-aws - 4.4.0-1120.126 linux-tools-4.4.0-1120-aws - 4.4.0-1120.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-buildinfo-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 linux-cloud-tools-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-cloud-tools-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 linux-headers-4.4.0-242 - 4.4.0-242.276~14.04.1 linux-headers-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-headers-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 linux-image-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-image-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 linux-image-unsigned-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-image-unsigned-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-242 - 4.4.0-242.276~14.04.1 linux-lts-xenial-tools-4.4.0-242 - 4.4.0-242.276~14.04.1 linux-modules-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-modules-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 linux-modules-extra-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-tools-4.4.0-242-generic - 4.4.0-242.276~14.04.1 linux-tools-4.4.0-242-lowlatency - 4.4.0-242.276~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1120.117 linux-headers-aws - 4.4.0.1120.117 linux-image-aws - 4.4.0.1120.117 linux-tools-aws - 4.4.0.1120.117 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.242.210 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.242.210 linux-cloud-tools-virtual-lts-xenial - 4.4.0.242.210 linux-generic-lts-xenial - 4.4.0.242.210 linux-headers-generic-lts-xenial - 4.4.0.242.210 linux-headers-lowlatency-lts-xenial - 4.4.0.242.210 linux-headers-virtual-lts-xenial - 4.4.0.242.210 linux-image-extra-virtual-lts-xenial - 4.4.0.242.210 linux-image-generic-lts-xenial - 4.4.0.242.210 linux-image-lowlatency-lts-xenial - 4.4.0.242.210 linux-image-virtual-lts-xenial - 4.4.0.242.210 linux-lowlatency-lts-xenial - 4.4.0.242.210 linux-signed-generic-lts-xenial - 4.4.0.242.210 linux-signed-image-generic-lts-xenial - 4.4.0.242.210 linux-signed-image-lowlatency-lts-xenial - 4.4.0.242.210 linux-signed-lowlatency-lts-xenial - 4.4.0.242.210 linux-tools-generic-lts-xenial - 4.4.0.242.210 linux-tools-lowlatency-lts-xenial - 4.4.0.242.210 linux-tools-virtual-lts-xenial - 4.4.0.242.210 linux-virtual-lts-xenial - 4.4.0.242.210 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20321 CVE-2021-3753 CVE-2022-1184 CVE-2022-26373 CVE-2022-29901 CVE-2023-1990 CVE-2023-3111 Ubuntu 14.04 LTS It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-25433, CVE-2023-26965) It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service (CVE-2023-26966) It was discovered that LibTIFF was not properly performing bounds checks when closing a previously opened TIFF file, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3316) Update Instructions: Run `sudo pro fix USN-6229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.3-7ubuntu0.11+esm8 libtiff-opengl - 4.0.3-7ubuntu0.11+esm8 libtiff-tools - 4.0.3-7ubuntu0.11+esm8 libtiff4-dev - 4.0.3-7ubuntu0.11+esm8 libtiff5 - 4.0.3-7ubuntu0.11+esm8 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm8 libtiff5-dev - 4.0.3-7ubuntu0.11+esm8 libtiffxx5 - 4.0.3-7ubuntu0.11+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-3316 Ubuntu 14.04 LTS It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wkhtmltopdf - 0.9.9-4ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-21365 Ubuntu 14.04 LTS It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service (application abort). (CVE-2017-16516) It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-24795) It was discovered that memory leaks existed in one of the YAJL parsing functions. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2023-33460) Update Instructions: Run `sudo pro fix USN-6233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyajl-dev - 2.0.4-4ubuntu0.1~esm1 libyajl-doc - 2.0.4-4ubuntu0.1~esm1 libyajl2 - 2.0.4-4ubuntu0.1~esm1 yajl-tools - 2.0.4-4ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-16516 CVE-2022-24795 CVE-2023-33460 Ubuntu 14.04 LTS USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. (CVE-2023-28321) Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. (CVE-2023-28322) It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001) Update Instructions: Run `sudo pro fix USN-6237-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.35.0-1ubuntu2.20+esm16 libcurl3 - 7.35.0-1ubuntu2.20+esm16 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm16 libcurl3-nss - 7.35.0-1ubuntu2.20+esm16 libcurl4-doc - 7.35.0-1ubuntu2.20+esm16 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm16 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm16 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm16 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-28321 CVE-2023-28322 Ubuntu 14.04 LTS USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6242-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:6.6p1-2ubuntu2.13+esm1 openssh-server - 1:6.6p1-2ubuntu2.13+esm1 openssh-sftp-server - 1:6.6p1-2ubuntu2.13+esm1 ssh - 1:6.6p1-2ubuntu2.13+esm1 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.13+esm1 ssh-krb5 - 1:6.6p1-2ubuntu2.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38408 Ubuntu 14.04 LTS It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638) It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2022-4728, CVE-2022-4729, CVE-2022-4730) Update Instructions: Run `sudo pro fix USN-6243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphite-web - 0.9.12+debian-3ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-18638 CVE-2022-4728 CVE-2022-4729 CVE-2022-4730 Ubuntu 14.04 LTS It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1670) It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2023-1859) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Update Instructions: Run `sudo pro fix USN-6252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1168 - 4.15.0-1168.183~14.04.1 linux-azure-headers-4.15.0-1168 - 4.15.0-1168.183~14.04.1 linux-azure-tools-4.15.0-1168 - 4.15.0-1168.183~14.04.1 linux-buildinfo-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-cloud-tools-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-headers-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-image-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-image-unsigned-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-modules-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-modules-extra-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 linux-tools-4.15.0-1168-azure - 4.15.0-1168.183~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1168.134 linux-cloud-tools-azure - 4.15.0.1168.134 linux-headers-azure - 4.15.0.1168.134 linux-image-azure - 4.15.0.1168.134 linux-modules-extra-azure - 4.15.0.1168.134 linux-signed-azure - 4.15.0.1168.134 linux-signed-image-azure - 4.15.0.1168.134 linux-tools-azure - 4.15.0.1168.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-1184 CVE-2022-3303 CVE-2023-1611 CVE-2023-1670 CVE-2023-1859 CVE-2023-1990 CVE-2023-2124 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 Ubuntu 14.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit() function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0458) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle extra inode size for extended attributes, leading to a use-after-free vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2513) It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that a use-after-free vulnerability existed in the IEEE 1394 (Firewire) implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3159) Sanan Hasanov discovered that the framebuffer console driver in the Linux kernel did not properly perform checks for font dimension limits. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-3161) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Update Instructions: Run `sudo pro fix USN-6254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1121 - 4.4.0-1121.127 linux-aws-headers-4.4.0-1121 - 4.4.0-1121.127 linux-aws-tools-4.4.0-1121 - 4.4.0-1121.127 linux-buildinfo-4.4.0-1121-aws - 4.4.0-1121.127 linux-cloud-tools-4.4.0-1121-aws - 4.4.0-1121.127 linux-headers-4.4.0-1121-aws - 4.4.0-1121.127 linux-image-4.4.0-1121-aws - 4.4.0-1121.127 linux-modules-4.4.0-1121-aws - 4.4.0-1121.127 linux-tools-4.4.0-1121-aws - 4.4.0-1121.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-buildinfo-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 linux-cloud-tools-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-cloud-tools-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 linux-headers-4.4.0-243 - 4.4.0-243.277~14.04.1 linux-headers-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-headers-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 linux-image-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-image-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 linux-image-unsigned-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-image-unsigned-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-243 - 4.4.0-243.277~14.04.1 linux-lts-xenial-tools-4.4.0-243 - 4.4.0-243.277~14.04.1 linux-modules-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-modules-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 linux-modules-extra-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-tools-4.4.0-243-generic - 4.4.0-243.277~14.04.1 linux-tools-4.4.0-243-lowlatency - 4.4.0-243.277~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1121.118 linux-headers-aws - 4.4.0.1121.118 linux-image-aws - 4.4.0.1121.118 linux-tools-aws - 4.4.0.1121.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.243.211 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.243.211 linux-cloud-tools-virtual-lts-xenial - 4.4.0.243.211 linux-generic-lts-xenial - 4.4.0.243.211 linux-headers-generic-lts-xenial - 4.4.0.243.211 linux-headers-lowlatency-lts-xenial - 4.4.0.243.211 linux-headers-virtual-lts-xenial - 4.4.0.243.211 linux-image-extra-virtual-lts-xenial - 4.4.0.243.211 linux-image-generic-lts-xenial - 4.4.0.243.211 linux-image-lowlatency-lts-xenial - 4.4.0.243.211 linux-image-virtual-lts-xenial - 4.4.0.243.211 linux-lowlatency-lts-xenial - 4.4.0.243.211 linux-signed-generic-lts-xenial - 4.4.0.243.211 linux-signed-image-generic-lts-xenial - 4.4.0.243.211 linux-signed-image-lowlatency-lts-xenial - 4.4.0.243.211 linux-signed-lowlatency-lts-xenial - 4.4.0.243.211 linux-tools-generic-lts-xenial - 4.4.0.243.211 linux-tools-lowlatency-lts-xenial - 4.4.0.243.211 linux-tools-virtual-lts-xenial - 4.4.0.243.211 linux-virtual-lts-xenial - 4.4.0.243.211 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0458 CVE-2023-1611 CVE-2023-2124 CVE-2023-2162 CVE-2023-2513 CVE-2023-3090 CVE-2023-3141 CVE-2023-3159 CVE-2023-3161 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 Ubuntu 14.04 LTS It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-13164) It was discovered that Wireshark did not properly handle certain GVCP packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15466) It was discovered that Wireshark did not properly handle certain Kafka packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-17498) It was discovered that Wireshark did not properly handle certain TCP packages containing an invalid 0xFFFF checksum. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25862) It was discovered that Wireshark did not properly handle certain MIME packages containing invalid parts. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25863) Update Instructions: Run `sudo pro fix USN-6262-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwireshark-data - 2.6.10-1~ubuntu14.04.0~esm2 libwireshark-dev - 2.6.10-1~ubuntu14.04.0~esm2 libwireshark11 - 2.6.10-1~ubuntu14.04.0~esm2 libwiretap-dev - 2.6.10-1~ubuntu14.04.0~esm2 libwiretap8 - 2.6.10-1~ubuntu14.04.0~esm2 libwscodecs2 - 2.6.10-1~ubuntu14.04.0~esm2 libwsutil-dev - 2.6.10-1~ubuntu14.04.0~esm2 libwsutil9 - 2.6.10-1~ubuntu14.04.0~esm2 tshark - 2.6.10-1~ubuntu14.04.0~esm2 wireshark - 2.6.10-1~ubuntu14.04.0~esm2 wireshark-common - 2.6.10-1~ubuntu14.04.0~esm2 wireshark-dev - 2.6.10-1~ubuntu14.04.0~esm2 wireshark-doc - 2.6.10-1~ubuntu14.04.0~esm2 wireshark-gtk - 2.6.10-1~ubuntu14.04.0~esm2 wireshark-qt - 2.6.10-1~ubuntu14.04.0~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-13164 CVE-2020-15466 CVE-2020-17498 CVE-2020-25862 CVE-2020-25863 Ubuntu 14.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2182) It was discovered that Vim incorrectly handled memory when deleting buffers in diff mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2208) It was discovered that Vim incorrectly handled memory access. An attacker could possibly use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2210) It was discovered that Vim incorrectly handled memory when using nested :source. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2231) It was discovered that Vim did not properly perform bounds checks when processing a menu item with the only modifier. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2257) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. (CVE-2022-2264, CVE-2022-2284, CVE-2022-2289) It was discovered that Vim did not properly perform bounds checks when going over the end of the typahead. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2285) It was discovered that Vim did not properly perform bounds checks when reading the provided string. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2286) It was discovered that Vim incorrectly handled memory when adding words with a control character to the internal spell word list. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2287) Update Instructions: Run `sudo pro fix USN-6270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.052-1ubuntu3.1+esm11 vim-athena - 2:7.4.052-1ubuntu3.1+esm11 vim-common - 2:7.4.052-1ubuntu3.1+esm11 vim-doc - 2:7.4.052-1ubuntu3.1+esm11 vim-gnome - 2:7.4.052-1ubuntu3.1+esm11 vim-gtk - 2:7.4.052-1ubuntu3.1+esm11 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm11 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm11 vim-nox - 2:7.4.052-1ubuntu3.1+esm11 vim-runtime - 2:7.4.052-1ubuntu3.1+esm11 vim-tiny - 2:7.4.052-1ubuntu3.1+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2182 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2289 Ubuntu 14.04 LTS It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libodbc1 - 2.2.14p2-5ubuntu5+esm1 odbcinst - 2.2.14p2-5ubuntu5+esm1 odbcinst1debian2 - 2.2.14p2-5ubuntu5+esm1 unixodbc - 2.2.14p2-5ubuntu5+esm1 unixodbc-dev - 2.2.14p2-5ubuntu5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-7409 Ubuntu 14.04 LTS It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm. Update Instructions: Run `sudo pro fix USN-6279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:6.6p1-2ubuntu2.13+esm2 openssh-server - 1:6.6p1-2ubuntu2.13+esm2 openssh-sftp-server - 1:6.6p1-2ubuntu2.13+esm2 ssh - 1:6.6p1-2ubuntu2.13+esm2 ssh-askpass-gnome - 1:6.6p1-2ubuntu2.13+esm2 ssh-krb5 - 1:6.6p1-2ubuntu2.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2030275 Ubuntu 14.04 LTS It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-48281) It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-2731) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-2908) It was discovered that LibTIFF incorrectly handled certain file paths. If a user were tricked into specifying certain output paths, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2023-3618) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-25433, CVE-2023-26966) It was discovered that LibTIFF did not properly managed memory when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-26965) It was discovered that LibTIFF contained an arithmetic overflow. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-38288, CVE-2023-38289) Update Instructions: Run `sudo pro fix USN-6290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.3-7ubuntu0.11+esm9 libtiff-opengl - 4.0.3-7ubuntu0.11+esm9 libtiff-tools - 4.0.3-7ubuntu0.11+esm9 libtiff4-dev - 4.0.3-7ubuntu0.11+esm9 libtiff5 - 4.0.3-7ubuntu0.11+esm9 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm9 libtiff5-dev - 4.0.3-7ubuntu0.11+esm9 libtiffxx5 - 4.0.3-7ubuntu0.11+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48281 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-2731 CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-38288 CVE-2023-38289 Ubuntu 14.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2522, CVE-2022-2580, CVE-2022-2817, CVE-2022-2819, CVE-2022-2862, CVE-2022-2889, CVE-2022-2982, CVE-2022-3134) It was discovered that Vim did not properly perform bounds checks in the diff mode in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2598) It was discovered that Vim did not properly perform bounds checks in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2816) It was discovered that Vim incorrectly handled memory when skipping compiled code. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2874) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3016, CVE-2022-3037) It was discovered that Vim incorrectly handled memory when invalid line number on ":for" is ignored. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3099) It was discovered that Vim incorrectly handled memory when passing invalid arguments to the assert_fails() method. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3153) Update Instructions: Run `sudo pro fix USN-6302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.052-1ubuntu3.1+esm12 vim-athena - 2:7.4.052-1ubuntu3.1+esm12 vim-common - 2:7.4.052-1ubuntu3.1+esm12 vim-doc - 2:7.4.052-1ubuntu3.1+esm12 vim-gnome - 2:7.4.052-1ubuntu3.1+esm12 vim-gtk - 2:7.4.052-1ubuntu3.1+esm12 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm12 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm12 vim-nox - 2:7.4.052-1ubuntu3.1+esm12 vim-runtime - 2:7.4.052-1ubuntu3.1+esm12 vim-tiny - 2:7.4.052-1ubuntu3.1+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2522 CVE-2022-2580 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 Ubuntu 14.04 LTS USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6303-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: clamav - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 clamav-base - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 clamav-daemon - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 clamav-docs - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 clamav-freshclam - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 clamav-milter - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 clamav-testfiles - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 libclamav-dev - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 libclamav9 - 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20197 Ubuntu 14.04 LTS Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3567) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1122 - 4.4.0-1122.128 linux-aws-headers-4.4.0-1122 - 4.4.0-1122.128 linux-aws-tools-4.4.0-1122 - 4.4.0-1122.128 linux-buildinfo-4.4.0-1122-aws - 4.4.0-1122.128 linux-cloud-tools-4.4.0-1122-aws - 4.4.0-1122.128 linux-headers-4.4.0-1122-aws - 4.4.0-1122.128 linux-image-4.4.0-1122-aws - 4.4.0-1122.128 linux-modules-4.4.0-1122-aws - 4.4.0-1122.128 linux-tools-4.4.0-1122-aws - 4.4.0-1122.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-buildinfo-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 linux-cloud-tools-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-cloud-tools-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 linux-headers-4.4.0-244 - 4.4.0-244.278~14.04.1 linux-headers-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-headers-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 linux-image-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-image-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 linux-image-unsigned-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-image-unsigned-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-244 - 4.4.0-244.278~14.04.1 linux-lts-xenial-tools-4.4.0-244 - 4.4.0-244.278~14.04.1 linux-modules-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-modules-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 linux-modules-extra-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-tools-4.4.0-244-generic - 4.4.0-244.278~14.04.1 linux-tools-4.4.0-244-lowlatency - 4.4.0-244.278~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1122.119 linux-headers-aws - 4.4.0.1122.119 linux-image-aws - 4.4.0.1122.119 linux-tools-aws - 4.4.0.1122.119 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.244.212 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.244.212 linux-cloud-tools-virtual-lts-xenial - 4.4.0.244.212 linux-generic-lts-xenial - 4.4.0.244.212 linux-headers-generic-lts-xenial - 4.4.0.244.212 linux-headers-lowlatency-lts-xenial - 4.4.0.244.212 linux-headers-virtual-lts-xenial - 4.4.0.244.212 linux-image-extra-virtual-lts-xenial - 4.4.0.244.212 linux-image-generic-lts-xenial - 4.4.0.244.212 linux-image-lowlatency-lts-xenial - 4.4.0.244.212 linux-image-virtual-lts-xenial - 4.4.0.244.212 linux-lowlatency-lts-xenial - 4.4.0.244.212 linux-signed-generic-lts-xenial - 4.4.0.244.212 linux-signed-image-generic-lts-xenial - 4.4.0.244.212 linux-signed-image-lowlatency-lts-xenial - 4.4.0.244.212 linux-signed-lowlatency-lts-xenial - 4.4.0.244.212 linux-tools-generic-lts-xenial - 4.4.0.244.212 linux-tools-lowlatency-lts-xenial - 4.4.0.244.212 linux-tools-virtual-lts-xenial - 4.4.0.244.212 linux-virtual-lts-xenial - 4.4.0.244.212 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3567 CVE-2023-3611 CVE-2023-3776 Ubuntu 14.04 LTS It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32277, CVE-2021-32278, CVE-2023-38857, CVE-2023-38858) It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32276) Update Instructions: Run `sudo pro fix USN-6313-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: faad - 2.7-8+deb8u3ubuntu0.1~esm1 libfaad-dev - 2.7-8+deb8u3ubuntu0.1~esm1 libfaad2 - 2.7-8+deb8u3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32272 CVE-2021-32273 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278 CVE-2023-38857 CVE-2023-38858 Ubuntu 14.04 LTS It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665) It was discovered that elfutils incorrectly handled bounds checks in certain functions when processing malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. (CVE-2020-21047, CVE-2021-33294) Update Instructions: Run `sudo pro fix USN-6322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: elfutils - 0.158-0ubuntu5.3+esm1 libasm-dev - 0.158-0ubuntu5.3+esm1 libasm1 - 0.158-0ubuntu5.3+esm1 libdw-dev - 0.158-0ubuntu5.3+esm1 libdw1 - 0.158-0ubuntu5.3+esm1 libelf-dev - 0.158-0ubuntu5.3+esm1 libelf1 - 0.158-0ubuntu5.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 CVE-2020-21047 CVE-2021-33294 Ubuntu 14.04 LTS It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-6326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-git - 0.3.2~RC1-3ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-40267 Ubuntu 14.04 LTS It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-28831) It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2022-48174) Update Instructions: Run `sudo pro fix USN-6335-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.21.0-1ubuntu1.4+esm1 busybox-initramfs - 1:1.21.0-1ubuntu1.4+esm1 busybox-static - 1:1.21.0-1ubuntu1.4+esm1 busybox-syslogd - 1:1.21.0-1ubuntu1.4+esm1 udhcpc - 1:1.21.0-1ubuntu1.4+esm1 udhcpd - 1:1.21.0-1ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-28831 CVE-2022-48174 Ubuntu 14.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit() function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0458) It was discovered that a use-after-free vulnerability existed in the IEEE 1394 (Firewire) implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3159) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3567) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6341-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-3.13.0-193-generic - 3.13.0-193.244 linux-buildinfo-3.13.0-193-lowlatency - 3.13.0-193.244 linux-cloud-tools-3.13.0-193 - 3.13.0-193.244 linux-cloud-tools-3.13.0-193-generic - 3.13.0-193.244 linux-cloud-tools-3.13.0-193-lowlatency - 3.13.0-193.244 linux-cloud-tools-common - 3.13.0-193.244 linux-doc - 3.13.0-193.244 linux-headers-3.13.0-193 - 3.13.0-193.244 linux-headers-3.13.0-193-generic - 3.13.0-193.244 linux-headers-3.13.0-193-lowlatency - 3.13.0-193.244 linux-image-3.13.0-193-generic - 3.13.0-193.244 linux-image-3.13.0-193-lowlatency - 3.13.0-193.244 linux-image-unsigned-3.13.0-193-generic - 3.13.0-193.244 linux-image-unsigned-3.13.0-193-lowlatency - 3.13.0-193.244 linux-libc-dev - 3.13.0-193.244 linux-modules-3.13.0-193-generic - 3.13.0-193.244 linux-modules-3.13.0-193-lowlatency - 3.13.0-193.244 linux-modules-extra-3.13.0-193-generic - 3.13.0-193.244 linux-source-3.13.0 - 3.13.0-193.244 linux-tools-3.13.0-193 - 3.13.0-193.244 linux-tools-3.13.0-193-generic - 3.13.0-193.244 linux-tools-3.13.0-193-lowlatency - 3.13.0-193.244 linux-tools-common - 3.13.0-193.244 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro hv-kvp-daemon-init - 3.13.0.193.203 linux-cloud-tools-generic - 3.13.0.193.203 linux-cloud-tools-lowlatency - 3.13.0.193.203 linux-cloud-tools-virtual - 3.13.0.193.203 linux-crashdump - 3.13.0.193.203 linux-generic - 3.13.0.193.203 linux-generic-lts-quantal - 3.13.0.193.203 linux-generic-lts-quantal-eol-upgrade - 3.13.0.193.203 linux-generic-lts-raring - 3.13.0.193.203 linux-generic-lts-raring-eol-upgrade - 3.13.0.193.203 linux-generic-lts-saucy - 3.13.0.193.203 linux-generic-lts-saucy-eol-upgrade - 3.13.0.193.203 linux-generic-lts-trusty - 3.13.0.193.203 linux-headers-generic - 3.13.0.193.203 linux-headers-generic-lts-quantal - 3.13.0.193.203 linux-headers-generic-lts-raring - 3.13.0.193.203 linux-headers-generic-lts-saucy - 3.13.0.193.203 linux-headers-generic-lts-trusty - 3.13.0.193.203 linux-headers-lowlatency - 3.13.0.193.203 linux-headers-server - 3.13.0.193.203 linux-headers-virtual - 3.13.0.193.203 linux-hwe-generic-trusty - 3.13.0.193.203 linux-hwe-virtual-trusty - 3.13.0.193.203 linux-image-extra-virtual - 3.13.0.193.203 linux-image-generic - 3.13.0.193.203 linux-image-generic-lts-quantal - 3.13.0.193.203 linux-image-generic-lts-raring - 3.13.0.193.203 linux-image-generic-lts-saucy - 3.13.0.193.203 linux-image-generic-lts-trusty - 3.13.0.193.203 linux-image-hwe-generic-trusty - 3.13.0.193.203 linux-image-hwe-virtual-trusty - 3.13.0.193.203 linux-image-lowlatency - 3.13.0.193.203 linux-image-server - 3.13.0.193.203 linux-image-virtual - 3.13.0.193.203 linux-lowlatency - 3.13.0.193.203 linux-server - 3.13.0.193.203 linux-signed-generic - 3.13.0.193.203 linux-signed-generic-lts-quantal - 3.13.0.193.203 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.193.203 linux-signed-generic-lts-raring - 3.13.0.193.203 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.193.203 linux-signed-generic-lts-saucy - 3.13.0.193.203 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.193.203 linux-signed-generic-lts-trusty - 3.13.0.193.203 linux-signed-image-generic - 3.13.0.193.203 linux-signed-image-generic-lts-quantal - 3.13.0.193.203 linux-signed-image-generic-lts-raring - 3.13.0.193.203 linux-signed-image-generic-lts-saucy - 3.13.0.193.203 linux-signed-image-generic-lts-trusty - 3.13.0.193.203 linux-source - 3.13.0.193.203 linux-tools-generic - 3.13.0.193.203 linux-tools-generic-lts-saucy - 3.13.0.193.203 linux-tools-generic-lts-trusty - 3.13.0.193.203 linux-tools-lowlatency - 3.13.0.193.203 linux-tools-lts-quantal - 3.13.0.193.203 linux-tools-lts-raring - 3.13.0.193.203 linux-tools-lts-saucy - 3.13.0.193.203 linux-tools-lts-trusty - 3.13.0.193.203 linux-tools-virtual - 3.13.0.193.203 linux-virtual - 3.13.0.193.203 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0458 CVE-2023-3159 CVE-2023-3567 CVE-2023-3611 CVE-2023-3776 Ubuntu 14.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6342-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1169 - 4.15.0-1169.184~14.04.1 linux-azure-headers-4.15.0-1169 - 4.15.0-1169.184~14.04.1 linux-azure-tools-4.15.0-1169 - 4.15.0-1169.184~14.04.1 linux-buildinfo-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-cloud-tools-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-headers-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-image-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-image-unsigned-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-modules-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-modules-extra-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 linux-tools-4.15.0-1169-azure - 4.15.0-1169.184~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1169.135 linux-cloud-tools-azure - 4.15.0.1169.135 linux-headers-azure - 4.15.0.1169.135 linux-image-azure - 4.15.0.1169.135 linux-modules-extra-azure - 4.15.0.1169.135 linux-signed-azure - 4.15.0.1169.135 linux-signed-image-azure - 4.15.0.1169.135 linux-tools-azure - 4.15.0.1169.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3611 CVE-2023-3776 Ubuntu 14.04 LTS It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-dev - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-all - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-alsa - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-ao - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-base - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-mp3 - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-oss - 14.4.1-3ubuntu1.1+esm4 libsox-fmt-pulse - 14.4.1-3ubuntu1.1+esm4 libsox2 - 14.4.1-3ubuntu1.1+esm4 sox - 14.4.1-3ubuntu1.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-32627 Ubuntu 14.04 LTS It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure. Update Instructions: Run `sudo pro fix USN-6354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.6-8ubuntu0.6+esm16 libpython2.7 - 2.7.6-8ubuntu0.6+esm16 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm16 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm16 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm16 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm16 python2.7 - 2.7.6-8ubuntu0.6+esm16 python2.7-dev - 2.7.6-8ubuntu0.6+esm16 python2.7-doc - 2.7.6-8ubuntu0.6+esm16 python2.7-examples - 2.7.6-8ubuntu0.6+esm16 python2.7-minimal - 2.7.6-8ubuntu0.6+esm16 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48565 Ubuntu 14.04 LTS USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6360-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: flac - 1.3.0-2ubuntu0.14.04.1+esm2 libflac++-dev - 1.3.0-2ubuntu0.14.04.1+esm2 libflac++6 - 1.3.0-2ubuntu0.14.04.1+esm2 libflac-dev - 1.3.0-2ubuntu0.14.04.1+esm2 libflac-doc - 1.3.0-2ubuntu0.14.04.1+esm2 libflac8 - 1.3.0-2ubuntu0.14.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-22219 Ubuntu 14.04 LTS It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42717) It was discovered that ModSecurity incorrectly handled certain HTTP multipart requests. A remote attacker could possibly use this issue to bypass ModSecurity restrictions. (CVE-2022-48279) It was discovered that ModSecurity incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause a buffer overflow and a firewall failure. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-24021) Update Instructions: Run `sudo pro fix USN-6370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-security2 - 2.7.7-2ubuntu0.1~esm1 libapache2-modsecurity - 2.7.7-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-42717 CVE-2022-48279 CVE-2023-24021 Ubuntu 14.04 LTS It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-6371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh2-1 - 1.4.3-2ubuntu0.2+esm3 libssh2-1-dev - 1.4.3-2ubuntu0.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-22218 Ubuntu 14.04 LTS It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gawk - 1:4.0.1+dfsg-2.1ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4156 Ubuntu 14.04 LTS It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490) It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. (CVE-2020-19726, CVE-2021-46174, CVE-2022-45703) It was discovered that GNU binutils was not properly initializing heap memory when processing certain print instructions. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-35342) It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-44840) It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-47695) Update Instructions: Run `sudo pro fix USN-6381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.24-5ubuntu14.2+esm3 binutils-dev - 2.24-5ubuntu14.2+esm3 binutils-doc - 2.24-5ubuntu14.2+esm3 binutils-multiarch - 2.24-5ubuntu14.2+esm3 binutils-multiarch-dev - 2.24-5ubuntu14.2+esm3 binutils-source - 2.24-5ubuntu14.2+esm3 binutils-static - 2.24-5ubuntu14.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19724 CVE-2020-19726 CVE-2020-21490 CVE-2020-35342 CVE-2021-46174 CVE-2022-44840 CVE-2022-45703 CVE-2022-47695 Ubuntu 14.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) It was discovered that the JFS file system implementation in the Linux kernel did not properly validate memory allocations in certain situations, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious JFS image that, when mounted, could cause a denial of service (system crash). (CVE-2023-4385) It was discovered that the VMware VMXNET3 ethernet driver in the Linux kernel contained a use-after-free vulnerability in certain situations. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4387) It was discovered that the VMware VMXNET3 ethernet driver in the Linux kernel did not properly handle errors in certain situations, leading to a null pointer dereference vulnerability. A local attacker in a guest VM could use this to cause a denial of service (system crash). (CVE-2023-4459) Update Instructions: Run `sudo pro fix USN-6388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1123 - 4.4.0-1123.129 linux-aws-headers-4.4.0-1123 - 4.4.0-1123.129 linux-aws-tools-4.4.0-1123 - 4.4.0-1123.129 linux-buildinfo-4.4.0-1123-aws - 4.4.0-1123.129 linux-cloud-tools-4.4.0-1123-aws - 4.4.0-1123.129 linux-headers-4.4.0-1123-aws - 4.4.0-1123.129 linux-image-4.4.0-1123-aws - 4.4.0-1123.129 linux-modules-4.4.0-1123-aws - 4.4.0-1123.129 linux-tools-4.4.0-1123-aws - 4.4.0-1123.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-buildinfo-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 linux-cloud-tools-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-cloud-tools-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 linux-headers-4.4.0-245 - 4.4.0-245.279~14.04.1 linux-headers-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-headers-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 linux-image-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-image-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 linux-image-unsigned-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-image-unsigned-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-245 - 4.4.0-245.279~14.04.1 linux-lts-xenial-tools-4.4.0-245 - 4.4.0-245.279~14.04.1 linux-modules-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-modules-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 linux-modules-extra-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-tools-4.4.0-245-generic - 4.4.0-245.279~14.04.1 linux-tools-4.4.0-245-lowlatency - 4.4.0-245.279~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1123.120 linux-headers-aws - 4.4.0.1123.120 linux-image-aws - 4.4.0.1123.120 linux-tools-aws - 4.4.0.1123.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.245.213 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.245.213 linux-cloud-tools-virtual-lts-xenial - 4.4.0.245.213 linux-generic-lts-xenial - 4.4.0.245.213 linux-headers-generic-lts-xenial - 4.4.0.245.213 linux-headers-lowlatency-lts-xenial - 4.4.0.245.213 linux-headers-virtual-lts-xenial - 4.4.0.245.213 linux-image-extra-virtual-lts-xenial - 4.4.0.245.213 linux-image-generic-lts-xenial - 4.4.0.245.213 linux-image-lowlatency-lts-xenial - 4.4.0.245.213 linux-image-virtual-lts-xenial - 4.4.0.245.213 linux-lowlatency-lts-xenial - 4.4.0.245.213 linux-signed-generic-lts-xenial - 4.4.0.245.213 linux-signed-image-generic-lts-xenial - 4.4.0.245.213 linux-signed-image-lowlatency-lts-xenial - 4.4.0.245.213 linux-signed-lowlatency-lts-xenial - 4.4.0.245.213 linux-tools-generic-lts-xenial - 4.4.0.245.213 linux-tools-lowlatency-lts-xenial - 4.4.0.245.213 linux-tools-virtual-lts-xenial - 4.4.0.245.213 linux-virtual-lts-xenial - 4.4.0.245.213 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-40982 CVE-2023-3212 CVE-2023-32269 CVE-2023-3863 CVE-2023-40283 CVE-2023-4385 CVE-2023-4387 CVE-2023-4459 Ubuntu 14.04 LTS It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-6393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.7.7.10-6ubuntu3.13+esm6 imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm6 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13+esm6 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13+esm6 libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm6 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13+esm6 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm6 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm6 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13+esm6 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm6 perlmagick - 8:6.7.7.10-6ubuntu3.13+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-48541 Ubuntu 14.04 LTS USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6394-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.6-8ubuntu0.6+esm17 libpython2.7 - 2.7.6-8ubuntu0.6+esm17 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm17 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm17 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm17 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm17 python2.7 - 2.7.6-8ubuntu0.6+esm17 python2.7-dev - 2.7.6-8ubuntu0.6+esm17 python2.7-doc - 2.7.6-8ubuntu0.6+esm17 python2.7-examples - 2.7.6-8ubuntu0.6+esm17 python2.7-minimal - 2.7.6-8ubuntu0.6+esm17 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48560 Ubuntu 14.04 LTS It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Update Instructions: Run `sudo pro fix USN-6396-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1170 - 4.15.0-1170.185~14.04.1 linux-azure-headers-4.15.0-1170 - 4.15.0-1170.185~14.04.1 linux-azure-tools-4.15.0-1170 - 4.15.0-1170.185~14.04.1 linux-buildinfo-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-cloud-tools-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-headers-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-image-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-image-unsigned-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-modules-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-modules-extra-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 linux-tools-4.15.0-1170-azure - 4.15.0-1170.185~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1170.136 linux-cloud-tools-azure - 4.15.0.1170.136 linux-headers-azure - 4.15.0.1170.136 linux-image-azure - 4.15.0.1170.136 linux-modules-extra-azure - 4.15.0.1170.136 linux-signed-azure - 4.15.0.1170.136 linux-signed-image-azure - 4.15.0.1170.136 linux-tools-azure - 4.15.0.1170.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-27672 CVE-2022-40982 CVE-2023-3212 CVE-2023-3863 CVE-2023-40283 Ubuntu 14.04 LTS USN-6407-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-43785) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libx11 to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Update Instructions: Run `sudo pro fix USN-6407-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.2-1ubuntu2.1+esm5 libx11-data - 2:1.6.2-1ubuntu2.1+esm5 libx11-dev - 2:1.6.2-1ubuntu2.1+esm5 libx11-doc - 2:1.6.2-1ubuntu2.1+esm5 libx11-xcb-dev - 2:1.6.2-1ubuntu2.1+esm5 libx11-xcb1 - 2:1.6.2-1ubuntu2.1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 Ubuntu 14.04 LTS USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Alan Coopersmith discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to cause libXpm to crash, leading to a denial of service. (CVE-2023-43788, CVE-2023-43789) Update Instructions: Run `sudo pro fix USN-6408-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxpm-dev - 1:3.5.10-1ubuntu0.1+esm2 libxpm4 - 1:3.5.10-1ubuntu0.1+esm2 xpmutils - 1:3.5.10-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789 Ubuntu 14.04 LTS It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds reads, resulting in information leakage. (CVE-2023-42114) It was discovered that Exim incorrectly handled validation of user-supplied data. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-42115) It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. (CVE-2023-42116) Update Instructions: Run `sudo pro fix USN-6411-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.82-3ubuntu2.4+esm6 exim4-base - 4.82-3ubuntu2.4+esm6 exim4-config - 4.82-3ubuntu2.4+esm6 exim4-daemon-heavy - 4.82-3ubuntu2.4+esm6 exim4-daemon-light - 4.82-3ubuntu2.4+esm6 exim4-dev - 4.82-3ubuntu2.4+esm6 eximon4 - 4.82-3ubuntu2.4+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 Ubuntu 14.04 LTS It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-17122, CVE-2017-8421) It was discovered that GNU binutils was not properly performing bounds checks when processing debug sections with objdump, which could lead to an overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-20671, CVE-2018-6543) It was discovered that GNU binutils contained a reachable assertion, which could lead to an intentional assertion failure when processing certain crafted DWARF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-35205) It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could lead to excessive memory consumption due to memory leaks. An attacker could possibly use these issues to cause a denial of service. (CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011) It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-48063) Update Instructions: Run `sudo pro fix USN-6413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.24-5ubuntu14.2+esm5 binutils-dev - 2.24-5ubuntu14.2+esm5 binutils-doc - 2.24-5ubuntu14.2+esm5 binutils-multiarch - 2.24-5ubuntu14.2+esm5 binutils-multiarch-dev - 2.24-5ubuntu14.2+esm5 binutils-source - 2.24-5ubuntu14.2+esm5 binutils-static - 2.24-5ubuntu14.2+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17122 CVE-2017-8421 CVE-2018-20671 CVE-2018-6543 CVE-2022-35205 CVE-2022-47007 CVE-2022-47008 CVE-2022-47010 CVE-2022-47011 CVE-2022-48063 Ubuntu 14.04 LTS Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103) Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-41182, CVE-2021-41183) It was discovered that jQuery UI did not properly validate values from untrusted sources. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-41184) It was discovered that the jQuery UI checkboxradio widget did not properly decode certain values from HTML entities. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-31160) Update Instructions: Run `sudo pro fix USN-6419-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-jquery-ui - 1.10.1+dfsg-1ubuntu0.14.04.1~esm1 libjs-jquery-ui-docs - 1.10.1+dfsg-1ubuntu0.14.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-7103 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160 Ubuntu 14.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278, CVE-2022-3297, CVE-2022-3491) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3352, CVE-2022-4292) It was discovered that Vim incorrectly handled memory when replacing in virtualedit mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234) It was discovered that Vim incorrectly handled memory when autocmd changes mark. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3256) It was discovered that Vim did not properly perform checks on array index with negative width window. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-3324) It was discovered that Vim did not properly perform checks on a put command column with a visual block. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3520) It was discovered that Vim incorrectly handled memory when using autocommand to open a window. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3591) It was discovered that Vim incorrectly handled memory when updating buffer of the component autocmd handler. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3705) It was discovered that Vim incorrectly handled floating point comparison with incorrect operator. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu 22.04 LTS. (CVE-2022-4293) Update Instructions: Run `sudo pro fix USN-6420-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.052-1ubuntu3.1+esm13 vim-athena - 2:7.4.052-1ubuntu3.1+esm13 vim-common - 2:7.4.052-1ubuntu3.1+esm13 vim-doc - 2:7.4.052-1ubuntu3.1+esm13 vim-gnome - 2:7.4.052-1ubuntu3.1+esm13 vim-gtk - 2:7.4.052-1ubuntu3.1+esm13 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm13 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm13 vim-nox - 2:7.4.052-1ubuntu3.1+esm13 vim-runtime - 2:7.4.052-1ubuntu3.1+esm13 vim-tiny - 2:7.4.052-1ubuntu3.1+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3234 CVE-2022-3235 CVE-2022-3256 CVE-2022-3278 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4292 CVE-2022-4293 Ubuntu 14.04 LTS It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm11 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm11 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm11 dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm11 host - 1:9.9.5.dfsg-3ubuntu0.19+esm11 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm11 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm11 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3341 Ubuntu 14.04 LTS It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.3-7ubuntu0.11+esm10 libtiff-opengl - 4.0.3-7ubuntu0.11+esm10 libtiff-tools - 4.0.3-7ubuntu0.11+esm10 libtiff4-dev - 4.0.3-7ubuntu0.11+esm10 libtiff5 - 4.0.3-7ubuntu0.11+esm10 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm10 libtiff5-dev - 4.0.3-7ubuntu0.11+esm10 libtiffxx5 - 4.0.3-7ubuntu0.11+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-1916 Ubuntu 14.04 LTS USN-6429-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections. (CVE-2023-38546) Update Instructions: Run `sudo pro fix USN-6429-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.35.0-1ubuntu2.20+esm17 libcurl3 - 7.35.0-1ubuntu2.20+esm17 libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm17 libcurl3-nss - 7.35.0-1ubuntu2.20+esm17 libcurl4-doc - 7.35.0-1ubuntu2.20+esm17 libcurl4-gnutls-dev - 7.35.0-1ubuntu2.20+esm17 libcurl4-nss-dev - 7.35.0-1ubuntu2.20+esm17 libcurl4-openssl-dev - 7.35.0-1ubuntu2.20+esm17 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-38546 Ubuntu 14.04 LTS It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6439-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-buildinfo-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 linux-cloud-tools-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-cloud-tools-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 linux-headers-4.4.0-246 - 4.4.0-246.280~14.04.1 linux-headers-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-headers-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 linux-image-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-image-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 linux-image-unsigned-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-image-unsigned-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-246 - 4.4.0-246.280~14.04.1 linux-lts-xenial-tools-4.4.0-246 - 4.4.0-246.280~14.04.1 linux-modules-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-modules-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 linux-modules-extra-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-tools-4.4.0-246-generic - 4.4.0-246.280~14.04.1 linux-tools-4.4.0-246-lowlatency - 4.4.0-246.280~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.246.214 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.246.214 linux-cloud-tools-virtual-lts-xenial - 4.4.0.246.214 linux-generic-lts-xenial - 4.4.0.246.214 linux-headers-generic-lts-xenial - 4.4.0.246.214 linux-headers-lowlatency-lts-xenial - 4.4.0.246.214 linux-headers-virtual-lts-xenial - 4.4.0.246.214 linux-image-extra-virtual-lts-xenial - 4.4.0.246.214 linux-image-generic-lts-xenial - 4.4.0.246.214 linux-image-lowlatency-lts-xenial - 4.4.0.246.214 linux-image-virtual-lts-xenial - 4.4.0.246.214 linux-lowlatency-lts-xenial - 4.4.0.246.214 linux-signed-generic-lts-xenial - 4.4.0.246.214 linux-signed-image-generic-lts-xenial - 4.4.0.246.214 linux-signed-image-lowlatency-lts-xenial - 4.4.0.246.214 linux-signed-lowlatency-lts-xenial - 4.4.0.246.214 linux-tools-generic-lts-xenial - 4.4.0.246.214 linux-tools-lowlatency-lts-xenial - 4.4.0.246.214 linux-tools-virtual-lts-xenial - 4.4.0.246.214 linux-virtual-lts-xenial - 4.4.0.246.214 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 14.04 LTS It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6439-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1124 - 4.4.0-1124.130 linux-aws-headers-4.4.0-1124 - 4.4.0-1124.130 linux-aws-tools-4.4.0-1124 - 4.4.0-1124.130 linux-buildinfo-4.4.0-1124-aws - 4.4.0-1124.130 linux-cloud-tools-4.4.0-1124-aws - 4.4.0-1124.130 linux-headers-4.4.0-1124-aws - 4.4.0-1124.130 linux-image-4.4.0-1124-aws - 4.4.0-1124.130 linux-modules-4.4.0-1124-aws - 4.4.0-1124.130 linux-tools-4.4.0-1124-aws - 4.4.0-1124.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1124.121 linux-headers-aws - 4.4.0.1124.121 linux-image-aws - 4.4.0.1124.121 linux-tools-aws - 4.4.0.1124.121 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 14.04 LTS Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6440-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1171 - 4.15.0-1171.186~14.04.1 linux-azure-headers-4.15.0-1171 - 4.15.0-1171.186~14.04.1 linux-azure-tools-4.15.0-1171 - 4.15.0-1171.186~14.04.1 linux-buildinfo-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-cloud-tools-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-headers-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-image-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-image-unsigned-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-modules-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-modules-extra-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 linux-tools-4.15.0-1171-azure - 4.15.0-1171.186~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1171.137 linux-cloud-tools-azure - 4.15.0.1171.137 linux-headers-azure - 4.15.0.1171.137 linux-image-azure - 4.15.0.1171.137 linux-modules-extra-azure - 4.15.0.1171.137 linux-signed-azure - 4.15.0.1171.137 linux-signed-image-azure - 4.15.0.1171.137 linux-tools-azure - 4.15.0.1171.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0597 CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 14.04 LTS It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib32ncurses5 - 5.9+20140118-1ubuntu1+esm4 lib32ncurses5-dev - 5.9+20140118-1ubuntu1+esm4 lib32ncursesw5 - 5.9+20140118-1ubuntu1+esm4 lib32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm4 lib32tinfo-dev - 5.9+20140118-1ubuntu1+esm4 lib32tinfo5 - 5.9+20140118-1ubuntu1+esm4 lib64ncurses5 - 5.9+20140118-1ubuntu1+esm4 lib64ncurses5-dev - 5.9+20140118-1ubuntu1+esm4 lib64tinfo5 - 5.9+20140118-1ubuntu1+esm4 libncurses5 - 5.9+20140118-1ubuntu1+esm4 libncurses5-dev - 5.9+20140118-1ubuntu1+esm4 libncursesw5 - 5.9+20140118-1ubuntu1+esm4 libncursesw5-dev - 5.9+20140118-1ubuntu1+esm4 libtinfo-dev - 5.9+20140118-1ubuntu1+esm4 libtinfo5 - 5.9+20140118-1ubuntu1+esm4 libx32ncurses5 - 5.9+20140118-1ubuntu1+esm4 libx32ncurses5-dev - 5.9+20140118-1ubuntu1+esm4 libx32ncursesw5 - 5.9+20140118-1ubuntu1+esm4 libx32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm4 libx32tinfo-dev - 5.9+20140118-1ubuntu1+esm4 libx32tinfo5 - 5.9+20140118-1ubuntu1+esm4 ncurses-base - 5.9+20140118-1ubuntu1+esm4 ncurses-bin - 5.9+20140118-1ubuntu1+esm4 ncurses-doc - 5.9+20140118-1ubuntu1+esm4 ncurses-examples - 5.9+20140118-1ubuntu1+esm4 ncurses-term - 5.9+20140118-1ubuntu1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19189 Ubuntu 14.04 LTS It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-3896) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4733, CVE-2023-4750) It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4734) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4735, CVE-2023-5344) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-4738) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-4751) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4752, CVE-2023-5535) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4781) It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-5441) Update Instructions: Run `sudo pro fix USN-6452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.052-1ubuntu3.1+esm14 vim-athena - 2:7.4.052-1ubuntu3.1+esm14 vim-common - 2:7.4.052-1ubuntu3.1+esm14 vim-doc - 2:7.4.052-1ubuntu3.1+esm14 vim-gnome - 2:7.4.052-1ubuntu3.1+esm14 vim-gtk - 2:7.4.052-1ubuntu3.1+esm14 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm14 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm14 vim-nox - 2:7.4.052-1ubuntu3.1+esm14 vim-runtime - 2:7.4.052-1ubuntu3.1+esm14 vim-tiny - 2:7.4.052-1ubuntu3.1+esm14 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3896 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4751 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 Ubuntu 14.04 LTS USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5367) Sri discovered that the X.Org X Server incorrectly handled detroying windows in certain legacy multi-screen setups. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5380) Update Instructions: Run `sudo pro fix USN-6453-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.15.1-0ubuntu2.11+esm8 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm8 xnest - 2:1.15.1-0ubuntu2.11+esm8 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm8 xserver-common - 2:1.15.1-0ubuntu2.11+esm8 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm8 xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm8 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm8 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm8 xvfb - 2:1.15.1-0ubuntu2.11+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5367 CVE-2023-5380 Ubuntu 14.04 LTS It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119) Update Instructions: Run `sudo pro fix USN-6455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.82-3ubuntu2.4+esm7 exim4-base - 4.82-3ubuntu2.4+esm7 exim4-config - 4.82-3ubuntu2.4+esm7 exim4-daemon-heavy - 4.82-3ubuntu2.4+esm7 exim4-daemon-light - 4.82-3ubuntu2.4+esm7 exim4-dev - 4.82-3ubuntu2.4+esm7 eximon4 - 4.82-3ubuntu2.4+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-42117 CVE-2023-42119 Ubuntu 14.04 LTS It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Update Instructions: Run `sudo pro fix USN-6460-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-3.13.0-194-generic - 3.13.0-194.245 linux-buildinfo-3.13.0-194-lowlatency - 3.13.0-194.245 linux-cloud-tools-3.13.0-194 - 3.13.0-194.245 linux-cloud-tools-3.13.0-194-generic - 3.13.0-194.245 linux-cloud-tools-3.13.0-194-lowlatency - 3.13.0-194.245 linux-cloud-tools-common - 3.13.0-194.245 linux-doc - 3.13.0-194.245 linux-headers-3.13.0-194 - 3.13.0-194.245 linux-headers-3.13.0-194-generic - 3.13.0-194.245 linux-headers-3.13.0-194-lowlatency - 3.13.0-194.245 linux-image-3.13.0-194-generic - 3.13.0-194.245 linux-image-3.13.0-194-lowlatency - 3.13.0-194.245 linux-image-unsigned-3.13.0-194-generic - 3.13.0-194.245 linux-image-unsigned-3.13.0-194-lowlatency - 3.13.0-194.245 linux-libc-dev - 3.13.0-194.245 linux-modules-3.13.0-194-generic - 3.13.0-194.245 linux-modules-3.13.0-194-lowlatency - 3.13.0-194.245 linux-modules-extra-3.13.0-194-generic - 3.13.0-194.245 linux-source-3.13.0 - 3.13.0-194.245 linux-tools-3.13.0-194 - 3.13.0-194.245 linux-tools-3.13.0-194-generic - 3.13.0-194.245 linux-tools-3.13.0-194-lowlatency - 3.13.0-194.245 linux-tools-common - 3.13.0-194.245 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro hv-kvp-daemon-init - 3.13.0.194.204 linux-cloud-tools-generic - 3.13.0.194.204 linux-cloud-tools-lowlatency - 3.13.0.194.204 linux-cloud-tools-virtual - 3.13.0.194.204 linux-crashdump - 3.13.0.194.204 linux-generic - 3.13.0.194.204 linux-generic-lts-quantal - 3.13.0.194.204 linux-generic-lts-quantal-eol-upgrade - 3.13.0.194.204 linux-generic-lts-raring - 3.13.0.194.204 linux-generic-lts-raring-eol-upgrade - 3.13.0.194.204 linux-generic-lts-saucy - 3.13.0.194.204 linux-generic-lts-saucy-eol-upgrade - 3.13.0.194.204 linux-generic-lts-trusty - 3.13.0.194.204 linux-headers-generic - 3.13.0.194.204 linux-headers-generic-lts-quantal - 3.13.0.194.204 linux-headers-generic-lts-raring - 3.13.0.194.204 linux-headers-generic-lts-saucy - 3.13.0.194.204 linux-headers-generic-lts-trusty - 3.13.0.194.204 linux-headers-lowlatency - 3.13.0.194.204 linux-headers-server - 3.13.0.194.204 linux-headers-virtual - 3.13.0.194.204 linux-hwe-generic-trusty - 3.13.0.194.204 linux-hwe-virtual-trusty - 3.13.0.194.204 linux-image-extra-virtual - 3.13.0.194.204 linux-image-generic - 3.13.0.194.204 linux-image-generic-lts-quantal - 3.13.0.194.204 linux-image-generic-lts-raring - 3.13.0.194.204 linux-image-generic-lts-saucy - 3.13.0.194.204 linux-image-generic-lts-trusty - 3.13.0.194.204 linux-image-hwe-generic-trusty - 3.13.0.194.204 linux-image-hwe-virtual-trusty - 3.13.0.194.204 linux-image-lowlatency - 3.13.0.194.204 linux-image-server - 3.13.0.194.204 linux-image-virtual - 3.13.0.194.204 linux-lowlatency - 3.13.0.194.204 linux-server - 3.13.0.194.204 linux-signed-generic - 3.13.0.194.204 linux-signed-generic-lts-quantal - 3.13.0.194.204 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.194.204 linux-signed-generic-lts-raring - 3.13.0.194.204 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.194.204 linux-signed-generic-lts-saucy - 3.13.0.194.204 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.194.204 linux-signed-generic-lts-trusty - 3.13.0.194.204 linux-signed-image-generic - 3.13.0.194.204 linux-signed-image-generic-lts-quantal - 3.13.0.194.204 linux-signed-image-generic-lts-raring - 3.13.0.194.204 linux-signed-image-generic-lts-saucy - 3.13.0.194.204 linux-signed-image-generic-lts-trusty - 3.13.0.194.204 linux-source - 3.13.0.194.204 linux-tools-generic - 3.13.0.194.204 linux-tools-generic-lts-saucy - 3.13.0.194.204 linux-tools-generic-lts-trusty - 3.13.0.194.204 linux-tools-lowlatency - 3.13.0.194.204 linux-tools-lts-quantal - 3.13.0.194.204 linux-tools-lts-raring - 3.13.0.194.204 linux-tools-lts-saucy - 3.13.0.194.204 linux-tools-lts-trusty - 3.13.0.194.204 linux-tools-virtual - 3.13.0.194.204 linux-virtual - 3.13.0.194.204 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1206 CVE-2023-1380 CVE-2023-31436 CVE-2023-35001 CVE-2023-42752 CVE-2023-42755 CVE-2023-4623 Ubuntu 14.04 LTS Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing of uninitialized memory. An authenticated remote attacker could possibly use this issue to cause kadmind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: krb5-admin-server - 1.12+dfsg-2ubuntu5.4+esm4 krb5-doc - 1.12+dfsg-2ubuntu5.4+esm4 krb5-gss-samples - 1.12+dfsg-2ubuntu5.4+esm4 krb5-kdc - 1.12+dfsg-2ubuntu5.4+esm4 krb5-kdc-ldap - 1.12+dfsg-2ubuntu5.4+esm4 krb5-locales - 1.12+dfsg-2ubuntu5.4+esm4 krb5-multidev - 1.12+dfsg-2ubuntu5.4+esm4 krb5-otp - 1.12+dfsg-2ubuntu5.4+esm4 krb5-pkinit - 1.12+dfsg-2ubuntu5.4+esm4 krb5-user - 1.12+dfsg-2ubuntu5.4+esm4 libgssapi-krb5-2 - 1.12+dfsg-2ubuntu5.4+esm4 libgssrpc4 - 1.12+dfsg-2ubuntu5.4+esm4 libk5crypto3 - 1.12+dfsg-2ubuntu5.4+esm4 libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu5.4+esm4 libkadm5srv-mit8 - 1.12+dfsg-2ubuntu5.4+esm4 libkadm5srv-mit9 - 1.12+dfsg-2ubuntu5.4+esm4 libkdb5-7 - 1.12+dfsg-2ubuntu5.4+esm4 libkrad-dev - 1.12+dfsg-2ubuntu5.4+esm4 libkrad0 - 1.12+dfsg-2ubuntu5.4+esm4 libkrb5-3 - 1.12+dfsg-2ubuntu5.4+esm4 libkrb5-dev - 1.12+dfsg-2ubuntu5.4+esm4 libkrb5support0 - 1.12+dfsg-2ubuntu5.4+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-36054 Ubuntu 14.04 LTS Ashley Newson discovered that xrdp incorrectly handled memory when processing certain incoming connections. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xrdp - 0.6.0-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-4044 Ubuntu 14.04 LTS It was discovered that libsndfile contained multiple arithmetic overflows. If a user or automated system were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-7ubuntu2.2+esm3 libsndfile1-dev - 1.0.25-7ubuntu2.2+esm3 sndfile-programs - 1.0.25-7ubuntu2.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-33065 Ubuntu 14.04 LTS It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822) It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM. (CVE-2023-40184) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23478) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613) Update Instructions: Run `sudo pro fix USN-6474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xrdp - 0.6.0-1ubuntu0.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493 CVE-2022-23613 CVE-2023-40184 CVE-2023-42822 Ubuntu 14.04 LTS It was discovered that Traceroute did not properly parse command line arguments. An attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-6478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: traceroute - 1:2.0.20-0ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46316 Ubuntu 14.04 LTS Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473) Update Instructions: Run `sudo pro fix USN-6487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.6.31-4ubuntu1.3+esm3 avahi-daemon - 0.6.31-4ubuntu1.3+esm3 avahi-discover - 0.6.31-4ubuntu1.3+esm3 avahi-dnsconfd - 0.6.31-4ubuntu1.3+esm3 avahi-ui-utils - 0.6.31-4ubuntu1.3+esm3 avahi-utils - 0.6.31-4ubuntu1.3+esm3 libavahi-client-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-client3 - 0.6.31-4ubuntu1.3+esm3 libavahi-common-data - 0.6.31-4ubuntu1.3+esm3 libavahi-common-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-common3 - 0.6.31-4ubuntu1.3+esm3 libavahi-compat-libdnssd-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-compat-libdnssd1 - 0.6.31-4ubuntu1.3+esm3 libavahi-core-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-core7 - 0.6.31-4ubuntu1.3+esm3 libavahi-glib-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-glib1 - 0.6.31-4ubuntu1.3+esm3 libavahi-gobject-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-gobject0 - 0.6.31-4ubuntu1.3+esm3 libavahi-qt4-1 - 0.6.31-4ubuntu1.3+esm3 libavahi-qt4-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-ui-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-ui-gtk3-0 - 0.6.31-4ubuntu1.3+esm3 libavahi-ui-gtk3-dev - 0.6.31-4ubuntu1.3+esm3 libavahi-ui0 - 0.6.31-4ubuntu1.3+esm3 python-avahi - 0.6.31-4ubuntu1.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 Ubuntu 14.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6494-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1172 - 4.15.0-1172.187~14.04.1 linux-azure-headers-4.15.0-1172 - 4.15.0-1172.187~14.04.1 linux-azure-tools-4.15.0-1172 - 4.15.0-1172.187~14.04.1 linux-buildinfo-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-cloud-tools-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-headers-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-image-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-image-unsigned-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-modules-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-modules-extra-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 linux-tools-4.15.0-1172-azure - 4.15.0-1172.187~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1172.138 linux-cloud-tools-azure - 4.15.0.1172.138 linux-headers-azure - 4.15.0.1172.138 linux-image-azure - 4.15.0.1172.138 linux-modules-extra-azure - 4.15.0.1172.138 linux-signed-azure - 4.15.0.1172.138 linux-signed-image-azure - 4.15.0.1172.138 linux-tools-azure - 4.15.0.1172.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 14.04 LTS David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-macro - 1:2.4.7-1ubuntu4.22+esm9 libapache2-mod-proxy-html - 1:2.4.7-1ubuntu4.22+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro apache2 - 2.4.7-1ubuntu4.22+esm9 apache2-bin - 2.4.7-1ubuntu4.22+esm9 apache2-data - 2.4.7-1ubuntu4.22+esm9 apache2-dev - 2.4.7-1ubuntu4.22+esm9 apache2-doc - 2.4.7-1ubuntu4.22+esm9 apache2-mpm-event - 2.4.7-1ubuntu4.22+esm9 apache2-mpm-itk - 2.4.7-1ubuntu4.22+esm9 apache2-mpm-prefork - 2.4.7-1ubuntu4.22+esm9 apache2-mpm-worker - 2.4.7-1ubuntu4.22+esm9 apache2-suexec - 2.4.7-1ubuntu4.22+esm9 apache2-suexec-custom - 2.4.7-1ubuntu4.22+esm9 apache2-suexec-pristine - 2.4.7-1ubuntu4.22+esm9 apache2-utils - 2.4.7-1ubuntu4.22+esm9 apache2.2-bin - 2.4.7-1ubuntu4.22+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-31122 Ubuntu 14.04 LTS It was discovered that LibTIFF could be made to run into an infinite loop. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-40090) It was discovered that LibTIFF could be made leak memory. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-3576) Update Instructions: Run `sudo pro fix USN-6512-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.3-7ubuntu0.11+esm11 libtiff-opengl - 4.0.3-7ubuntu0.11+esm11 libtiff-tools - 4.0.3-7ubuntu0.11+esm11 libtiff4-dev - 4.0.3-7ubuntu0.11+esm11 libtiff5 - 4.0.3-7ubuntu0.11+esm11 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm11 libtiff5-dev - 4.0.3-7ubuntu0.11+esm11 libtiffxx5 - 4.0.3-7ubuntu0.11+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40090 CVE-2023-3576 Ubuntu 14.04 LTS It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2022-48564) It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217) Update Instructions: Run `sudo pro fix USN-6513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.6-8ubuntu0.6+esm18 libpython2.7 - 2.7.6-8ubuntu0.6+esm18 libpython2.7-dev - 2.7.6-8ubuntu0.6+esm18 libpython2.7-minimal - 2.7.6-8ubuntu0.6+esm18 libpython2.7-stdlib - 2.7.6-8ubuntu0.6+esm18 libpython2.7-testsuite - 2.7.6-8ubuntu0.6+esm18 python2.7 - 2.7.6-8ubuntu0.6+esm18 python2.7-dev - 2.7.6-8ubuntu0.6+esm18 python2.7-doc - 2.7.6-8ubuntu0.6+esm18 python2.7-examples - 2.7.6-8ubuntu0.6+esm18 python2.7-minimal - 2.7.6-8ubuntu0.6+esm18 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48564 CVE-2023-40217 Ubuntu 14.04 LTS Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. (CVE-2022-24834) SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash. (CVE-2022-35977) Tom Levy discovered that Redis incorrectly handled crafted string matching patterns. An attacker could possibly use this issue to cause Redis to hang, resulting in a denial of service. (CVE-2022-36021) Yupeng Yang discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, resulting in a denial of service via an application crash. (CVE-2023-25155) It was discovered that Redis incorrectly handled a specially crafted command. An attacker could possibly use this issue to create an invalid hash field, which could potentially cause Redis to crash on future access. (CVE-2023-28856) Alexander Aleksandrovič Klimov discovered that Redis incorrectly listened to a Unix socket before setting proper permissions. A local attacker could possibly use this issue to connect, bypassing intended permissions. (CVE-2023-45145) Update Instructions: Run `sudo pro fix USN-6531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-server - 2:2.8.4-2ubuntu0.2+esm3 redis-tools - 2:2.8.4-2ubuntu0.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-24834 CVE-2022-35977 CVE-2022-36021 CVE-2023-25155 CVE-2023-28856 CVE-2023-45145 Ubuntu 14.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1125 - 4.4.0-1125.131 linux-aws-headers-4.4.0-1125 - 4.4.0-1125.131 linux-aws-tools-4.4.0-1125 - 4.4.0-1125.131 linux-buildinfo-4.4.0-1125-aws - 4.4.0-1125.131 linux-cloud-tools-4.4.0-1125-aws - 4.4.0-1125.131 linux-headers-4.4.0-1125-aws - 4.4.0-1125.131 linux-image-4.4.0-1125-aws - 4.4.0-1125.131 linux-modules-4.4.0-1125-aws - 4.4.0-1125.131 linux-tools-4.4.0-1125-aws - 4.4.0-1125.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-buildinfo-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 linux-cloud-tools-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-cloud-tools-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 linux-headers-4.4.0-248 - 4.4.0-248.282~14.04.1 linux-headers-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-headers-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 linux-image-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-image-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 linux-image-unsigned-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-image-unsigned-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-248 - 4.4.0-248.282~14.04.1 linux-lts-xenial-tools-4.4.0-248 - 4.4.0-248.282~14.04.1 linux-modules-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-modules-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 linux-modules-extra-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-tools-4.4.0-248-generic - 4.4.0-248.282~14.04.1 linux-tools-4.4.0-248-lowlatency - 4.4.0-248.282~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1125.122 linux-headers-aws - 4.4.0.1125.122 linux-image-aws - 4.4.0.1125.122 linux-tools-aws - 4.4.0.1125.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.248.215 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.248.215 linux-cloud-tools-virtual-lts-xenial - 4.4.0.248.215 linux-generic-lts-xenial - 4.4.0.248.215 linux-headers-generic-lts-xenial - 4.4.0.248.215 linux-headers-lowlatency-lts-xenial - 4.4.0.248.215 linux-headers-virtual-lts-xenial - 4.4.0.248.215 linux-image-extra-virtual-lts-xenial - 4.4.0.248.215 linux-image-generic-lts-xenial - 4.4.0.248.215 linux-image-lowlatency-lts-xenial - 4.4.0.248.215 linux-image-virtual-lts-xenial - 4.4.0.248.215 linux-lowlatency-lts-xenial - 4.4.0.248.215 linux-signed-generic-lts-xenial - 4.4.0.248.215 linux-signed-image-generic-lts-xenial - 4.4.0.248.215 linux-signed-image-lowlatency-lts-xenial - 4.4.0.248.215 linux-signed-lowlatency-lts-xenial - 4.4.0.248.215 linux-tools-generic-lts-xenial - 4.4.0.248.215 linux-tools-lowlatency-lts-xenial - 4.4.0.248.215 linux-tools-virtual-lts-xenial - 4.4.0.248.215 linux-virtual-lts-xenial - 4.4.0.248.215 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 14.04 LTS It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar - 1.27.1-1ubuntu0.1+esm4 tar-scripts - 1.27.1-1ubuntu0.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-39804 Ubuntu 14.04 LTS It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-38533) It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-4285, CVE-2020-19726, CVE-2021-46174) It was discovered that GNU binutils contained a reachable assertion, which could lead to an intentional assertion failure when processing certain crafted DWARF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-35205) Update Instructions: Run `sudo pro fix USN-6544-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.24-5ubuntu14.2+esm6 binutils-dev - 2.24-5ubuntu14.2+esm6 binutils-doc - 2.24-5ubuntu14.2+esm6 binutils-multiarch - 2.24-5ubuntu14.2+esm6 binutils-multiarch-dev - 2.24-5ubuntu14.2+esm6 binutils-source - 2.24-5ubuntu14.2+esm6 binutils-static - 2.24-5ubuntu14.2+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19726 CVE-2021-46174 CVE-2022-35205 CVE-2022-38533 CVE-2022-4285 Ubuntu 14.04 LTS It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725) It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771) It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000) It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231) It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232) It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237) It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706) Update Instructions: Run `sudo pro fix USN-6557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.052-1ubuntu3.1+esm15 vim-athena - 2:7.4.052-1ubuntu3.1+esm15 vim-common - 2:7.4.052-1ubuntu3.1+esm15 vim-doc - 2:7.4.052-1ubuntu3.1+esm15 vim-gnome - 2:7.4.052-1ubuntu3.1+esm15 vim-gtk - 2:7.4.052-1ubuntu3.1+esm15 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm15 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm15 vim-nox - 2:7.4.052-1ubuntu3.1+esm15 vim-runtime - 2:7.4.052-1ubuntu3.1+esm15 vim-tiny - 2:7.4.052-1ubuntu3.1+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1725 CVE-2022-1771 CVE-2022-1886 CVE-2022-1897 CVE-2022-2000 CVE-2022-2042 CVE-2023-46246 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 Ubuntu 14.04 LTS It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-13440) It was discovered that audiofile could be made to write out of bounds. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-17095) It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2019-13147) It was discovered that audiofile could be made to leak memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2022-24599) Update Instructions: Run `sudo pro fix USN-6558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools - 0.3.6-2ubuntu0.14.04.3+esm1 libaudiofile-dev - 0.3.6-2ubuntu0.14.04.3+esm1 libaudiofile1 - 0.3.6-2ubuntu0.14.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-13440 CVE-2018-17095 CVE-2019-13147 CVE-2022-24599 Ubuntu 14.04 LTS It was discovered that ZooKeeper incorrectly handled authorization for the getACL() command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-0201) Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-44981) Update Instructions: Run `sudo pro fix USN-6559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzookeeper-java - 3.4.5+dfsg-1ubuntu0.1~esm3 libzookeeper-java-doc - 3.4.5+dfsg-1ubuntu0.1~esm3 libzookeeper-mt-dev - 3.4.5+dfsg-1ubuntu0.1~esm3 libzookeeper-mt2 - 3.4.5+dfsg-1ubuntu0.1~esm3 libzookeeper-st-dev - 3.4.5+dfsg-1ubuntu0.1~esm3 libzookeeper-st2 - 3.4.5+dfsg-1ubuntu0.1~esm3 libzookeeper2 - 3.4.5+dfsg-1ubuntu0.1~esm3 python-zookeeper - 3.4.5+dfsg-1ubuntu0.1~esm3 zookeeper - 3.4.5+dfsg-1ubuntu0.1~esm3 zookeeper-bin - 3.4.5+dfsg-1ubuntu0.1~esm3 zookeeperd - 3.4.5+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-0201 CVE-2023-44981 Ubuntu 14.04 LTS Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password. Update Instructions: Run `sudo pro fix USN-6571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: monit - 1:5.6-2ubuntu0.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26563 Ubuntu 14.04 LTS It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.1.1-5.1+deb8u4ubuntu0.1~esm1 libxerces-c-doc - 3.1.1-5.1+deb8u4ubuntu0.1~esm1 libxerces-c-samples - 3.1.1-5.1+deb8u4ubuntu0.1~esm1 libxerces-c3.1 - 3.1.1-5.1+deb8u4ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-1311 Ubuntu 14.04 LTS It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6580-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m - 0.5.3-15ubuntu0.2+esm2 w3m-img - 0.5.3-15ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4255 Ubuntu 14.04 LTS It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211) It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-21427, CVE-2020-21428) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted PFM file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22524) Update Instructions: Run `sudo pro fix USN-6586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeimage-dev - 3.15.4-3ubuntu0.1+esm3 libfreeimage3 - 3.15.4-3ubuntu0.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-12211 CVE-2019-12213 CVE-2020-21427 CVE-2020-21428 CVE-2020-22524 Ubuntu 14.04 LTS USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6478) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update Instructions: Run `sudo pro fix USN-6587-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.15.1-0ubuntu2.11+esm9 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm9 xnest - 2:1.15.1-0ubuntu2.11+esm9 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm9 xserver-common - 2:1.15.1-0ubuntu2.11+esm9 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm9 xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm9 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm9 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm9 xvfb - 2:1.15.1-0ubuntu2.11+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6478 CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-21885 CVE-2024-21886 Ubuntu 14.04 LTS USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6588-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-cracklib - 1.1.8-1ubuntu2.2+esm4 libpam-doc - 1.1.8-1ubuntu2.2+esm4 libpam-modules - 1.1.8-1ubuntu2.2+esm4 libpam-modules-bin - 1.1.8-1ubuntu2.2+esm4 libpam-runtime - 1.1.8-1ubuntu2.2+esm4 libpam0g - 1.1.8-1ubuntu2.2+esm4 libpam0g-dev - 1.1.8-1ubuntu2.2+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-22365 Ubuntu 14.04 LTS It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311) It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-37536) Update Instructions: Run `sudo pro fix USN-6590-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.1.1-5.1+deb8u4ubuntu0.1~esm2 libxerces-c-doc - 3.1.1-5.1+deb8u4ubuntu0.1~esm2 libxerces-c-samples - 3.1.1-5.1+deb8u4ubuntu0.1~esm2 libxerces-c3.1 - 3.1.1-5.1+deb8u4ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-1311 CVE-2023-37536 Ubuntu 14.04 LTS Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html. Update Instructions: Run `sudo pro fix USN-6591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 2.11.0-1ubuntu1.2+esm2 postfix-cdb - 2.11.0-1ubuntu1.2+esm2 postfix-dev - 2.11.0-1ubuntu1.2+esm2 postfix-doc - 2.11.0-1ubuntu1.2+esm2 postfix-ldap - 2.11.0-1ubuntu1.2+esm2 postfix-mysql - 2.11.0-1ubuntu1.2+esm2 postfix-pcre - 2.11.0-1ubuntu1.2+esm2 postfix-pgsql - 2.11.0-1ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51764 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 Ubuntu 14.04 LTS USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory details: Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html. Update Instructions: Run `sudo pro fix USN-6591-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 2.11.0-1ubuntu1.2+esm3 postfix-cdb - 2.11.0-1ubuntu1.2+esm3 postfix-dev - 2.11.0-1ubuntu1.2+esm3 postfix-doc - 2.11.0-1ubuntu1.2+esm3 postfix-ldap - 2.11.0-1ubuntu1.2+esm3 postfix-mysql - 2.11.0-1ubuntu1.2+esm3 postfix-pcre - 2.11.0-1ubuntu1.2+esm3 postfix-pgsql - 2.11.0-1ubuntu1.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51764 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2050834 Ubuntu 14.04 LTS Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28493) It was discovered that Jinja incorrectly handled certain HTML passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS. (CVE-2024-22195) Update Instructions: Run `sudo pro fix USN-6599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.7.2-2ubuntu0.1~esm2 python-jinja2-doc - 2.7.2-2ubuntu0.1~esm2 python3-jinja2 - 2.7.2-2ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-28493 CVE-2024-22195 Ubuntu 14.04 LTS It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6601-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-3.13.0-195-generic - 3.13.0-195.246 linux-buildinfo-3.13.0-195-lowlatency - 3.13.0-195.246 linux-cloud-tools-3.13.0-195 - 3.13.0-195.246 linux-cloud-tools-3.13.0-195-generic - 3.13.0-195.246 linux-cloud-tools-3.13.0-195-lowlatency - 3.13.0-195.246 linux-cloud-tools-common - 3.13.0-195.246 linux-doc - 3.13.0-195.246 linux-headers-3.13.0-195 - 3.13.0-195.246 linux-headers-3.13.0-195-generic - 3.13.0-195.246 linux-headers-3.13.0-195-lowlatency - 3.13.0-195.246 linux-image-3.13.0-195-generic - 3.13.0-195.246 linux-image-3.13.0-195-lowlatency - 3.13.0-195.246 linux-image-unsigned-3.13.0-195-generic - 3.13.0-195.246 linux-image-unsigned-3.13.0-195-lowlatency - 3.13.0-195.246 linux-libc-dev - 3.13.0-195.246 linux-modules-3.13.0-195-generic - 3.13.0-195.246 linux-modules-3.13.0-195-lowlatency - 3.13.0-195.246 linux-modules-extra-3.13.0-195-generic - 3.13.0-195.246 linux-source-3.13.0 - 3.13.0-195.246 linux-tools-3.13.0-195 - 3.13.0-195.246 linux-tools-3.13.0-195-generic - 3.13.0-195.246 linux-tools-3.13.0-195-lowlatency - 3.13.0-195.246 linux-tools-common - 3.13.0-195.246 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro hv-kvp-daemon-init - 3.13.0.195.205 linux-cloud-tools-generic - 3.13.0.195.205 linux-cloud-tools-lowlatency - 3.13.0.195.205 linux-cloud-tools-virtual - 3.13.0.195.205 linux-crashdump - 3.13.0.195.205 linux-generic - 3.13.0.195.205 linux-generic-lts-quantal - 3.13.0.195.205 linux-generic-lts-quantal-eol-upgrade - 3.13.0.195.205 linux-generic-lts-raring - 3.13.0.195.205 linux-generic-lts-raring-eol-upgrade - 3.13.0.195.205 linux-generic-lts-saucy - 3.13.0.195.205 linux-generic-lts-saucy-eol-upgrade - 3.13.0.195.205 linux-generic-lts-trusty - 3.13.0.195.205 linux-headers-generic - 3.13.0.195.205 linux-headers-generic-lts-quantal - 3.13.0.195.205 linux-headers-generic-lts-raring - 3.13.0.195.205 linux-headers-generic-lts-saucy - 3.13.0.195.205 linux-headers-generic-lts-trusty - 3.13.0.195.205 linux-headers-lowlatency - 3.13.0.195.205 linux-headers-server - 3.13.0.195.205 linux-headers-virtual - 3.13.0.195.205 linux-hwe-generic-trusty - 3.13.0.195.205 linux-hwe-virtual-trusty - 3.13.0.195.205 linux-image-extra-virtual - 3.13.0.195.205 linux-image-generic - 3.13.0.195.205 linux-image-generic-lts-quantal - 3.13.0.195.205 linux-image-generic-lts-raring - 3.13.0.195.205 linux-image-generic-lts-saucy - 3.13.0.195.205 linux-image-generic-lts-trusty - 3.13.0.195.205 linux-image-hwe-generic-trusty - 3.13.0.195.205 linux-image-hwe-virtual-trusty - 3.13.0.195.205 linux-image-lowlatency - 3.13.0.195.205 linux-image-server - 3.13.0.195.205 linux-image-virtual - 3.13.0.195.205 linux-lowlatency - 3.13.0.195.205 linux-server - 3.13.0.195.205 linux-signed-generic - 3.13.0.195.205 linux-signed-generic-lts-quantal - 3.13.0.195.205 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.195.205 linux-signed-generic-lts-raring - 3.13.0.195.205 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.195.205 linux-signed-generic-lts-saucy - 3.13.0.195.205 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.195.205 linux-signed-generic-lts-trusty - 3.13.0.195.205 linux-signed-image-generic - 3.13.0.195.205 linux-signed-image-generic-lts-quantal - 3.13.0.195.205 linux-signed-image-generic-lts-raring - 3.13.0.195.205 linux-signed-image-generic-lts-saucy - 3.13.0.195.205 linux-signed-image-generic-lts-trusty - 3.13.0.195.205 linux-source - 3.13.0.195.205 linux-tools-generic - 3.13.0.195.205 linux-tools-generic-lts-saucy - 3.13.0.195.205 linux-tools-generic-lts-trusty - 3.13.0.195.205 linux-tools-lowlatency - 3.13.0.195.205 linux-tools-lts-quantal - 3.13.0.195.205 linux-tools-lts-raring - 3.13.0.195.205 linux-tools-lts-saucy - 3.13.0.195.205 linux-tools-lts-trusty - 3.13.0.195.205 linux-tools-virtual - 3.13.0.195.205 linux-virtual - 3.13.0.195.205 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-6932 Ubuntu 14.04 LTS Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1127 - 4.4.0-1127.133 linux-aws-headers-4.4.0-1127 - 4.4.0-1127.133 linux-aws-tools-4.4.0-1127 - 4.4.0-1127.133 linux-buildinfo-4.4.0-1127-aws - 4.4.0-1127.133 linux-cloud-tools-4.4.0-1127-aws - 4.4.0-1127.133 linux-headers-4.4.0-1127-aws - 4.4.0-1127.133 linux-image-4.4.0-1127-aws - 4.4.0-1127.133 linux-modules-4.4.0-1127-aws - 4.4.0-1127.133 linux-tools-4.4.0-1127-aws - 4.4.0-1127.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-buildinfo-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 linux-cloud-tools-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-cloud-tools-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 linux-headers-4.4.0-250 - 4.4.0-250.284~14.04.1 linux-headers-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-headers-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 linux-image-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-image-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 linux-image-unsigned-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-image-unsigned-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-250 - 4.4.0-250.284~14.04.1 linux-lts-xenial-tools-4.4.0-250 - 4.4.0-250.284~14.04.1 linux-modules-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-modules-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 linux-modules-extra-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-tools-4.4.0-250-generic - 4.4.0-250.284~14.04.1 linux-tools-4.4.0-250-lowlatency - 4.4.0-250.284~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1127.124 linux-headers-aws - 4.4.0.1127.124 linux-image-aws - 4.4.0.1127.124 linux-tools-aws - 4.4.0.1127.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.250.217 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.250.217 linux-cloud-tools-virtual-lts-xenial - 4.4.0.250.217 linux-generic-lts-xenial - 4.4.0.250.217 linux-headers-generic-lts-xenial - 4.4.0.250.217 linux-headers-lowlatency-lts-xenial - 4.4.0.250.217 linux-headers-virtual-lts-xenial - 4.4.0.250.217 linux-image-extra-virtual-lts-xenial - 4.4.0.250.217 linux-image-generic-lts-xenial - 4.4.0.250.217 linux-image-lowlatency-lts-xenial - 4.4.0.250.217 linux-image-virtual-lts-xenial - 4.4.0.250.217 linux-lowlatency-lts-xenial - 4.4.0.250.217 linux-signed-generic-lts-xenial - 4.4.0.250.217 linux-signed-image-generic-lts-xenial - 4.4.0.250.217 linux-signed-image-lowlatency-lts-xenial - 4.4.0.250.217 linux-signed-lowlatency-lts-xenial - 4.4.0.250.217 linux-tools-generic-lts-xenial - 4.4.0.250.217 linux-tools-lowlatency-lts-xenial - 4.4.0.250.217 linux-tools-virtual-lts-xenial - 4.4.0.250.217 linux-virtual-lts-xenial - 4.4.0.250.217 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 14.04 LTS It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6604-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1173 - 4.15.0-1173.188~14.04.1 linux-azure-headers-4.15.0-1173 - 4.15.0-1173.188~14.04.1 linux-azure-tools-4.15.0-1173 - 4.15.0-1173.188~14.04.1 linux-buildinfo-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-cloud-tools-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-headers-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-image-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-image-unsigned-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-modules-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-modules-extra-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 linux-tools-4.15.0-1173-azure - 4.15.0-1173.188~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1173.139 linux-cloud-tools-azure - 4.15.0.1173.139 linux-headers-azure - 4.15.0.1173.139 linux-image-azure - 4.15.0.1173.139 linux-modules-extra-azure - 4.15.0.1173.139 linux-signed-azure - 4.15.0.1173.139 linux-signed-image-azure - 4.15.0.1173.139 linux-tools-azure - 4.15.0.1173.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1079 CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 14.04 LTS Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket. Update Instructions: Run `sudo pro fix USN-6613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph - 0.80.11-0ubuntu1.14.04.4+esm2 ceph-common - 0.80.11-0ubuntu1.14.04.4+esm2 ceph-fs-common - 0.80.11-0ubuntu1.14.04.4+esm2 ceph-fuse - 0.80.11-0ubuntu1.14.04.4+esm2 ceph-mds - 0.80.11-0ubuntu1.14.04.4+esm2 ceph-test - 0.80.11-0ubuntu1.14.04.4+esm2 libcephfs-dev - 0.80.11-0ubuntu1.14.04.4+esm2 libcephfs-jni - 0.80.11-0ubuntu1.14.04.4+esm2 libcephfs1 - 0.80.11-0ubuntu1.14.04.4+esm2 librados-dev - 0.80.11-0ubuntu1.14.04.4+esm2 librados2 - 0.80.11-0ubuntu1.14.04.4+esm2 librbd-dev - 0.80.11-0ubuntu1.14.04.4+esm2 librbd1 - 0.80.11-0ubuntu1.14.04.4+esm2 python-ceph - 0.80.11-0ubuntu1.14.04.4+esm2 radosgw - 0.80.11-0ubuntu1.14.04.4+esm2 rbd-fuse - 0.80.11-0ubuntu1.14.04.4+esm2 rest-bench - 0.80.11-0ubuntu1.14.04.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43040 Ubuntu 14.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.7.7.10-6ubuntu3.13+esm7 imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm7 imagemagick-doc - 8:6.7.7.10-6ubuntu3.13+esm7 libmagick++-dev - 8:6.7.7.10-6ubuntu3.13+esm7 libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm7 libmagickcore-dev - 8:6.7.7.10-6ubuntu3.13+esm7 libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm7 libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm7 libmagickwand-dev - 8:6.7.7.10-6ubuntu3.13+esm7 libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm7 perlmagick - 8:6.7.7.10-6ubuntu3.13+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5341 Ubuntu 14.04 LTS It was discovered that shadow was not properly sanitizing memory when running the password utility. An attacker could possibly use this issue to retrieve a password from memory, exposing sensitive information. Update Instructions: Run `sudo pro fix USN-6640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: login - 1:4.1.5.1-1ubuntu9.5+esm4 passwd - 1:4.1.5.1-1ubuntu9.5+esm4 uidmap - 1:4.1.5.1-1ubuntu9.5+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-4641 Ubuntu 14.04 LTS It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. (CVE-2023-52356) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-6228) It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service. (CVE-2023-6277) Update Instructions: Run `sudo pro fix USN-6644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.3-7ubuntu0.11+esm12 libtiff-opengl - 4.0.3-7ubuntu0.11+esm12 libtiff-tools - 4.0.3-7ubuntu0.11+esm12 libtiff4-dev - 4.0.3-7ubuntu0.11+esm12 libtiff5 - 4.0.3-7ubuntu0.11+esm12 libtiff5-alt-dev - 4.0.3-7ubuntu0.11+esm12 libtiff5-dev - 4.0.3-7ubuntu0.11+esm12 libtiffxx5 - 4.0.3-7ubuntu0.11+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-52356 CVE-2023-6228 CVE-2023-6277 Ubuntu 14.04 LTS It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). Update Instructions: Run `sudo pro fix USN-6645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-3.13.0-196-generic - 3.13.0-196.247 linux-buildinfo-3.13.0-196-lowlatency - 3.13.0-196.247 linux-cloud-tools-3.13.0-196 - 3.13.0-196.247 linux-cloud-tools-3.13.0-196-generic - 3.13.0-196.247 linux-cloud-tools-3.13.0-196-lowlatency - 3.13.0-196.247 linux-cloud-tools-common - 3.13.0-196.247 linux-doc - 3.13.0-196.247 linux-headers-3.13.0-196 - 3.13.0-196.247 linux-headers-3.13.0-196-generic - 3.13.0-196.247 linux-headers-3.13.0-196-lowlatency - 3.13.0-196.247 linux-image-3.13.0-196-generic - 3.13.0-196.247 linux-image-3.13.0-196-lowlatency - 3.13.0-196.247 linux-image-unsigned-3.13.0-196-generic - 3.13.0-196.247 linux-image-unsigned-3.13.0-196-lowlatency - 3.13.0-196.247 linux-libc-dev - 3.13.0-196.247 linux-modules-3.13.0-196-generic - 3.13.0-196.247 linux-modules-3.13.0-196-lowlatency - 3.13.0-196.247 linux-modules-extra-3.13.0-196-generic - 3.13.0-196.247 linux-source-3.13.0 - 3.13.0-196.247 linux-tools-3.13.0-196 - 3.13.0-196.247 linux-tools-3.13.0-196-generic - 3.13.0-196.247 linux-tools-3.13.0-196-lowlatency - 3.13.0-196.247 linux-tools-common - 3.13.0-196.247 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro hv-kvp-daemon-init - 3.13.0.196.206 linux-cloud-tools-generic - 3.13.0.196.206 linux-cloud-tools-lowlatency - 3.13.0.196.206 linux-cloud-tools-virtual - 3.13.0.196.206 linux-crashdump - 3.13.0.196.206 linux-generic - 3.13.0.196.206 linux-generic-lts-quantal - 3.13.0.196.206 linux-generic-lts-quantal-eol-upgrade - 3.13.0.196.206 linux-generic-lts-raring - 3.13.0.196.206 linux-generic-lts-raring-eol-upgrade - 3.13.0.196.206 linux-generic-lts-saucy - 3.13.0.196.206 linux-generic-lts-saucy-eol-upgrade - 3.13.0.196.206 linux-generic-lts-trusty - 3.13.0.196.206 linux-headers-generic - 3.13.0.196.206 linux-headers-generic-lts-quantal - 3.13.0.196.206 linux-headers-generic-lts-raring - 3.13.0.196.206 linux-headers-generic-lts-saucy - 3.13.0.196.206 linux-headers-generic-lts-trusty - 3.13.0.196.206 linux-headers-lowlatency - 3.13.0.196.206 linux-headers-server - 3.13.0.196.206 linux-headers-virtual - 3.13.0.196.206 linux-hwe-generic-trusty - 3.13.0.196.206 linux-hwe-virtual-trusty - 3.13.0.196.206 linux-image-extra-virtual - 3.13.0.196.206 linux-image-generic - 3.13.0.196.206 linux-image-generic-lts-quantal - 3.13.0.196.206 linux-image-generic-lts-raring - 3.13.0.196.206 linux-image-generic-lts-saucy - 3.13.0.196.206 linux-image-generic-lts-trusty - 3.13.0.196.206 linux-image-hwe-generic-trusty - 3.13.0.196.206 linux-image-hwe-virtual-trusty - 3.13.0.196.206 linux-image-lowlatency - 3.13.0.196.206 linux-image-server - 3.13.0.196.206 linux-image-virtual - 3.13.0.196.206 linux-lowlatency - 3.13.0.196.206 linux-server - 3.13.0.196.206 linux-signed-generic - 3.13.0.196.206 linux-signed-generic-lts-quantal - 3.13.0.196.206 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.196.206 linux-signed-generic-lts-raring - 3.13.0.196.206 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.196.206 linux-signed-generic-lts-saucy - 3.13.0.196.206 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.196.206 linux-signed-generic-lts-trusty - 3.13.0.196.206 linux-signed-image-generic - 3.13.0.196.206 linux-signed-image-generic-lts-quantal - 3.13.0.196.206 linux-signed-image-generic-lts-raring - 3.13.0.196.206 linux-signed-image-generic-lts-saucy - 3.13.0.196.206 linux-signed-image-generic-lts-trusty - 3.13.0.196.206 linux-source - 3.13.0.196.206 linux-tools-generic - 3.13.0.196.206 linux-tools-generic-lts-saucy - 3.13.0.196.206 linux-tools-generic-lts-trusty - 3.13.0.196.206 linux-tools-lowlatency - 3.13.0.196.206 linux-tools-lts-quantal - 3.13.0.196.206 linux-tools-lts-raring - 3.13.0.196.206 linux-tools-lts-saucy - 3.13.0.196.206 linux-tools-lts-trusty - 3.13.0.196.206 linux-tools-virtual - 3.13.0.196.206 linux-virtual - 3.13.0.196.206 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-7192 Ubuntu 14.04 LTS It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-7192) Update Instructions: Run `sudo pro fix USN-6646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1128 - 4.4.0-1128.134 linux-aws-headers-4.4.0-1128 - 4.4.0-1128.134 linux-aws-tools-4.4.0-1128 - 4.4.0-1128.134 linux-buildinfo-4.4.0-1128-aws - 4.4.0-1128.134 linux-cloud-tools-4.4.0-1128-aws - 4.4.0-1128.134 linux-headers-4.4.0-1128-aws - 4.4.0-1128.134 linux-image-4.4.0-1128-aws - 4.4.0-1128.134 linux-modules-4.4.0-1128-aws - 4.4.0-1128.134 linux-tools-4.4.0-1128-aws - 4.4.0-1128.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-buildinfo-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 linux-cloud-tools-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-cloud-tools-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 linux-headers-4.4.0-251 - 4.4.0-251.285~14.04.1 linux-headers-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-headers-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 linux-image-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-image-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 linux-image-unsigned-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-image-unsigned-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-251 - 4.4.0-251.285~14.04.1 linux-lts-xenial-tools-4.4.0-251 - 4.4.0-251.285~14.04.1 linux-modules-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-modules-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 linux-modules-extra-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-tools-4.4.0-251-generic - 4.4.0-251.285~14.04.1 linux-tools-4.4.0-251-lowlatency - 4.4.0-251.285~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1128.125 linux-headers-aws - 4.4.0.1128.125 linux-image-aws - 4.4.0.1128.125 linux-tools-aws - 4.4.0.1128.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.251.218 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.251.218 linux-cloud-tools-virtual-lts-xenial - 4.4.0.251.218 linux-generic-lts-xenial - 4.4.0.251.218 linux-headers-generic-lts-xenial - 4.4.0.251.218 linux-headers-lowlatency-lts-xenial - 4.4.0.251.218 linux-headers-virtual-lts-xenial - 4.4.0.251.218 linux-image-extra-virtual-lts-xenial - 4.4.0.251.218 linux-image-generic-lts-xenial - 4.4.0.251.218 linux-image-lowlatency-lts-xenial - 4.4.0.251.218 linux-image-virtual-lts-xenial - 4.4.0.251.218 linux-lowlatency-lts-xenial - 4.4.0.251.218 linux-signed-generic-lts-xenial - 4.4.0.251.218 linux-signed-image-generic-lts-xenial - 4.4.0.251.218 linux-signed-image-lowlatency-lts-xenial - 4.4.0.251.218 linux-signed-lowlatency-lts-xenial - 4.4.0.251.218 linux-tools-generic-lts-xenial - 4.4.0.251.218 linux-tools-lowlatency-lts-xenial - 4.4.0.251.218 linux-tools-virtual-lts-xenial - 4.4.0.251.218 linux-virtual-lts-xenial - 4.4.0.251.218 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51780 CVE-2023-51782 CVE-2023-7192 Ubuntu 14.04 LTS It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-7192) Update Instructions: Run `sudo pro fix USN-6647-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1174 - 4.15.0-1174.189~14.04.1 linux-azure-headers-4.15.0-1174 - 4.15.0-1174.189~14.04.1 linux-azure-tools-4.15.0-1174 - 4.15.0-1174.189~14.04.1 linux-buildinfo-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-cloud-tools-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-headers-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-image-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-image-unsigned-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-modules-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-modules-extra-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 linux-tools-4.15.0-1174-azure - 4.15.0-1174.189~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1174.140 linux-cloud-tools-azure - 4.15.0.1174.140 linux-headers-azure - 4.15.0.1174.140 linux-image-azure - 4.15.0.1174.140 linux-modules-extra-azure - 4.15.0.1174.140 linux-signed-azure - 4.15.0.1174.140 linux-signed-image-azure - 4.15.0.1174.140 linux-tools-azure - 4.15.0.1174.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51780 CVE-2023-51782 CVE-2023-7192 Ubuntu 14.04 LTS USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6658-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm6 libxml2-dev - 2.9.1+dfsg1-3ubuntu4.13+esm6 libxml2-doc - 2.9.1+dfsg1-3ubuntu4.13+esm6 libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm6 python-libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-25062 Ubuntu 14.04 LTS It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-6684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib32ncurses5 - 5.9+20140118-1ubuntu1+esm5 lib32ncurses5-dev - 5.9+20140118-1ubuntu1+esm5 lib32ncursesw5 - 5.9+20140118-1ubuntu1+esm5 lib32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm5 lib32tinfo-dev - 5.9+20140118-1ubuntu1+esm5 lib32tinfo5 - 5.9+20140118-1ubuntu1+esm5 lib64ncurses5 - 5.9+20140118-1ubuntu1+esm5 lib64ncurses5-dev - 5.9+20140118-1ubuntu1+esm5 lib64tinfo5 - 5.9+20140118-1ubuntu1+esm5 libncurses5 - 5.9+20140118-1ubuntu1+esm5 libncurses5-dev - 5.9+20140118-1ubuntu1+esm5 libncursesw5 - 5.9+20140118-1ubuntu1+esm5 libncursesw5-dev - 5.9+20140118-1ubuntu1+esm5 libtinfo-dev - 5.9+20140118-1ubuntu1+esm5 libtinfo5 - 5.9+20140118-1ubuntu1+esm5 libx32ncurses5 - 5.9+20140118-1ubuntu1+esm5 libx32ncurses5-dev - 5.9+20140118-1ubuntu1+esm5 libx32ncursesw5 - 5.9+20140118-1ubuntu1+esm5 libx32ncursesw5-dev - 5.9+20140118-1ubuntu1+esm5 libx32tinfo-dev - 5.9+20140118-1ubuntu1+esm5 libx32tinfo5 - 5.9+20140118-1ubuntu1+esm5 ncurses-base - 5.9+20140118-1ubuntu1+esm5 ncurses-bin - 5.9+20140118-1ubuntu1+esm5 ncurses-doc - 5.9+20140118-1ubuntu1+esm5 ncurses-examples - 5.9+20140118-1ubuntu1+esm5 ncurses-term - 5.9+20140118-1ubuntu1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-50495 Ubuntu 14.04 LTS Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service Update Instructions: Run `sudo pro fix USN-6698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.052-1ubuntu3.1+esm16 vim-athena - 2:7.4.052-1ubuntu3.1+esm16 vim-common - 2:7.4.052-1ubuntu3.1+esm16 vim-doc - 2:7.4.052-1ubuntu3.1+esm16 vim-gnome - 2:7.4.052-1ubuntu3.1+esm16 vim-gtk - 2:7.4.052-1ubuntu3.1+esm16 vim-gui-common - 2:7.4.052-1ubuntu3.1+esm16 vim-lesstif - 2:7.4.052-1ubuntu3.1+esm16 vim-nox - 2:7.4.052-1ubuntu3.1+esm16 vim-runtime - 2:7.4.052-1ubuntu3.1+esm16 vim-tiny - 2:7.4.052-1ubuntu3.1+esm16 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2024-22667 Ubuntu 14.04 LTS Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-3.13.0-197-generic - 3.13.0-197.248 linux-buildinfo-3.13.0-197-lowlatency - 3.13.0-197.248 linux-cloud-tools-3.13.0-197 - 3.13.0-197.248 linux-cloud-tools-3.13.0-197-generic - 3.13.0-197.248 linux-cloud-tools-3.13.0-197-lowlatency - 3.13.0-197.248 linux-cloud-tools-common - 3.13.0-197.248 linux-doc - 3.13.0-197.248 linux-headers-3.13.0-197 - 3.13.0-197.248 linux-headers-3.13.0-197-generic - 3.13.0-197.248 linux-headers-3.13.0-197-lowlatency - 3.13.0-197.248 linux-image-3.13.0-197-generic - 3.13.0-197.248 linux-image-3.13.0-197-lowlatency - 3.13.0-197.248 linux-image-unsigned-3.13.0-197-generic - 3.13.0-197.248 linux-image-unsigned-3.13.0-197-lowlatency - 3.13.0-197.248 linux-libc-dev - 3.13.0-197.248 linux-modules-3.13.0-197-generic - 3.13.0-197.248 linux-modules-3.13.0-197-lowlatency - 3.13.0-197.248 linux-modules-extra-3.13.0-197-generic - 3.13.0-197.248 linux-source-3.13.0 - 3.13.0-197.248 linux-tools-3.13.0-197 - 3.13.0-197.248 linux-tools-3.13.0-197-generic - 3.13.0-197.248 linux-tools-3.13.0-197-lowlatency - 3.13.0-197.248 linux-tools-common - 3.13.0-197.248 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro hv-kvp-daemon-init - 3.13.0.197.207 linux-cloud-tools-generic - 3.13.0.197.207 linux-cloud-tools-lowlatency - 3.13.0.197.207 linux-cloud-tools-virtual - 3.13.0.197.207 linux-crashdump - 3.13.0.197.207 linux-generic - 3.13.0.197.207 linux-generic-lts-quantal - 3.13.0.197.207 linux-generic-lts-quantal-eol-upgrade - 3.13.0.197.207 linux-generic-lts-raring - 3.13.0.197.207 linux-generic-lts-raring-eol-upgrade - 3.13.0.197.207 linux-generic-lts-saucy - 3.13.0.197.207 linux-generic-lts-saucy-eol-upgrade - 3.13.0.197.207 linux-generic-lts-trusty - 3.13.0.197.207 linux-headers-generic - 3.13.0.197.207 linux-headers-generic-lts-quantal - 3.13.0.197.207 linux-headers-generic-lts-raring - 3.13.0.197.207 linux-headers-generic-lts-saucy - 3.13.0.197.207 linux-headers-generic-lts-trusty - 3.13.0.197.207 linux-headers-lowlatency - 3.13.0.197.207 linux-headers-server - 3.13.0.197.207 linux-headers-virtual - 3.13.0.197.207 linux-hwe-generic-trusty - 3.13.0.197.207 linux-hwe-virtual-trusty - 3.13.0.197.207 linux-image-extra-virtual - 3.13.0.197.207 linux-image-generic - 3.13.0.197.207 linux-image-generic-lts-quantal - 3.13.0.197.207 linux-image-generic-lts-raring - 3.13.0.197.207 linux-image-generic-lts-saucy - 3.13.0.197.207 linux-image-generic-lts-trusty - 3.13.0.197.207 linux-image-hwe-generic-trusty - 3.13.0.197.207 linux-image-hwe-virtual-trusty - 3.13.0.197.207 linux-image-lowlatency - 3.13.0.197.207 linux-image-server - 3.13.0.197.207 linux-image-virtual - 3.13.0.197.207 linux-lowlatency - 3.13.0.197.207 linux-server - 3.13.0.197.207 linux-signed-generic - 3.13.0.197.207 linux-signed-generic-lts-quantal - 3.13.0.197.207 linux-signed-generic-lts-quantal-eol-upgrade - 3.13.0.197.207 linux-signed-generic-lts-raring - 3.13.0.197.207 linux-signed-generic-lts-raring-eol-upgrade - 3.13.0.197.207 linux-signed-generic-lts-saucy - 3.13.0.197.207 linux-signed-generic-lts-saucy-eol-upgrade - 3.13.0.197.207 linux-signed-generic-lts-trusty - 3.13.0.197.207 linux-signed-image-generic - 3.13.0.197.207 linux-signed-image-generic-lts-quantal - 3.13.0.197.207 linux-signed-image-generic-lts-raring - 3.13.0.197.207 linux-signed-image-generic-lts-saucy - 3.13.0.197.207 linux-signed-image-generic-lts-trusty - 3.13.0.197.207 linux-source - 3.13.0.197.207 linux-tools-generic - 3.13.0.197.207 linux-tools-generic-lts-saucy - 3.13.0.197.207 linux-tools-generic-lts-trusty - 3.13.0.197.207 linux-tools-lowlatency - 3.13.0.197.207 linux-tools-lts-quantal - 3.13.0.197.207 linux-tools-lts-raring - 3.13.0.197.207 linux-tools-lts-saucy - 3.13.0.197.207 linux-tools-lts-trusty - 3.13.0.197.207 linux-tools-virtual - 3.13.0.197.207 linux-virtual - 3.13.0.197.207 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-30456 CVE-2023-4921 CVE-2024-24855 Ubuntu 14.04 LTS It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20567) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1129 - 4.4.0-1129.135 linux-aws-headers-4.4.0-1129 - 4.4.0-1129.135 linux-aws-tools-4.4.0-1129 - 4.4.0-1129.135 linux-buildinfo-4.4.0-1129-aws - 4.4.0-1129.135 linux-cloud-tools-4.4.0-1129-aws - 4.4.0-1129.135 linux-headers-4.4.0-1129-aws - 4.4.0-1129.135 linux-image-4.4.0-1129-aws - 4.4.0-1129.135 linux-modules-4.4.0-1129-aws - 4.4.0-1129.135 linux-tools-4.4.0-1129-aws - 4.4.0-1129.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-buildinfo-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 linux-cloud-tools-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-cloud-tools-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 linux-headers-4.4.0-252 - 4.4.0-252.286~14.04.1 linux-headers-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-headers-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 linux-image-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-image-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 linux-image-unsigned-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-image-unsigned-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-252 - 4.4.0-252.286~14.04.1 linux-lts-xenial-tools-4.4.0-252 - 4.4.0-252.286~14.04.1 linux-modules-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-modules-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 linux-modules-extra-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-tools-4.4.0-252-generic - 4.4.0-252.286~14.04.1 linux-tools-4.4.0-252-lowlatency - 4.4.0-252.286~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1129.126 linux-headers-aws - 4.4.0.1129.126 linux-image-aws - 4.4.0.1129.126 linux-tools-aws - 4.4.0.1129.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.252.219 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.252.219 linux-cloud-tools-virtual-lts-xenial - 4.4.0.252.219 linux-generic-lts-xenial - 4.4.0.252.219 linux-headers-generic-lts-xenial - 4.4.0.252.219 linux-headers-lowlatency-lts-xenial - 4.4.0.252.219 linux-headers-virtual-lts-xenial - 4.4.0.252.219 linux-image-extra-virtual-lts-xenial - 4.4.0.252.219 linux-image-generic-lts-xenial - 4.4.0.252.219 linux-image-lowlatency-lts-xenial - 4.4.0.252.219 linux-image-virtual-lts-xenial - 4.4.0.252.219 linux-lowlatency-lts-xenial - 4.4.0.252.219 linux-signed-generic-lts-xenial - 4.4.0.252.219 linux-signed-image-generic-lts-xenial - 4.4.0.252.219 linux-signed-image-lowlatency-lts-xenial - 4.4.0.252.219 linux-signed-lowlatency-lts-xenial - 4.4.0.252.219 linux-tools-generic-lts-xenial - 4.4.0.252.219 linux-tools-lowlatency-lts-xenial - 4.4.0.252.219 linux-tools-virtual-lts-xenial - 4.4.0.252.219 linux-virtual-lts-xenial - 4.4.0.252.219 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20567 CVE-2023-34256 CVE-2023-39197 CVE-2023-51781 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 14.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1175 - 4.15.0-1175.190~14.04.1 linux-azure-headers-4.15.0-1175 - 4.15.0-1175.190~14.04.1 linux-azure-tools-4.15.0-1175 - 4.15.0-1175.190~14.04.1 linux-buildinfo-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-cloud-tools-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-headers-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-image-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-image-unsigned-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-modules-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-modules-extra-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 linux-tools-4.15.0-1175-azure - 4.15.0-1175.190~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1175.141 linux-cloud-tools-azure - 4.15.0.1175.141 linux-headers-azure - 4.15.0.1175.141 linux-image-azure - 4.15.0.1175.141 linux-modules-extra-azure - 4.15.0.1175.141 linux-signed-azure - 4.15.0.1175.141 linux-signed-image-azure - 4.15.0.1175.141 linux-tools-azure - 4.15.0.1175.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 14.04 LTS It was discovered that Graphviz incorrectly handled certain config6a files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphviz - 2.36.0-0ubuntu3.2+esm2 graphviz-dev - 2.36.0-0ubuntu3.2+esm2 graphviz-doc - 2.36.0-0ubuntu3.2+esm2 libcdt5 - 2.36.0-0ubuntu3.2+esm2 libcgraph6 - 2.36.0-0ubuntu3.2+esm2 libgraphviz-dev - 2.36.0-0ubuntu3.2+esm2 libgv-guile - 2.36.0-0ubuntu3.2+esm2 libgv-lua - 2.36.0-0ubuntu3.2+esm2 libgv-perl - 2.36.0-0ubuntu3.2+esm2 libgv-php5 - 2.36.0-0ubuntu3.2+esm2 libgv-python - 2.36.0-0ubuntu3.2+esm2 libgv-ruby - 2.36.0-0ubuntu3.2+esm2 libgv-tcl - 2.36.0-0ubuntu3.2+esm2 libgvc6 - 2.36.0-0ubuntu3.2+esm2 libgvc6-plugins-gtk - 2.36.0-0ubuntu3.2+esm2 libgvpr2 - 2.36.0-0ubuntu3.2+esm2 libpathplan4 - 2.36.0-0ubuntu3.2+esm2 libxdot4 - 2.36.0-0ubuntu3.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46045 Ubuntu 14.04 LTS It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update Instructions: Run `sudo pro fix USN-6721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.15.1-0ubuntu2.11+esm11 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm11 xnest - 2:1.15.1-0ubuntu2.11+esm11 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm11 xserver-common - 2:1.15.1-0ubuntu2.11+esm11 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm11 xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm11 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm11 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm11 xvfb - 2:1.15.1-0ubuntu2.11+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-31080 CVE-2024-31081 CVE-2024-31082 CVE-2024-31083 Ubuntu 14.04 LTS USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update Instructions: Run `sudo pro fix USN-6721-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.15.1-0ubuntu2.11+esm12 xdmx-tools - 2:1.15.1-0ubuntu2.11+esm12 xnest - 2:1.15.1-0ubuntu2.11+esm12 xorg-server-source - 2:1.15.1-0ubuntu2.11+esm12 xserver-common - 2:1.15.1-0ubuntu2.11+esm12 xserver-xephyr - 2:1.15.1-0ubuntu2.11+esm12 xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm12 xserver-xorg-dev - 2:1.15.1-0ubuntu2.11+esm12 xserver-xorg-xmir - 2:1.15.1-0ubuntu2.11+esm12 xvfb - 2:1.15.1-0ubuntu2.11+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2060354 Ubuntu 14.04 LTS Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update Instructions: Run `sudo pro fix USN-6722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django - 1.6.11-0ubuntu1.3+esm7 python-django-doc - 1.6.11-0ubuntu1.3+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2019-19844 Ubuntu 14.04 LTS Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868) Update Instructions: Run `sudo pro fix USN-6723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 bind9-doc - 1:9.9.5.dfsg-3ubuntu0.19+esm12 bind9-host - 1:9.9.5.dfsg-3ubuntu0.19+esm12 bind9utils - 1:9.9.5.dfsg-3ubuntu0.19+esm12 dnsutils - 1:9.9.5.dfsg-3ubuntu0.19+esm12 host - 1:9.9.5.dfsg-3ubuntu0.19+esm12 libbind-dev - 1:9.9.5.dfsg-3ubuntu0.19+esm12 libbind9-90 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 libdns100 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 libisc95 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 libisccc90 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 libisccfg90 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 liblwres90 - 1:9.9.5.dfsg-3ubuntu0.19+esm12 lwresd - 1:9.9.5.dfsg-3ubuntu0.19+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-50387 CVE-2023-50868 Ubuntu 14.04 LTS It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code. Update Instructions: Run `sudo pro fix USN-6730-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmaven-shared-utils-java - 0.4-1ubuntu0.1~esm1 libmaven-shared-utils-java-doc - 0.4-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-29599 Ubuntu 14.04 LTS It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-30588) It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10. (CVE-2023-30589) It was discovered that Node.js incorrectly described the generateKeys() function in the documentation. This inconsistency could possibly lead to security issues in applications that use these APIs. (CVE-2023-30590) Update Instructions: Run `sudo pro fix USN-6735-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 0.10.25~dfsg2-2ubuntu1.2+esm2 nodejs-dev - 0.10.25~dfsg2-2ubuntu1.2+esm2 nodejs-legacy - 0.10.25~dfsg2-2ubuntu1.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Ubuntu 14.04 LTS It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2022-37434) Update Instructions: Run `sudo pro fix USN-6736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.3-0ubuntu1.14.04.3+esm3 libklibc - 2.0.3-0ubuntu1.14.04.3+esm3 libklibc-dev - 2.0.3-0ubuntu1.14.04.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-9840 CVE-2016-9841 CVE-2018-25032 CVE-2022-37434 Ubuntu 14.04 LTS It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1382) Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-1998) Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. (CVE-2023-24023) shanzhulig discovered that the DRM subsystem in the Linux kernel contained a race condition when performing certain operation while handling driver unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51043) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - ACPI drivers; - I2C subsystem; - Media drivers; - JFS file system; - IPv4 Networking; - Open vSwitch; (CVE-2021-46966, CVE-2021-46936, CVE-2023-52451, CVE-2019-25162, CVE-2023-52445, CVE-2023-52600, CVE-2021-46990, CVE-2021-46955, CVE-2023-52603) Update Instructions: Run `sudo pro fix USN-6739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1130 - 4.4.0-1130.136 linux-aws-headers-4.4.0-1130 - 4.4.0-1130.136 linux-aws-tools-4.4.0-1130 - 4.4.0-1130.136 linux-buildinfo-4.4.0-1130-aws - 4.4.0-1130.136 linux-cloud-tools-4.4.0-1130-aws - 4.4.0-1130.136 linux-headers-4.4.0-1130-aws - 4.4.0-1130.136 linux-image-4.4.0-1130-aws - 4.4.0-1130.136 linux-modules-4.4.0-1130-aws - 4.4.0-1130.136 linux-tools-4.4.0-1130-aws - 4.4.0-1130.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-buildinfo-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 linux-cloud-tools-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-cloud-tools-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 linux-headers-4.4.0-253 - 4.4.0-253.287~14.04.1 linux-headers-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-headers-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 linux-image-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-image-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 linux-image-unsigned-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-image-unsigned-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 linux-lts-xenial-cloud-tools-4.4.0-253 - 4.4.0-253.287~14.04.1 linux-lts-xenial-tools-4.4.0-253 - 4.4.0-253.287~14.04.1 linux-modules-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-modules-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 linux-modules-extra-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-tools-4.4.0-253-generic - 4.4.0-253.287~14.04.1 linux-tools-4.4.0-253-lowlatency - 4.4.0-253.287~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1130.127 linux-headers-aws - 4.4.0.1130.127 linux-image-aws - 4.4.0.1130.127 linux-tools-aws - 4.4.0.1130.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-cloud-tools-virtual-lts-xenial - 4.4.0.253.287~14.04.1 linux-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-headers-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-headers-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-headers-virtual-lts-xenial - 4.4.0.253.287~14.04.1 linux-image-extra-virtual-lts-xenial - 4.4.0.253.287~14.04.1 linux-image-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-image-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-image-virtual-lts-xenial - 4.4.0.253.287~14.04.1 linux-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-signed-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-signed-image-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-signed-image-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-signed-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-tools-generic-lts-xenial - 4.4.0.253.287~14.04.1 linux-tools-lowlatency-lts-xenial - 4.4.0.253.287~14.04.1 linux-tools-virtual-lts-xenial - 4.4.0.253.287~14.04.1 linux-virtual-lts-xenial - 4.4.0.253.287~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-25162 CVE-2021-46936 CVE-2021-46955 CVE-2021-46966 CVE-2021-46990 CVE-2022-20422 CVE-2023-1382 CVE-2023-1998 CVE-2023-24023 CVE-2023-51043 CVE-2023-51779 CVE-2023-52429 CVE-2023-52445 CVE-2023-52451 CVE-2023-52600 CVE-2023-52603 CVE-2024-23851 Ubuntu 14.04 LTS Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1382) It was discovered that the virtio network implementation in the Linux kernel did not properly handle file references in the host, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-1838) Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-1998) Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. (CVE-2023-24023) shanzhulig discovered that the DRM subsystem in the Linux kernel contained a race condition when performing certain operation while handling driver unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51043) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) It was discovered that the SCTP protocol implementation in the Linux kernel contained a race condition when handling lock acquisition in certain situations. A local attacker could possibly use this to cause a denial of service (kernel deadlock). (CVE-2024-0639) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - EDAC drivers; - Media drivers; - JFS file system; (CVE-2023-52603, CVE-2023-52464, CVE-2023-52600, CVE-2023-52445, CVE-2023-52451) Update Instructions: Run `sudo pro fix USN-6740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1176 - 4.15.0-1176.191~14.04.1 linux-azure-headers-4.15.0-1176 - 4.15.0-1176.191~14.04.1 linux-azure-tools-4.15.0-1176 - 4.15.0-1176.191~14.04.1 linux-buildinfo-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-cloud-tools-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-headers-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-image-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-image-unsigned-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-modules-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-modules-extra-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 linux-tools-4.15.0-1176-azure - 4.15.0-1176.191~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1176.191~14.04.1 linux-cloud-tools-azure - 4.15.0.1176.191~14.04.1 linux-headers-azure - 4.15.0.1176.191~14.04.1 linux-image-azure - 4.15.0.1176.191~14.04.1 linux-modules-extra-azure - 4.15.0.1176.191~14.04.1 linux-signed-azure - 4.15.0.1176.191~14.04.1 linux-signed-image-azure - 4.15.0.1176.191~14.04.1 linux-tools-azure - 4.15.0.1176.191~14.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1382 CVE-2023-1838 CVE-2023-1998 CVE-2023-24023 CVE-2023-51043 CVE-2023-51779 CVE-2023-52429 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52600 CVE-2023-52603 CVE-2023-6915 CVE-2024-0639 CVE-2024-23851 Ubuntu 14.04 LTS Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-imaging - 2.3.0-1ubuntu3.4+esm4 python-imaging-compat - 2.3.0-1ubuntu3.4+esm4 python-imaging-doc - 2.3.0-1ubuntu3.4+esm4 python-imaging-sane - 2.3.0-1ubuntu3.4+esm4 python-imaging-tk - 2.3.0-1ubuntu3.4+esm4 python-pil - 2.3.0-1ubuntu3.4+esm4 python-pil-doc - 2.3.0-1ubuntu3.4+esm4 python-pil.imagetk - 2.3.0-1ubuntu3.4+esm4 python-sane - 2.3.0-1ubuntu3.4+esm4 python3-imaging - 2.3.0-1ubuntu3.4+esm4 python3-imaging-sane - 2.3.0-1ubuntu3.4+esm4 python3-imaging-tk - 2.3.0-1ubuntu3.4+esm4 python3-pil - 2.3.0-1ubuntu3.4+esm4 python3-pil.imagetk - 2.3.0-1ubuntu3.4+esm4 python3-sane - 2.3.0-1ubuntu3.4+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-28219 Ubuntu 14.04 LTS It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting (XSS) attacks. (CVE-2022-35229, CVE-2022-35230) Update Instructions: Run `sudo pro fix USN-6751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zabbix-agent - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-frontend-php - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-java-gateway - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-proxy-mysql - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-proxy-pgsql - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-proxy-sqlite3 - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-server-mysql - 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-server-pgsql - 1:2.2.2+dfsg-1ubuntu1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-35229 CVE-2022-35230 Ubuntu 14.04 LTS It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-6756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: less - 458-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-32487 Ubuntu 14.04 LTS George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service (application crash). Update Instructions: Run `sudo pro fix USN-6760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gerbv - 2.6.0-1ubuntu0.14.04.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-4508 Ubuntu 14.04 LTS It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984) It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-20109) It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-11236) It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999) Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-2961) Update Instructions: Run `sudo pro fix USN-6762-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: eglibc-source - 2.19-0ubuntu6.15+esm3 glibc-doc - 2.19-0ubuntu6.15+esm3 libc-bin - 2.19-0ubuntu6.15+esm3 libc-dev-bin - 2.19-0ubuntu6.15+esm3 libc6 - 2.19-0ubuntu6.15+esm3 libc6-amd64 - 2.19-0ubuntu6.15+esm3 libc6-armel - 2.19-0ubuntu6.15+esm3 libc6-dev - 2.19-0ubuntu6.15+esm3 libc6-dev-amd64 - 2.19-0ubuntu6.15+esm3 libc6-dev-armel - 2.19-0ubuntu6.15+esm3 libc6-dev-i386 - 2.19-0ubuntu6.15+esm3 libc6-dev-x32 - 2.19-0ubuntu6.15+esm3 libc6-i386 - 2.19-0ubuntu6.15+esm3 libc6-pic - 2.19-0ubuntu6.15+esm3 libc6-prof - 2.19-0ubuntu6.15+esm3 libc6-x32 - 2.19-0ubuntu6.15+esm3 multiarch-support - 2.19-0ubuntu6.15+esm3 nscd - 2.19-0ubuntu6.15+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-9984 CVE-2015-20109 CVE-2018-11236 CVE-2021-3999 CVE-2024-2961 https://launchpad.net/bugs/2063328 Ubuntu 14.04 LTS Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). (CVE-2013-1798) It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016) Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 65 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 65 Livepatch subscription required Medium CVE-2013-1798 CVE-2020-8428 CVE-2019-3016 Ubuntu 14.04 LTS It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. (CVE-2020-8647) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. (CVE-2020-8649) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 66 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 66 Livepatch subscription required Medium CVE-2020-8649 CVE-2020-8648 CVE-2020-8647 Ubuntu 14.04 LTS It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. (CVE-2020-8647) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. (CVE-2020-8649) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 68 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 68 Livepatch subscription required Medium CVE-2020-8649 CVE-2020-11494 CVE-2020-12114 CVE-2020-8648 CVE-2020-8647 CVE-2020-0543 Ubuntu 14.04 LTS Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 70 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 70 Livepatch subscription required Medium CVE-2020-11935 Ubuntu 14.04 LTS It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14386) Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 72 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 72 Livepatch subscription required High CVE-2020-11935 CVE-2020-0067 CVE-2020-12114 CVE-2020-16120 CVE-2020-11494 CVE-2020-14386 CVE-2020-16119 Ubuntu 14.04 LTS Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-0427) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 74 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 74 Livepatch subscription required High CVE-2020-28374 CVE-2020-12352 CVE-2020-25645 CVE-2020-0427 Ubuntu 14.04 LTS It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges.(CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2021-29154) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 76 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 76 Livepatch subscription required High CVE-2021-29154 CVE-2021-3493 Ubuntu 14.04 LTS It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.(CVE-2021-3600) It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2021-33909) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 79 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 79 Livepatch subscription required High CVE-2021-3600 CVE-2021-33909 Ubuntu 14.04 LTS Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2021-22555) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 80 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 80 Livepatch subscription required High CVE-2021-22555 Ubuntu 14.04 LTS Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.(CVE-2021-3653) Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory.(CVE-2021-3656) Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2021-22555) It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2021-33909) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 81 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 81 Livepatch subscription required High CVE-2021-3653 CVE-2021-22555 CVE-2021-3656 CVE-2021-33909 Ubuntu 14.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.(CVE-2022-0492) Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2022-25636) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 85 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 85 Livepatch subscription required High CVE-2022-0492 CVE-2022-25636 Ubuntu 14.04 LTS It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2021-39713) Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.(CVE-2022-0492) It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-1055) Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116) It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499) Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-29581) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.(CVE-2022-30594) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 86 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 86 Livepatch subscription required High CVE-2022-1055 CVE-2022-0492 CVE-2022-30594 CVE-2022-1116 CVE-2022-21499 CVE-2021-39713 CVE-2022-29581 Ubuntu 14.04 LTS Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1966) Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.(CVE-2022-1972) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 87 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 87 Livepatch subscription required None Ubuntu 14.04 LTS Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.(CVE-2022-1972) It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2585) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2586) Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2588) It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499) Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-29581) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations.(CVE-2022-34918) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 89 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 89 Livepatch subscription required High CVE-2022-2586 CVE-2022-2585 CVE-2022-29581 CVE-2022-2588 CVE-2022-34918 CVE-2022-21499 Ubuntu 14.04 LTS It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information.(CVE-2023-1380) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash).(CVE-2023-30456) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-31248) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-31436) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35001) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 96 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 96 Livepatch subscription required High CVE-2023-31436 CVE-2023-35001 CVE-2023-30456 CVE-2023-31248 CVE-2023-1380 Ubuntu 14.04 LTS It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3090) Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3389) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3390) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-31248) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.(CVE-2023-32629) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35001) Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35788) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 97 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 97 Livepatch subscription required High CVE-2023-31248 CVE-2023-32629 CVE-2023-3090 CVE-2023-3390 CVE-2023-35788 CVE-2023-35001 CVE-2023-3389 Ubuntu 14.04 LTS It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3090) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).(CVE-2023-3567) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3609) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-4004) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4128) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-21400) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-40283) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 98 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 98 Livepatch subscription required High CVE-2023-3776 CVE-2023-3609 CVE-2023-21400 CVE-2023-4004 CVE-2023-3777 CVE-2023-40283 CVE-2023-3090 CVE-2023-3567 Ubuntu 14.04 LTS It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability).(CVE-2022-3643) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).(CVE-2023-3567) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3609) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-4004) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash).(CVE-2023-4881) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle removal of rules from chain bindings in certain circumstances, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-5197) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-31436) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code.(CVE-2023-34319) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-40283) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-42753) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 99 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 99 Livepatch subscription required High CVE-2023-42752 CVE-2023-3777 CVE-2023-3609 CVE-2023-42753 CVE-2023-4623 CVE-2023-3567 CVE-2023-40283 CVE-2023-5197 CVE-2023-3776 CVE-2023-4622 CVE-2023-4004 CVE-2023-34319 CVE-2022-3643 CVE-2023-31436 Ubuntu 14.04 LTS It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-5345) Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2023-6040) It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6176) Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6932) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 100 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 100 Livepatch subscription required High CVE-2023-6817 CVE-2023-6040 CVE-2023-6932 CVE-2023-6176 CVE-2023-5345 Ubuntu 14.04 LTS Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6932) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion).(CVE-2023-7192) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly check deactivated elements in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193) Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0646) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 101 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 101 Livepatch subscription required High CVE-2023-6817 CVE-2023-6932 CVE-2023-7192 CVE-2024-0193 CVE-2024-0646 Ubuntu 14.04 LTS It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-1872) Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory).(CVE-2023-4569) It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6176) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-51781) Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0646) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086) To check your kernel type and Livepatch version, enter this command: canonical-livepatch status lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) - 102 lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) - 102 Livepatch subscription required High CVE-2023-6176 CVE-2023-4569 CVE-2024-0646 CVE-2024-1086 CVE-2023-51781 CVE-2023-1872 /etc/lsb-release ^[\s\S]*DISTRIB_CODENAME=([a-z]+)$ 1 oval:com.ubuntu.trusty:var:220410000000 oval:com.ubuntu.trusty:var:222610000000 oval:com.ubuntu.trusty:var:224010000000 oval:com.ubuntu.trusty:var:227410000000 oval:com.ubuntu.trusty:var:229010000000 oval:com.ubuntu.trusty:var:231410000000 oval:com.ubuntu.trusty:var:231810000000 oval:com.ubuntu.trusty:var:233710000000 oval:com.ubuntu.trusty:var:235910000000 oval:com.ubuntu.trusty:var:237910000000 oval:com.ubuntu.trusty:var:239510000000 oval:com.ubuntu.trusty:var:242010000000 oval:com.ubuntu.trusty:var:244610000000 oval:com.ubuntu.trusty:var:244710000000 oval:com.ubuntu.trusty:var:244720000000 oval:com.ubuntu.trusty:var:246610000000 oval:com.ubuntu.trusty:var:246710000000 oval:com.ubuntu.trusty:var:251610000000 oval:com.ubuntu.trusty:var:251620000000 oval:com.ubuntu.trusty:var:251630000000 oval:com.ubuntu.trusty:var:251710000000 oval:com.ubuntu.trusty:var:252810000000 oval:com.ubuntu.trusty:var:252910000000 oval:com.ubuntu.trusty:var:254410000000 oval:com.ubuntu.trusty:var:254510000000 oval:com.ubuntu.trusty:var:256310000000 oval:com.ubuntu.trusty:var:256410000000 oval:com.ubuntu.trusty:var:258810000000 oval:com.ubuntu.trusty:var:258910000000 oval:com.ubuntu.trusty:var:259810000000 oval:com.ubuntu.trusty:var:259820000000 oval:com.ubuntu.trusty:var:259910000000 oval:com.ubuntu.trusty:var:259920000000 oval:com.ubuntu.trusty:var:261410000000 oval:com.ubuntu.trusty:var:261510000000 oval:com.ubuntu.trusty:var:262010000000 oval:com.ubuntu.trusty:var:263410000000 oval:com.ubuntu.trusty:var:263510000000 oval:com.ubuntu.trusty:var:263610000000 oval:com.ubuntu.trusty:var:264310000000 oval:com.ubuntu.trusty:var:264320000000 oval:com.ubuntu.trusty:var:264410000000 oval:com.ubuntu.trusty:var:264420000000 oval:com.ubuntu.trusty:var:264510000000 oval:com.ubuntu.trusty:var:266310000000 oval:com.ubuntu.trusty:var:266410000000 oval:com.ubuntu.trusty:var:266510000000 oval:com.ubuntu.trusty:var:268110000000 oval:com.ubuntu.trusty:var:268210000000 oval:com.ubuntu.trusty:var:268310000000 oval:com.ubuntu.trusty:var:268810000000 oval:com.ubuntu.trusty:var:268910000000 oval:com.ubuntu.trusty:var:269010000000 oval:com.ubuntu.trusty:var:270010000000 oval:com.ubuntu.trusty:var:271610000000 oval:com.ubuntu.trusty:var:271710000000 oval:com.ubuntu.trusty:var:271810000000 oval:com.ubuntu.trusty:var:273410000000 oval:com.ubuntu.trusty:var:273710000000 oval:com.ubuntu.trusty:var:274810000000 oval:com.ubuntu.trusty:var:275010000000 oval:com.ubuntu.trusty:var:275110000000 oval:com.ubuntu.trusty:var:276110000000 oval:com.ubuntu.trusty:var:276410000000 oval:com.ubuntu.trusty:var:276510000000 oval:com.ubuntu.trusty:var:277610000000 oval:com.ubuntu.trusty:var:277710000000 oval:com.ubuntu.trusty:var:277810000000 oval:com.ubuntu.trusty:var:279410000000 oval:com.ubuntu.trusty:var:279710000000 oval:com.ubuntu.trusty:var:279810000000 oval:com.ubuntu.trusty:var:280110000000 oval:com.ubuntu.trusty:var:280510000000 oval:com.ubuntu.trusty:var:280610000000 oval:com.ubuntu.trusty:var:280710000000 oval:com.ubuntu.trusty:var:282310000000 oval:com.ubuntu.trusty:var:282410000000 oval:com.ubuntu.trusty:var:282920000000 oval:com.ubuntu.trusty:var:284110000000 oval:com.ubuntu.trusty:var:284220000000 oval:com.ubuntu.trusty:var:284320000000 oval:com.ubuntu.trusty:var:284410000000 oval:com.ubuntu.trusty:var:284810000000 oval:com.ubuntu.trusty:var:284910000000 oval:com.ubuntu.trusty:var:285310000000 oval:com.ubuntu.trusty:var:285410000000 oval:com.ubuntu.trusty:var:285720000000 oval:com.ubuntu.trusty:var:285820000000 oval:com.ubuntu.trusty:var:287010000000 oval:com.ubuntu.trusty:var:287120000000 oval:com.ubuntu.trusty:var:287220000000 oval:com.ubuntu.trusty:var:287310000000 oval:com.ubuntu.trusty:var:288710000000 oval:com.ubuntu.trusty:var:288810000000 oval:com.ubuntu.trusty:var:288920000000 oval:com.ubuntu.trusty:var:289020000000 oval:com.ubuntu.trusty:var:290710000000 oval:com.ubuntu.trusty:var:290820000000 oval:com.ubuntu.trusty:var:290850000000 oval:com.ubuntu.trusty:var:290910000000 oval:com.ubuntu.trusty:var:290920000000 oval:com.ubuntu.trusty:var:291010000000 oval:com.ubuntu.trusty:var:291020000000 oval:com.ubuntu.trusty:var:292910000000 oval:com.ubuntu.trusty:var:293020000000 oval:com.ubuntu.trusty:var:293110000000 oval:com.ubuntu.trusty:var:293210000000 oval:com.ubuntu.trusty:var:294610000000 oval:com.ubuntu.trusty:var:294720000000 oval:com.ubuntu.trusty:var:294810000000 oval:com.ubuntu.trusty:var:294820000000 oval:com.ubuntu.trusty:var:294910000000 oval:com.ubuntu.trusty:var:296520000000 oval:com.ubuntu.trusty:var:296810000000 oval:com.ubuntu.trusty:var:296910000000 oval:com.ubuntu.trusty:var:297010000000 oval:com.ubuntu.trusty:var:297120000000 oval:com.ubuntu.trusty:var:297510000000 oval:com.ubuntu.trusty:var:297610000000 oval:com.ubuntu.trusty:var:297710000000 oval:com.ubuntu.trusty:var:297820000000 oval:com.ubuntu.trusty:var:297920000000 oval:com.ubuntu.trusty:var:298910000000 oval:com.ubuntu.trusty:var:299910000000 oval:com.ubuntu.trusty:var:300010000000 oval:com.ubuntu.trusty:var:300110000000 oval:com.ubuntu.trusty:var:300210000000 oval:com.ubuntu.trusty:var:300510000000 oval:com.ubuntu.trusty:var:301640000000 oval:com.ubuntu.trusty:var:301730000000 oval:com.ubuntu.trusty:var:301810000000 oval:com.ubuntu.trusty:var:301910000000 oval:com.ubuntu.trusty:var:302010000000 oval:com.ubuntu.trusty:var:303410000000 oval:com.ubuntu.trusty:var:303530000000 oval:com.ubuntu.trusty:var:303610000000 oval:com.ubuntu.trusty:var:303710000000 oval:com.ubuntu.trusty:var:305210000000 oval:com.ubuntu.trusty:var:305310000000 oval:com.ubuntu.trusty:var:305410000000 oval:com.ubuntu.trusty:var:307040000000 oval:com.ubuntu.trusty:var:307110000000 oval:com.ubuntu.trusty:var:308310000000 oval:com.ubuntu.trusty:var:308420000000 oval:com.ubuntu.trusty:var:309810000000 oval:com.ubuntu.trusty:var:309920000000 oval:com.ubuntu.trusty:var:310510000000 oval:com.ubuntu.trusty:var:310620000000 oval:com.ubuntu.trusty:var:312710000000 oval:com.ubuntu.trusty:var:312820000000 oval:com.ubuntu.trusty:var:314510000000 oval:com.ubuntu.trusty:var:314620000000 oval:com.ubuntu.trusty:var:314910000000 oval:com.ubuntu.trusty:var:315120000000 oval:com.ubuntu.trusty:var:316010000000 oval:com.ubuntu.trusty:var:316120000000 oval:com.ubuntu.trusty:var:316810000000 oval:com.ubuntu.trusty:var:316920000000 oval:com.ubuntu.trusty:var:318810000000 oval:com.ubuntu.trusty:var:318920000000 oval:com.ubuntu.trusty:var:320710000000 oval:com.ubuntu.trusty:var:320820000000 oval:com.ubuntu.trusty:var:321910000000 oval:com.ubuntu.trusty:var:322020000000 oval:com.ubuntu.trusty:var:323420000000 oval:com.ubuntu.trusty:var:324920000000 oval:com.ubuntu.trusty:var:325010000000 oval:com.ubuntu.trusty:var:325610000000 oval:com.ubuntu.trusty:var:325620000000 oval:com.ubuntu.trusty:var:326410000000 oval:com.ubuntu.trusty:var:326520000000 oval:com.ubuntu.trusty:var:329010000000 oval:com.ubuntu.trusty:var:329130000000 oval:com.ubuntu.trusty:var:331220000000 oval:com.ubuntu.trusty:var:333410000000 oval:com.ubuntu.trusty:var:333510000000 oval:com.ubuntu.trusty:var:334310000000 oval:com.ubuntu.trusty:var:334420000000 oval:com.ubuntu.trusty:var:336010000000 oval:com.ubuntu.trusty:var:336420000000 oval:com.ubuntu.trusty:var:337820000000 oval:com.ubuntu.trusty:var:338110000000 oval:com.ubuntu.trusty:var:338520000000 oval:com.ubuntu.trusty:var:338610000000 oval:com.ubuntu.trusty:var:339220000000 oval:com.ubuntu.trusty:var:340520000000 oval:com.ubuntu.trusty:var:340610000000 oval:com.ubuntu.trusty:var:342020000000 oval:com.ubuntu.trusty:var:342210000000 oval:com.ubuntu.trusty:var:344420000000 oval:com.ubuntu.trusty:var:344510000000 oval:com.ubuntu.trusty:var:346920000000 oval:com.ubuntu.trusty:var:347010000000 oval:com.ubuntu.trusty:var:348520000000 oval:com.ubuntu.trusty:var:348530000000 oval:com.ubuntu.trusty:var:350920000000 oval:com.ubuntu.trusty:var:350920000020 oval:com.ubuntu.trusty:var:350940000000 oval:com.ubuntu.trusty:var:350940000020 oval:com.ubuntu.trusty:var:351010000000 oval:com.ubuntu.trusty:var:352220000000 oval:com.ubuntu.trusty:var:352220000020 oval:com.ubuntu.trusty:var:352240000000 oval:com.ubuntu.trusty:var:352410000000 oval:com.ubuntu.trusty:var:354020000000 oval:com.ubuntu.trusty:var:354020000020 oval:com.ubuntu.trusty:var:354210000000 oval:com.ubuntu.trusty:var:358220000000 oval:com.ubuntu.trusty:var:358220000020 oval:com.ubuntu.trusty:var:358310000000 oval:com.ubuntu.trusty:var:359410000000 oval:com.ubuntu.trusty:var:361920000000 oval:com.ubuntu.trusty:var:361920000020 oval:com.ubuntu.trusty:var:362010000000 oval:com.ubuntu.trusty:var:363120000000 oval:com.ubuntu.trusty:var:363120000020 oval:com.ubuntu.trusty:var:364110000000 oval:com.ubuntu.trusty:var:364110000020 oval:com.ubuntu.trusty:var:364110000040 oval:com.ubuntu.trusty:var:365420000000 oval:com.ubuntu.trusty:var:365420000020 oval:com.ubuntu.trusty:var:365510000000 oval:com.ubuntu.trusty:var:367410000000 oval:com.ubuntu.trusty:var:367620000000 oval:com.ubuntu.trusty:var:367620000020 oval:com.ubuntu.trusty:var:369620000000 oval:com.ubuntu.trusty:var:369620000020 oval:com.ubuntu.trusty:var:369810000000 oval:com.ubuntu.trusty:var:374120000000 oval:com.ubuntu.trusty:var:374120000020 oval:com.ubuntu.trusty:var:374130000000 oval:com.ubuntu.trusty:var:374210000000 oval:com.ubuntu.trusty:var:375320000000 oval:com.ubuntu.trusty:var:375320000020 oval:com.ubuntu.trusty:var:375410000000 oval:com.ubuntu.trusty:var:377510000000 oval:com.ubuntu.trusty:var:377620000000 oval:com.ubuntu.trusty:var:377620000020 oval:com.ubuntu.trusty:var:379720000000 oval:com.ubuntu.trusty:var:379720000020 oval:com.ubuntu.trusty:var:379810000000 oval:com.ubuntu.trusty:var:382030000000 oval:com.ubuntu.trusty:var:382120000000 oval:com.ubuntu.trusty:var:382120000020 oval:com.ubuntu.trusty:var:382210000000 oval:com.ubuntu.trusty:var:384730000000 oval:com.ubuntu.trusty:var:384820000000 oval:com.ubuntu.trusty:var:384820000020 oval:com.ubuntu.trusty:var:384910000000 oval:com.ubuntu.trusty:var:387150000000 oval:com.ubuntu.trusty:var:387920000000 oval:com.ubuntu.trusty:var:387920000020 oval:com.ubuntu.trusty:var:388010000000 oval:com.ubuntu.trusty:var:390120000000 oval:com.ubuntu.trusty:var:390810000000 oval:com.ubuntu.trusty:var:391020000000 oval:com.ubuntu.trusty:var:391020000020 oval:com.ubuntu.trusty:var:393120000000 oval:com.ubuntu.trusty:var:393220000000 oval:com.ubuntu.trusty:var:393220000020 oval:com.ubuntu.trusty:var:393310000000 oval:com.ubuntu.trusty:var:398120000000 oval:com.ubuntu.trusty:var:398220000000 oval:com.ubuntu.trusty:var:398310000000 oval:com.ubuntu.trusty:var:400830000000 oval:com.ubuntu.trusty:var:400830000020 oval:com.ubuntu.trusty:var:401720000000 oval:com.ubuntu.trusty:var:401720000020 oval:com.ubuntu.trusty:var:401720000040 oval:com.ubuntu.trusty:var:401720000060 oval:com.ubuntu.trusty:var:404120000000 oval:com.ubuntu.trusty:var:404120000020 oval:com.ubuntu.trusty:var:404120000040 oval:com.ubuntu.trusty:var:409520000000 oval:com.ubuntu.trusty:var:409520000020 oval:com.ubuntu.trusty:var:413520000000 oval:com.ubuntu.trusty:var:413520000020 oval:com.ubuntu.trusty:var:413520000040 oval:com.ubuntu.trusty:var:413520000060 oval:com.ubuntu.trusty:var:416220000000 oval:com.ubuntu.trusty:var:416320000000 oval:com.ubuntu.trusty:var:416320000020 oval:com.ubuntu.trusty:var:418520000000 oval:com.ubuntu.trusty:var:418620000000 oval:com.ubuntu.trusty:var:418620000020 oval:com.ubuntu.trusty:var:418710000000 oval:com.ubuntu.trusty:var:421120000000 oval:com.ubuntu.trusty:var:421120000020 oval:com.ubuntu.trusty:var:422720000000 oval:com.ubuntu.trusty:var:422820000000 oval:com.ubuntu.trusty:var:422820000020 oval:com.ubuntu.trusty:var:425420000000 oval:com.ubuntu.trusty:var:425420000020 oval:com.ubuntu.trusty:var:428620000000 oval:com.ubuntu.trusty:var:428620000020 oval:com.ubuntu.trusty:var:428720000000 oval:com.ubuntu.trusty:var:430210000000 oval:com.ubuntu.trusty:var:430320000000 oval:com.ubuntu.trusty:var:430320000020 oval:com.ubuntu.trusty:var:432010000000 oval:com.ubuntu.trusty:var:432010000020 oval:com.ubuntu.trusty:var:432410000000 oval:com.ubuntu.trusty:var:434610000000 oval:com.ubuntu.trusty:var:434610000020 oval:com.ubuntu.trusty:var:436410000000 oval:com.ubuntu.trusty:var:436410000020 oval:com.ubuntu.trusty:var:436410000040 oval:com.ubuntu.trusty:var:439010000000 oval:com.ubuntu.trusty:var:439110000000 oval:com.ubuntu.trusty:var:439110000020 oval:com.ubuntu.trusty:var:439210000000 oval:com.ubuntu.trusty:var:441410000000 oval:com.ubuntu.trusty:var:441910000000 oval:com.ubuntu.trusty:var:441910000020 oval:com.ubuntu.trusty:var:442710000000 oval:com.ubuntu.trusty:var:442710000020 oval:com.ubuntu.trusty:var:446310000000 oval:com.ubuntu.trusty:var:446310000020 oval:com.ubuntu.trusty:var:448510000000 oval:com.ubuntu.trusty:var:448610000000 oval:com.ubuntu.trusty:var:448610000020 oval:com.ubuntu.trusty:var:448910000000 oval:com.ubuntu.trusty:var:452610000000 oval:com.ubuntu.trusty:var:452710000000 oval:com.ubuntu.trusty:var:452710000020 oval:com.ubuntu.trusty:var:457810000000 oval:com.ubuntu.trusty:var:457910000000 oval:com.ubuntu.trusty:var:457910000020 oval:com.ubuntu.trusty:var:458010000000 oval:com.ubuntu.trusty:var:462710000000 oval:com.ubuntu.trusty:var:462710000020 oval:com.ubuntu.trusty:var:465710000000 oval:com.ubuntu.trusty:var:465710000020 oval:com.ubuntu.trusty:var:466010000000 oval:com.ubuntu.trusty:var:468010000000 oval:com.ubuntu.trusty:var:468110000000 oval:com.ubuntu.trusty:var:468110000020 oval:com.ubuntu.trusty:var:469410000000 oval:com.ubuntu.trusty:var:470810000000 oval:com.ubuntu.trusty:var:470910000000 oval:com.ubuntu.trusty:var:471110000000 oval:com.ubuntu.trusty:var:471320000000 oval:com.ubuntu.trusty:var:474810000000 oval:com.ubuntu.trusty:var:474810000020 oval:com.ubuntu.trusty:var:474910000000 oval:com.ubuntu.trusty:var:487610000000 oval:com.ubuntu.trusty:var:487610000020 oval:com.ubuntu.trusty:var:487710000000 oval:com.ubuntu.trusty:var:488310000000 oval:com.ubuntu.trusty:var:488310000020 oval:com.ubuntu.trusty:var:488910000000 oval:com.ubuntu.trusty:var:488910000020 oval:com.ubuntu.trusty:var:489010000000 oval:com.ubuntu.trusty:var:490410000000 oval:com.ubuntu.trusty:var:490410000020 oval:com.ubuntu.trusty:var:490710000000 oval:com.ubuntu.trusty:var:491610000000 oval:com.ubuntu.trusty:var:491610000020 oval:com.ubuntu.trusty:var:491610000040 oval:com.ubuntu.trusty:var:491620000000 oval:com.ubuntu.trusty:var:491620000020 oval:com.ubuntu.trusty:var:494610000000 oval:com.ubuntu.trusty:var:497910000000 oval:com.ubuntu.trusty:var:500310000000 oval:com.ubuntu.trusty:var:501410000000 oval:com.ubuntu.trusty:var:501410000020 oval:com.ubuntu.trusty:var:501410000040 oval:com.ubuntu.trusty:var:501810000000 oval:com.ubuntu.trusty:var:503910000000 oval:com.ubuntu.trusty:var:503910000020 oval:com.ubuntu.trusty:var:503910000040 oval:com.ubuntu.trusty:var:504410000000 oval:com.ubuntu.trusty:var:506210000000 oval:com.ubuntu.trusty:var:506210000020 oval:com.ubuntu.trusty:var:507310000000 oval:com.ubuntu.trusty:var:509410000000 oval:com.ubuntu.trusty:var:511410000000 oval:com.ubuntu.trusty:var:513010000000 oval:com.ubuntu.trusty:var:513610000000 oval:com.ubuntu.trusty:var:516410000000 oval:com.ubuntu.trusty:var:520910000000 oval:com.ubuntu.trusty:var:521110000000 oval:com.ubuntu.trusty:var:521110000020 oval:com.ubuntu.trusty:var:521110000040 oval:com.ubuntu.trusty:var:526810000000 oval:com.ubuntu.trusty:var:529810000000 oval:com.ubuntu.trusty:var:529910000000 oval:com.ubuntu.trusty:var:529910000020 oval:com.ubuntu.trusty:var:531910000000 oval:com.ubuntu.trusty:var:531910000020 oval:com.ubuntu.trusty:var:531910000040 oval:com.ubuntu.trusty:var:533910000000 oval:com.ubuntu.trusty:var:534310000000 oval:com.ubuntu.trusty:var:534310000020 oval:com.ubuntu.trusty:var:535720000000 oval:com.ubuntu.trusty:var:536110000000 oval:com.ubuntu.trusty:var:536110000020 oval:com.ubuntu.trusty:var:538510000000 oval:com.ubuntu.trusty:var:541310000000 oval:com.ubuntu.trusty:var:541810000000 oval:com.ubuntu.trusty:var:544310000000 oval:com.ubuntu.trusty:var:546510000000 oval:com.ubuntu.trusty:var:546510000020 oval:com.ubuntu.trusty:var:546610000000 oval:com.ubuntu.trusty:var:548410000000 oval:com.ubuntu.trusty:var:548510000000 oval:com.ubuntu.trusty:var:550510000000 oval:com.ubuntu.trusty:var:551310000000 oval:com.ubuntu.trusty:var:551510000000 oval:com.ubuntu.trusty:var:554010000000 oval:com.ubuntu.trusty:var:554010000020 oval:com.ubuntu.trusty:var:555710000000 oval:com.ubuntu.trusty:var:555710000020 oval:com.ubuntu.trusty:var:556020000000 oval:com.ubuntu.trusty:var:557220000000 oval:com.ubuntu.trusty:var:557910000000 oval:com.ubuntu.trusty:var:558810000000 oval:com.ubuntu.trusty:var:559110000000 oval:com.ubuntu.trusty:var:565010000000 oval:com.ubuntu.trusty:var:565010000020 oval:com.ubuntu.trusty:var:565210000000 oval:com.ubuntu.trusty:var:568410000000 oval:com.ubuntu.trusty:var:575810000000 oval:com.ubuntu.trusty:var:575810000020 oval:com.ubuntu.trusty:var:577410000000 oval:com.ubuntu.trusty:var:579010000000 oval:com.ubuntu.trusty:var:580210000000 oval:com.ubuntu.trusty:var:580210000020 oval:com.ubuntu.trusty:var:580410000000 oval:com.ubuntu.trusty:var:591610000000 oval:com.ubuntu.trusty:var:592410000000 oval:com.ubuntu.trusty:var:592410000020 oval:com.ubuntu.trusty:var:592610000000 oval:com.ubuntu.trusty:var:592610000020 oval:com.ubuntu.trusty:var:601310000000 oval:com.ubuntu.trusty:var:601410000000 oval:com.ubuntu.trusty:var:602910000000 oval:com.ubuntu.trusty:var:604510000000 oval:com.ubuntu.trusty:var:604510000020 oval:com.ubuntu.trusty:var:604710000000 oval:com.ubuntu.trusty:var:609210000000 oval:com.ubuntu.trusty:var:613010000000 oval:com.ubuntu.trusty:var:614910000000 oval:com.ubuntu.trusty:var:614910000020 oval:com.ubuntu.trusty:var:621110000000 oval:com.ubuntu.trusty:var:622110000000 oval:com.ubuntu.trusty:var:622110000020 oval:com.ubuntu.trusty:var:625210000000 oval:com.ubuntu.trusty:var:625410000000 oval:com.ubuntu.trusty:var:625410000020 oval:com.ubuntu.trusty:var:630910000000 oval:com.ubuntu.trusty:var:630910000020 oval:com.ubuntu.trusty:var:634110000000 oval:com.ubuntu.trusty:var:634220000000 oval:com.ubuntu.trusty:var:638810000000 oval:com.ubuntu.trusty:var:638810000020 oval:com.ubuntu.trusty:var:639630000000 oval:com.ubuntu.trusty:var:643910000000 oval:com.ubuntu.trusty:var:643920000000 oval:com.ubuntu.trusty:var:644020000000 oval:com.ubuntu.trusty:var:646010000000 oval:com.ubuntu.trusty:var:649420000000 oval:com.ubuntu.trusty:var:653210000000 oval:com.ubuntu.trusty:var:653210000020 oval:com.ubuntu.trusty:var:660110000000 oval:com.ubuntu.trusty:var:660210000000 oval:com.ubuntu.trusty:var:660210000020 oval:com.ubuntu.trusty:var:660420000000 oval:com.ubuntu.trusty:var:664510000000 oval:com.ubuntu.trusty:var:664610000000 oval:com.ubuntu.trusty:var:664610000020 oval:com.ubuntu.trusty:var:664720000000 oval:com.ubuntu.trusty:var:669910000000 oval:com.ubuntu.trusty:var:670010000000 oval:com.ubuntu.trusty:var:670010000020 oval:com.ubuntu.trusty:var:670140000000 oval:com.ubuntu.trusty:var:673910000000 oval:com.ubuntu.trusty:var:673910000020 oval:com.ubuntu.trusty:var:674010000000 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 /snap/bin/canonical-livepatch /proc/modules 1 unix trusty 0:1.6.1-2ubuntu0.1 0:1.6.1-2ubuntu0.2 0:5.5.37-0ubuntu0.14.04.1 0:3.1.0-2ubuntu0.1 0:2.0.0~rc1+dfsg-0ubuntu3.1 0:1.17.5ubuntu5.1 0:1.17.5ubuntu5.2 0:7.2.0+14.04.20140423-0ubuntu1.1 0:7.2.0+14.04.20140423-0ubuntu1.2 0:29.0+build1-0ubuntu0.14.04.2 0:7u55-2.4.7-1ubuntu1 0:0.158-0ubuntu5.1 1:24.5.0+build1-0ubuntu0.14.04.1 0:2.0-2ubuntu4.1 0:1.0.1f-1ubuntu2.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-24 0:4.0.3-7ubuntu0.1 0:1.0.52-0ubuntu1.1 1:1.4.7-1ubuntu0.1 0:1.6.1-2ubuntu0.3 1:2.2.9-1ubuntu2.1 0:2.9.1+dfsg1-3ubuntu4.1 0:2.9.1+dfsg1-3ubuntu4.2 0:2.9.1+dfsg1-3ubuntu4.3 1:2.10.9-0ubuntu3.1 0:3.3.3-1ubuntu0.1 0:3.4-4ubuntu2.1.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-27 0:2.12.23-12ubuntu2.1 0:3.0.11+really2.12.23-12ubuntu2.1 0:0.49-4.1ubuntu1.14.04.1 0:1.0.1f-1ubuntu2.2 0:1.0.1f-1ubuntu2.3 0:1.0.1f-1ubuntu2.4 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-29 0:1.17.5ubuntu5.3 0:30.0+build1-0ubuntu0.14.04.3 0:0.11-3ubuntu1.2 0:1.0.1ubuntu2.1 1:2014.1-0ubuntu1.2 1:2014.1-0ubuntu1.1 0:2014.1-0ubuntu1.1 1:24.6.0+build1-0ubuntu0.14.04.1 0:1.0.2+LibO4.2.4-0ubuntu2 0:1.1.2+LibO4.2.4-0ubuntu2 1:4.2.4-0ubuntu2 2:1.0+LibO4.2.4-0ubuntu2 2:102.6+LibO4.2.4-0ubuntu2 0:4.2.4-0ubuntu2 0:5.5.9+dfsg-1ubuntu4.1 0:5.5.9+dfsg-1ubuntu4.2 1:2014.1-0ubuntu1.3 0:1.13.1-0ubuntu1.1 2:4.1.6+dfsg-1ubuntu2.14.04.2 0:1.4.16-1ubuntu2.1 0:2.0.22-3ubuntu1.1 2:4.10.2-1ubuntu1.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-30 0:1.6.18-0ubuntu4.1 0:5.5.9+dfsg-1ubuntu4.3 1:5.14-2ubuntu3.1 0:2.82-1.1ubuntu3.1 0:1.6-3ubuntu2.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-32 0:5.5.38-0ubuntu0.14.04.1 0:6.04-2ubuntu0.1 0:1.7.2-0ubuntu1.1 0:3.4-3ubuntu0.1 0:31.0+build1-0ubuntu0.14.04.1 1:31.0+build1-0ubuntu0.14.04.1 0:1.0.4-0ubuntu0.14.04.1 1:2.4.7-1ubuntu4.1 0:2.4.7-1ubuntu4.1 0:2.06-1.2ubuntu1.1 0:7.0.52-1ubuntu0.1 0:7.2.2+14.04.20140714-0ubuntu1.1 4:4.13.2a-0ubuntu0.3 2:4.1.6+dfsg-1ubuntu2.14.04.3 0:2.19-0ubuntu6.1 0:1.4.3-0.1ubuntu5.1 0:1.0.1f-1ubuntu2.5 0:1.12+dfsg-2ubuntu4.2 0:0.4.1-0ubuntu1.1 0:2014.1.2-0ubuntu1.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-33 0:1.3.3-1ubuntu0.1 0:1.8.8-1ubuntu3.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-34 0:7u65-2.5.1-4ubuntu1~0.14.04.1 0:7u65-2.5.1-4ubuntu1~0.14.04.2 0:7u65-2.5.2-3~14.04 0:1.0.5-0ubuntu0.14.04.1 1:2014.1.2-0ubuntu1.1 1:2014.1.2-0ubuntu1.1 1:2014.1.2-0ubuntu1.1 1:2014.1.2.1-0ubuntu1.1 1:2014.1.2-0ubuntu1.1 0:1.1.2-0ubuntu0.14.04.1 0:3.3.8-1ubuntu6.1 0:2.19-0ubuntu6.3 0:32.0+build1-0ubuntu0.14.04.1 1:31.1.1+build1-0ubuntu0.14.04.1 0:1.0.2+LibO4.2.6.3-0ubuntu1 0:1.1.2+LibO4.2.6.3-0ubuntu1 1:4.2.6.3-0ubuntu1 2:1.0+LibO4.2.6.3-0ubuntu1 2:102.6+LibO4.2.6.3-0ubuntu1 0:4.2.6.3-0ubuntu1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-35 0:5.1.5-5ubuntu0.1 0:1.5.3-2ubuntu4.1 0:3.22-21ubuntu0.1 0:1.7.2-0ubuntu1.2 0:2.0.0+dfsg-2ubuntu1.3 2:3.15.4-1ubuntu7.1 0:5.5.9+dfsg-1ubuntu4.4 0:1.2.5-0ubuntu0.14.04.1 0:7.35.0-1ubuntu2.1 0:1.6.1-2ubuntu0.4 0:1.0.1ubuntu2.3 2:3.17-0ubuntu0.14.04.1 0:1.4.6-1ubuntu3.1 0:1.6.18-0ubuntu4.2 0:1.0.1ubuntu2.4.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-36 0:32.0.3+build1-0ubuntu0.14.04.1 1:31.1.2+build1-0ubuntu0.14.04.1 2:3.17.1-0ubuntu0.14.04.1 0:4.3-7ubuntu1.1 0:4.3-7ubuntu1.2 0:4.3-7ubuntu1.3 0:4.3-7ubuntu1.4 0:0.9.9+dfsg-1ubuntu1.1 0:1.2.2-0ubuntu13.1.5 1:5.14-2ubuntu3.2 0:1.0.1ubuntu2.5 1:5.9~svn20110310-7ubuntu0.1 0:33.0+build2-0ubuntu0.14.04.1 1:31.2.0+build2-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-37 0:4.3-7ubuntu1.5 0:7.4.4-1ubuntu2.3 0:2.2.1-1ubuntu0.1 1:2.1-0ubuntu1.1 0:2.1-0ubuntu1.1 0:5.5.40-0ubuntu0.14.04.1 0:1.0.1f-1ubuntu2.7 0:4.7-0ubuntu1.2 0:7u71-2.5.3-0ubuntu0.14.04.1 0:2.9.1+dfsg1-3ubuntu4.4 1:2.10.9-0ubuntu3.2 0:5.5.9+dfsg-1ubuntu4.5 0:1.15-1ubuntu1.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-39 0:1.9.3.484-2ubuntu1.1 0:2.0.0.484-1ubuntu2.1 0:1.0.2+LibO4.2.7-0ubuntu1 0:1.1.2+LibO4.2.7-0ubuntu1 1:4.2.7-0ubuntu1 2:1.0+LibO4.2.7-0ubuntu1 2:102.6+LibO4.2.7-0ubuntu1 0:4.2.7-0ubuntu1 0:7.35.0-1ubuntu2.2 0:1.2.2-0ubuntu13.1.7 1:2014.1.3-0ubuntu1.1 1:2014.1.3-0ubuntu2.1 1:2014.1.3-0ubuntu1.1 1:2014.1.3-0ubuntu1.1 0:2.0.0+dfsg-2ubuntu1.7 0:1.3.4-0ubuntu0.14.04.1 0:1.9.3.484-2ubuntu1.2 0:2.0.0.484-1ubuntu2.2 0:2.8.95~2430-0ubuntu5.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-40 0:3.3.8-1ubuntu6.2 0:0.98.5+addedllvm-0ubuntu0.14.04.1 0:34.0+build2-0ubuntu0.14.04.1 0:1.6.18-0ubuntu4.3 0:1.3.0-2ubuntu0.14.04.1 0:1.3.0-3ubuntu0.14.04.1 1:31.3.0+build1-0ubuntu0.14.04.1 0:2.4.5-5.1ubuntu2.1 0:2.3.2-7ubuntu3.1 0:3.4-4ubuntu2.1.14.04.2 0:1.5.4+bzr2294-0ubuntu1.2 0:2.19-0ubuntu6.4 0:4.5.1-2ubuntu1.1 0:1.900.1-14ubuntu3.1 0:2.36.0-0ubuntu3.1 2:1.15.1-0ubuntu2.4 2:1.15.1-0ubuntu2.5 1:9.9.5.dfsg-3ubuntu0.1 0:304.125-0ubuntu0.0.1 0:331.113-0ubuntu0.0.4 0:2.0.0+dfsg-2ubuntu1.9 0:1.5.21-6.4ubuntu2.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-43 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-28 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-28 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 0:5.1.2-0ubuntu2.2 0:0.24-0ubuntu7.1 2:3.17.1-0ubuntu0.14.04.2 0:3.54ubuntu1.1 0:8.1.2-0.20131005cvs-1ubuntu0.14.04.1 0:2.11+dfsg-1ubuntu1.1 0:35.0+build3-0ubuntu0.14.04.2 0:3.0-0ubuntu0.14.04.1 0:35.0.1+build1-0ubuntu0.14.04.1 0:1.0.1f-1ubuntu2.8 1:31.4.0+build1-0ubuntu0.14.04.1 0:0.1.4-3ubuntu3.1 0:0.41-5ubuntu0.14.04.1 0:3.10-4ubuntu0.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-44 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-29 0:1.6.1-2ubuntu0.6 1:1.9.1-1ubuntu0.1 0:6.0-9ubuntu1.1 0:8.21-1ubuntu5.1 0:7.35.0-1ubuntu2.3 0:3.10.8-0ubuntu1.4 0:1.4.2-0ubuntu0.14.04.1 0:2.0.21-stable-1ubuntu1.14.04.1 0:0.6.1-0ubuntu3.1 0:4.11.1-3ubuntu0.1 0:5.5.41-0ubuntu0.14.04.1 2:4.1.6+dfsg-1ubuntu2.14.04.4 0:0.158-0ubuntu5.2 0:1.900.1-14ubuntu3.2 0:1.4.22-1ubuntu4.14.04.1 0:7u75-2.5.4-1~trusty1 0:0.98.6+dfsg-0ubuntu0.14.04.1 0:6.0-9ubuntu1.2 1:5.14-2ubuntu3.3 0:1.4.3-0ubuntu0.14.04.1 0:2.24-5ubuntu3.1 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 0:1.12+dfsg-2ubuntu5.1 0:9.3.6-0ubuntu0.14.04 2:1.15.1-0ubuntu2.7 2:1.16.0-1ubuntu1.2~trusty2 0:5.5.9+dfsg-1ubuntu4.6 0:6.0-9ubuntu1.3 1:9.9.5.dfsg-3ubuntu0.2 2:3.17.4-0ubuntu0.14.04.1 0:36.0+build2-0ubuntu0.14.04.4 0:36.0.1+build2-0ubuntu0.14.04.1 1:31.5.0+build1-0ubuntu0.14.04.1 0:1.42.9-3ubuntu1.2 0:2.0-1.42.9-3ubuntu1.2 0:2.1-1.42.9-3ubuntu1.2 2:4.1.6+dfsg-1ubuntu2.14.04.7 0:20141019ubuntu0.14.04.1 0:2.5.2-1ubuntu2.4 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-46 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-46 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-46 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-31 0:2.19-0ubuntu6.6 0:1.7.2-0ubuntu1.5 0:1.5.5-0ubuntu0.14.04.3 0:52.1-3ubuntu0.2 1:2.4.7-1ubuntu4.4 0:2.4.7-1ubuntu4.4 0:104-0ubuntu1.14.04.3 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-46 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-31 0:2.2.1-1ubuntu0.2 0:1.0.52-0ubuntu1.4 0:1.8.9p5-1ubuntu1.1 0:5.5.9+dfsg-1ubuntu4.7 1:1.4.7-1ubuntu0.2 0:1.0.1f-1ubuntu2.11 0:36.0.4+build1-0ubuntu0.14.04.1 0:1.6.1-2ubuntu0.8 0:2.12.23-12ubuntu2.2 0:3.0.11+really2.12.23-12ubuntu2.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-48 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-33 0:3.2.8+dfsg-4ubuntu1.1 0:1.7.ubuntu-8ubuntu2.14.04.1 0:3.1.2-7ubuntu2.1 0:37.0+build2-0ubuntu0.14.04.1 0:1.1.2-2ubuntu1.14.04.1 1:31.6.0+build1-0ubuntu0.14.04.1 0:4.0.3-7ubuntu0.2 0:4.0.3-7ubuntu0.3 0:1.4.16-1ubuntu2.3 0:2.0.22-3ubuntu1.3 0:1.5.3-2ubuntu4.2 0:1.5.6-0ubuntu0.14.04.2 0:37.0.1+build1-0ubuntu0.14.04.1 1:2.1.16-2ubuntu0.1 0:3.4-3ubuntu0.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-49 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-34 0:1.17.5ubuntu5.4 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 1:0.9.8-1build0.14.04.1 0:2.14.1-0ubuntu3.9 0:2.14.1-0ubuntu3.10 0:1.6.5-0ubuntu0.14.04.1 0:37.0.2+build1-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.9 0:7u79-2.5.5-0ubuntu0.14.04.2 0:5.5.43-0ubuntu0.14.04.1 0:0.2.56.3ubuntu0.1 1:2.1-0ubuntu1.2 0:2.1-0ubuntu1.2 0:1.0.2+LibO4.2.8-0ubuntu2 0:1.1.2+LibO4.2.8-0ubuntu2 1:4.2.8-0ubuntu2 2:1.0+LibO4.2.8-0ubuntu2 2:102.6+LibO4.2.8-0ubuntu2 0:4.2.8-0ubuntu2 0:4.5.1-2ubuntu1.2 0:0.9.8.8-0ubuntu7.1 0:1.6.6-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-51 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-36 0:7.35.0-1ubuntu2.5 0:2.0108+dfsg-1ubuntu0.1 0:2.68-1ubuntu0.1 0:0.98.7+dfsg-0ubuntu0.14.04.1 0:2.4.5-5.1ubuntu2.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-52 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-52 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-37 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-37 0:38.0+build3-0ubuntu0.14.04.1 1:31.7.0+build1-0ubuntu0.14.04.1 0:3.4-3ubuntu0.3 0:52.1-3ubuntu0.3 0:0.73-1ubuntu0.14.04.1 0:2.0.0+dfsg-2ubuntu1.11 0:2.14.1-0ubuntu3.11 0:1.7.8-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-53 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-38 0:2.9.2-4ubuntu4.14.04.1 0:0.10.1-1ubuntu1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-53 0:9.3.7-0ubuntu0.14.04 0:2.4.31-1+nmu2ubuntu8.1 0:1.0.1f-1ubuntu2.12 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 0:5.2.1+dfsg-1ubuntu14.3 0:1.37-2ubuntu1.1 0:5.1.2-0ubuntu2.3 0:1.7.2-0ubuntu1.6 0:2.0.0+dfsg-2ubuntu1.13 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-54 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-39 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-20 0:1.0.1f-1ubuntu2.15 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-55 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-55 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-41 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-41 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-21 0:1.1.1-1ubuntu5.2 0:2.14.1ubuntu0.1 1:2.1-0ubuntu1.3 0:2.1-0ubuntu1.3 0:2.7.1-4ubuntu2.3 0:1.7.9-0ubuntu0.14.04.1 0:2.7.6-8ubuntu0.2 0:3.4.0-2ubuntu1.1 0:7.0.52-1ubuntu0.3 0:39.0+build5-0ubuntu0.14.04.1 0:0.82.1ubuntu2.3 0:5.5.9+dfsg-1ubuntu4.11 0:1.0.52-0ubuntu1.5 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-57 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-43 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-22 1:9.9.5.dfsg-3ubuntu0.3 0:0.2.8.4-10.3ubuntu1.14.04.1 0:1.6.1-2ubuntu0.9 2:3.19.2-0ubuntu0.14.04.1 1:31.8.0+build1-0ubuntu0.14.04.1 0:5.5.44-0ubuntu0.14.04.1 0:1.0.7-0ubuntu0.2 1:3.7-1ubuntu0.1 0:1.8.4-0ubuntu0.14.04.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-58 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-44 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-23 1:2.4.7-1ubuntu4.5 0:2.4.7-1ubuntu4.5 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-59 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-45 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-25 0:2.0.0+dfsg-2ubuntu1.15 1:9.9.5.dfsg-3ubuntu0.4 1:8.31-2ubuntu2.1 0:20091223cvs-1.2ubuntu1.1 0:7u79-2.5.6-0ubuntu1.14.04.1 0:9.10~dfsg-0ubuntu10.4 0:3.8.2-1ubuntu2.1 0:3.14.3-0ubuntu3.4 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-61 0:40.0+build4-0ubuntu0.14.04.1 0:3.1-0ubuntu0.14.04.1 0:40.0+build4-0ubuntu0.14.04.4 0:1.13.1-0ubuntu1.2 1:0.7.1-ubuntu1.2 0:39.0.3+build2-0ubuntu0.14.04.1 0:4.7-0ubuntu1.3 0:4.7-0ubuntu1.4 1:6.6p1-2ubuntu2.2 1:6.6p1-2ubuntu2.3 0:5.7.2~dfsg-8.1ubuntu3.1 1:38.2.0+build1-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-62 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-46 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-26 0:1.6.1-2ubuntu0.10 0:1.8.8-1ubuntu3.2 0:2.30.7-0ubuntu1.1 0:40.0.3+build1-0ubuntu0.14.04.1 0:2.0.0+dfsg-2ubuntu1.17 0:2.1.0-4ubuntu1.1 1:9.9.5.dfsg-3ubuntu0.5 0:0.7-1ubuntu0.1 0:1.2.1-9ubuntu0.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-63 0:1.9.1-0ubuntu0.14.04.2 0:0.12.4-0nocelt2ubuntu1.1 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-28 0:2.5.2-1ubuntu2.5 0:52.1-3ubuntu0.4 0:14.04.0+14.04.20150825-0ubuntu2 0:2.4.31-1+nmu2ubuntu8.2 0:41.0+build3-0ubuntu0.14.04.1 0:3.2-0ubuntu0.14.04.1 0:0.5-0ubuntu2.14.04.1 0:2.3.6+13.10.20130920.1-0ubuntu1.2 0:3.0.0+14.04.20140416-0ubuntu1.14.04.1 0:41.0.1+build2-0ubuntu0.14.04.1 0:2.14.1-0ubuntu3.15 0:2.0.0+dfsg-2ubuntu1.19 0:0.1.0~bzr341-0ubuntu2.2 0:0.1.0~bzr341-0ubuntu2.3 0:304.128-0ubuntu0.0.1 0:340.93-0ubuntu0.0.1 0:346.96-0ubuntu0.0.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-65 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-50 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-30 0:1.0.7-0ubuntu0.5 0:1.0.7-0ubuntu0.6 0:1.0.7-0ubuntu0.7 1:38.3.0+build1-0ubuntu0.14.04.1 0:0.2.1-2ubuntu2.2 0:1.9.5-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.13 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-65 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-50 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-30 0:0.12.4-0nocelt2ubuntu1.2 0:2.30.7-0ubuntu1.2 0:41.0.2+build2-0ubuntu0.14.04.1 0:3.1-10.2ubuntu0.14.04.1 0:1.10.3-0ubuntu0.14.04.1 0:0.4.21.1ubuntu0.2 0:9.3.10-0ubuntu0.14.04 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-66 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-51 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-31 0:1.6-3ubuntu2.14.04.2 0:5.5.46-0ubuntu0.14.04.2 0:2.14.1-0ubuntu3.18 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 0:7u85-2.6.1-5ubuntu0.14.04.1 0:42.0+build2-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.14 0:0.3.6-2ubuntu0.14.04.1 0:6.0-9ubuntu1.4 0:6.0-9ubuntu1.5 2:4.10.10-0ubuntu0.14.04.1 2:3.19.2.1-0ubuntu0.14.04.1 0:1.0.2+LibO4.2.8-0ubuntu3 0:1.1.2+LibO4.2.8-0ubuntu3 1:4.2.8-0ubuntu3 2:1.0+LibO4.2.8-0ubuntu3 2:102.6+LibO4.2.8-0ubuntu3 0:4.2.8-0ubuntu3 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-67 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-52 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-32 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-68 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-53 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-33 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-18 1:2.1-0ubuntu1.4 0:2.1-0ubuntu1.4 0:1.12+dfsg-2ubuntu5.2 0:5.1.2-0ubuntu2.4 0:2.9.1+dfsg1-3ubuntu4.5 0:304.131-0ubuntu0.14.04.1 0:340.96-0ubuntu0.14.04.1 0:352.63-0ubuntu0.14.04.1 0:1.2.50-1ubuntu2.14.04.1 0:1.6.1-2ubuntu0.11 0:1.5.3-0ubuntu0.14.04.1 0:7u91-2.6.3-0ubuntu0.14.04.1 1:38.4.0+build3-0ubuntu0.14.04.1 0:1.17.5ubuntu5.5 0:2.12.23-12ubuntu2.3 0:3.0.11+really2.12.23-12ubuntu2.3 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-71 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-55 0:1.11.3-0ubuntu0.14.04.1 0:2.0.0+dfsg-2ubuntu1.21 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-39 0:1.0.1f-1ubuntu2.16 0:1.0.52-0ubuntu1.6 0:1.0.25-7ubuntu2.1 0:43.0+build1-0ubuntu0.14.04.1 0:2.9.1+dfsg1-3ubuntu4.6 1:1.9.1-1ubuntu0.2 0:2.02~beta2-9ubuntu1.6 1:9.9.5.dfsg-3ubuntu0.6 0:1.0.52-0ubuntu1.7 0:1.7.2-0ubuntu1.7 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-73 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-41 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-21 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-56 0:3.1-1ubuntu2.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-74 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-57 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-22 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-42 2:4.1.6+dfsg-1ubuntu2.14.04.11 2:4.1.6+dfsg-1ubuntu2.14.04.12 1:1.1.16-1ubuntu0.1 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-43 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-23 1:38.5.1+build2-0ubuntu0.14.04.1 0:1.11.4-0ubuntu0.14.04.1 0:1.2.50-1ubuntu2.14.04.2 0:1.6+dfsg-1ubuntu1.1 2:3.19.2.1-0ubuntu0.14.04.2 0:2.12.23-12ubuntu2.4 0:3.0.11+really2.12.23-12ubuntu2.4 0:43.0.4+build3-0ubuntu0.14.04.1 0:1.2.2-0ubuntu13.1.16 0:4.2.4-7ubuntu12.4 1:6.6p1-2ubuntu2.4 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-76 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-47 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-25 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-59 1:9.9.5.dfsg-3ubuntu0.7 0:2.9.1+dfsg1-3ubuntu4.7 0:104-0ubuntu1.14.04.4 0:1.12.5-0ubuntu0.14.04.1 0:3.1.0-2ubuntu0.2 0:44.0+build3-0ubuntu0.14.04.1 0:44.0.1+build2-0ubuntu0.14.04.1 0:5.5.47-0ubuntu0.14.04.1 0:7.35.0-1ubuntu2.6 0:7u95-2.6.4-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-77 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-60 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-49 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-27 0:2.0.0+dfsg-2ubuntu1.22 0:1.4.6-1ubuntu3.4 0:44.0.2+build1-0ubuntu0.14.04.1 0:9.3.11-0ubuntu0.14.04 0:1.12.6-0ubuntu0.14.04.1 0:1.5.3-2ubuntu4.3 0:2.7.1-1ubuntu0.1 0:2.24.23-0ubuntu1.4 0:3.10.2-0ubuntu5.1 0:1.0.2+LibO4.2.8-0ubuntu4 0:1.1.2+LibO4.2.8-0ubuntu4 1:4.2.8-0ubuntu4 2:1.0+LibO4.2.8-0ubuntu4 2:102.6+LibO4.2.8-0ubuntu4 0:4.2.8-0ubuntu4 0:2.19-0ubuntu6.7 0:3.0.7-dfsg-2ubuntu0.2 0:1.2.4-1ubuntu1.1 2:3.21-0ubuntu0.14.04.1 1:38.6.0+build1-0ubuntu0.14.04.1 0:1.12.7-0ubuntu0.14.04.1 0:2.11+dfsg-1ubuntu1.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-79 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-30 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-30 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-62 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-62 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-51 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-51 0:0.6.1-0ubuntu3.3 0:20160104ubuntu0.14.04.1 0:2.40.0-1ubuntu0.1 0:1.0.1f-1ubuntu2.17 0:2.12.23-12ubuntu2.5 0:3.0.11+really2.12.23-12ubuntu2.5 0:1.0.1f-1ubuntu2.18 0:1.6.1-2ubuntu0.12 0:1.6.1-2ubuntu0.14 0:1.6.1-2ubuntu0.14 0:5.18.2-2ubuntu1.1 0:45.0+build2-0ubuntu0.14.04.1 0:45.0.1+build1-0ubuntu0.14.04.2 0:45.0.2+build1-0ubuntu0.14.04.1 0:0.30.2-2ubuntu1.1 0:1.900.1-14ubuntu3.3 0:1.13.6-0ubuntu0.14.04.1 0:3.3.8-1ubuntu6.6 2:4.1.6+dfsg-1ubuntu2.14.04.13 0:2.0b4-15ubuntu0.14.04.1 2:3.21-0ubuntu0.14.04.2 1:9.9.5.dfsg-3ubuntu0.8 0:1.3.6-1ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-83 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-34 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-67 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-56 0:4.82-3ubuntu2.1 1:38.7.2+build1-0ubuntu0.14.04.1 0:1.1.8-1ubuntu2.1 0:1.1.8-1ubuntu2.2 0:46.0+build5-0ubuntu0.14.04.2 0:46.0.1+build1-0ubuntu0.14.04.3 0:2.4.10-0ubuntu0.14.04.1 1:1.9.1-1ubuntu0.3 0:4.0.3-7ubuntu0.4 0:0.99.22.4-3ubuntu1.1 0:7u95-2.6.4-0ubuntu0.14.04.2 1:8.31-2ubuntu2.2 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-85 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-35 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-69 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-70 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-58 2:4.3.8+dfsg-0ubuntu0.14.04.2 0:2.44.2-1ubuntu2.1 2:4.3.9+dfsg-0ubuntu0.14.04.1 2:4.3.9+dfsg-0ubuntu0.14.04.3 0:0.6.4-1ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.16 0:5.5.49-0ubuntu0.14.04.1 0:1.14.7-0ubuntu0.14.04.1 0:3.4-3ubuntu0.4 0:0.24.5-2ubuntu4.4 0:1.0.1f-1ubuntu2.19 0:1.14.9-0ubuntu0.14.04.1 0:2.5-0ubuntu4.1 0:7u101-2.6.6-0ubuntu0.14.04.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-22 1:6.6p1-2ubuntu2.7 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-86 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-71 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-59 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-36 1:38.8.0+build1-0ubuntu0.14.04.1 0:2.0.0+dfsg-2ubuntu1.24 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-86 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-71 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-59 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-36 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-22 0:3.1.2-7ubuntu2.2 0:1.3.0-3ubuntu0.14.04.2 0:2.1.0-4ubuntu1.2 0:5.5.9+dfsg-1ubuntu4.17 0:2.19-0ubuntu6.8 0:2.19-0ubuntu6.9 0:3.0.26-1ubuntu0.1 0:2.1.0-3ubuntu0.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-87 8:6.7.7.10-6ubuntu3.1 0:1.4.6-1ubuntu3.5 0:1.15.7-0ubuntu0.14.04.1 0:47.0+build3-0ubuntu0.14.04.1 0:2.9.1+dfsg1-3ubuntu4.8 0:3.3.8-1ubuntu6.8 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-88 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-73 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-61 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-38 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-24 0:2.1.0-4ubuntu1.3 0:1.15-1ubuntu1.14.04.2 0:0.12.4-0nocelt2ubuntu1.3 0:1.15.8-0ubuntu0.14.04.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-28 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-41 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-91 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-76 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-64 1:45.2.0+build1-0ubuntu0.14.04.3 0:7.0.52-1ubuntu0.6 0:2.8.10-0ubuntu1.1 0:1.1.5+git20140313.bafe6a9e-0ubuntu1.1 2:4.12-0ubuntu0.14.04.1 2:3.23-0ubuntu0.14.04.1 0:2.1.0-3ubuntu0.2 1:2.10.9-0ubuntu3.3 0:3.1.2-7ubuntu2.3 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-92 4.2.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.2.0-42 3.16.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.16.0-77 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-65 1:2.4.7-1ubuntu4.13 0:2.4.7-1ubuntu4.13 0:5.5.50-0ubuntu0.14.04.1 0:1.16.5-0ubuntu0.14.04.1 4:4.13.3-0ubuntu0.3 0:48.0+build2-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.19 0:2.0.0+dfsg-2ubuntu1.26 0:2.0.0+dfsg-2ubuntu1.27 0:7.35.0-1ubuntu2.8 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-93 3.19.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.19.0-66 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-34 0:1.17.7-0ubuntu0.14.04.1 0:2.1.0-3ubuntu0.3 1:6.6p1-2ubuntu2.8 0:7u111-2.6.7-0ubuntu0.14.04.3 0:2.11.0-0ubuntu4.2 0:1.4.16-1ubuntu2.4 0:1.5.3-2ubuntu4.4 0:9.3.14-0ubuntu0.14.04 0:0.9.27-1ubuntu1.1 0:1.28-1ubuntu2.1 0:3.10.2-0ubuntu5.2 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-36 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-95 1:45.3.0+build1-0ubuntu0.14.04.4 0:3.10.2.1-0ubuntu4.2 0:1.4.6-2ubuntu0.1 0:49.0+build4-0ubuntu0.14.04.1 0:5.5.52-0ubuntu0.14.04.1 0:7.0.52-1ubuntu0.7 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-96 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-38 0:2.30.7-0ubuntu1.6 0:1.0.1f-1ubuntu2.20 0:1.0.1f-1ubuntu2.21 1:9.9.5.dfsg-3ubuntu0.9 0:1.6.1-2ubuntu0.15 0:2.3.0-1ubuntu3.2 0:2.3.0-1ubuntu3.3 0:1.17.9-0ubuntu0.14.04.1 2:4.3.11+dfsg-0ubuntu0.14.04.1 0:0.99.2+addedllvm-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.20 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-98 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-42 0:0.99.22.4-3ubuntu1.2 0:4.025-1ubuntu0.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-100 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-45 0:5.5.53-0ubuntu0.14.04.1 0:0.99.22.4-3ubuntu1.3 0:49.0.2+build2-0ubuntu0.14.04.1 1:45.4.0+build1-0ubuntu0.14.04.1 0:1.18.3-0ubuntu0.14.04.1 0:1.4.6-1ubuntu3.6 0:1.4.6-1ubuntu3.7 0:1.6.1-2ubuntu0.16 0:1.6.18-0ubuntu4.4 0:2.1.0-3ubuntu0.5 1:2.1.16-2ubuntu0.2 1:9.9.5.dfsg-3ubuntu0.10 0:1.4.14-0ubuntu9.1 0:304.132-0ubuntu0.14.04.2 0:340.98-0ubuntu0.14.04.1 0:367.57-0ubuntu0.14.04.1 0:7.35.0-1ubuntu2.10 0:50.0+build2-0ubuntu0.14.04.2 0:2.0.0+dfsg-2ubuntu1.30 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-101 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-47 0:7u121-2.6.8-1ubuntu0.14.04.1 8:6.7.7.10-6ubuntu3.2 0:1.27.1-1ubuntu0.1 0:1.18.5-0ubuntu0.14.04.1 0:2.7.6-8ubuntu0.3 0:3.4.3-1ubuntu1~14.04.5 0:0.10.31-3+nmu1ubuntu5.1 0:1.2.4-1~ubuntu1.1 0:0.10.31-3+nmu1ubuntu5.2 0:1.2.4-1~ubuntu1.3 0:1.0.8-0ubuntu0.4 0:1.9.7-1ubuntu2.1 2:7.4.052-1ubuntu3.1 0:50.0.2+build1-0ubuntu0.14.04.1 1:45.5.1+build1-0ubuntu0.14.04.1 8:6.7.7.10-6ubuntu3.3 8:6.7.7.10-6ubuntu3.4 0:1.10.0-2ubuntu0.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-103 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-51 0:9.10~dfsg-0ubuntu10.5 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-105 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-53 0:1.19.4-0ubuntu0.14.04.1 0:50.1.0+build2-0ubuntu0.14.04.1 0:1.0.1ubuntu2.17 0:2.14.1-0ubuntu3.23 2:4.3.11+dfsg-0ubuntu0.14.04.4 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-106 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-57 2:3.26.2-0ubuntu0.14.04.3 0:4.82-3ubuntu2.2 1:45.7.0+build1-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-107 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-59 0:0.9.9+dfsg-1ubuntu1.2 1:9.9.5.dfsg-3ubuntu0.11 0:304.134-0ubuntu0.14.04.1 0:340.101-0ubuntu0.14.04.1 0:375.39-0ubuntu0.14.04.1 0:5.5.54-0ubuntu0.14.04.1 0:51.0.1+build2-0ubuntu0.14.04.1 0:51.0.1+build2-0ubuntu0.14.04.2 0:1.8.10-1ubuntu1.1 0:7.0.52-1ubuntu0.8 0:7.0.52-1ubuntu0.9 0:1.20.4-0ubuntu0.14.04.1 0:1.0.1f-1ubuntu2.22 0:2.12.23-12ubuntu2.6 0:3.0.11+really2.12.23-12ubuntu2.6 0:2.12.23-12ubuntu2.7 0:3.0.11+really2.12.23-12ubuntu2.7 0:0.8.15-5ubuntu3.1 1:3.5.10-1ubuntu0.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-108 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-62 0:3.3.8-1ubuntu6.9 0:2.7.1-1ubuntu0.2 0:7u121-2.6.8-1ubuntu0.14.04.3 0:5.5.9+dfsg-1ubuntu4.21 1:7.2d-5ubuntu2.1 0:2.6.1-4ubuntu0.1 0:2.6.1-4ubuntu0.2 1:9.9.5.dfsg-3ubuntu0.13 0:0.12.4-0nocelt2ubuntu1.4 0:0.5.3-0ubuntu2.1 0:7.0.52-1ubuntu0.10 0:4.9.0-1ubuntu1~ubuntu14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-110 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-64 0:1.0.2+LibO4.2.8-0ubuntu5 0:1.1.2+LibO4.2.8-0ubuntu5 1:4.2.8-0ubuntu5 2:1.0+LibO4.2.8-0ubuntu5 2:102.6+LibO4.2.8-0ubuntu5 0:4.2.8-0ubuntu5 0:4.0.3-7ubuntu0.6 0:4.0.3-7ubuntu0.7 0:2.1.0-3ubuntu0.6 0:0.5.3-15ubuntu0.1 0:2.0.19-3ubuntu0.2 0:2.0.19-3ubuntu0.3 0:52.0+build2-0ubuntu0.14.04.1 0:52.0.2+build1-0ubuntu0.14.04.1 0:0.9.8.8-0ubuntu4.5 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-112 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-66 8:6.7.7.10-6ubuntu3.5 4:4.13.3-0ubuntu0.4 0:1.0.9-0ubuntu3 0:3.1.2-7ubuntu2.4 0:52.1-3ubuntu0.5 0:2.0.21-stable-1ubuntu1.14.04.2 0:2.3.0-1ubuntu3.4 1:2.10.9-0ubuntu3.4 8:6.7.7.10-6ubuntu3.6 1:45.8.0+build1-0ubuntu0.14.04.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-67 0:2.9.1+dfsg1-3ubuntu4.9 0:1.21.5-0ubuntu0.14.04.1 0:2.5.2-1ubuntu2.6 0:52.0.1+build2-0ubuntu0.14.04.1 0:2.19-0ubuntu6.10 0:2.19-0ubuntu6.11 0:304.135-0ubuntu0.14.04.1 0:340.102-0ubuntu0.14.04.1 0:375.39-0ubuntu0.14.04.1 0:0.3.6-2ubuntu0.14.04.2 2:4.3.11+dfsg-0ubuntu0.14.04.6 2:4.3.11+dfsg-0ubuntu0.14.04.7 1:1.9.1-1ubuntu0.4 0:0.10.36-1.1ubuntu2.1 0:1.2.4-1~ubuntu2.1 0:0.10.31-3+nmu1ubuntu5.3 0:1.2.4-1~ubuntu1.4 0:2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 0:2.10.95-0ubuntu2.6~14.04.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-71 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-115 0:3.5.1-1ubuntu1.1 0:3.5.1-1ubuntu1.3 0:1.6.11-0ubuntu1.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-116 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-72 1:9.9.5.dfsg-3ubuntu0.14 0:53.0+build6-0ubuntu0.14.04.1 0:53.0.2+build1-0ubuntu0.14.04.2 0:2.0.0+dfsg-2ubuntu1.33 0:2.5.2-1ubuntu2.7 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-117 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-75 0:5.5.55-0ubuntu0.14.04.1 2:3.28.4-0ubuntu0.14.04.1 0:1.1.28-2ubuntu0.1 0:9.10~dfsg-0ubuntu10.7 0:9.10~dfsg-0ubuntu10.9 0:1.0.2+LibO4.2.8-0ubuntu5.1 0:1.1.2+LibO4.2.8-0ubuntu5.1 1:4.2.8-0ubuntu5.1 2:1.0+LibO4.2.8-0ubuntu5.1 2:102.6+LibO4.2.8-0ubuntu5.1 0:4.2.8-0ubuntu5.1 0:52.1-3ubuntu0.6 0:7u131-2.6.9-0ubuntu0.14.04.1 0:7u131-2.6.9-0ubuntu0.14.04.2 1:4.1.5.1-1ubuntu9.4 1:4.1.5.1-1ubuntu9.5 1:52.1.1+build1-0ubuntu0.14.04.1 1:2.4.7-1ubuntu4.15 0:2.4.7-1ubuntu4.15 0:1.7.ubuntu-8ubuntu2.14.04.2 1:1.1.dfsg-2ubuntu1.1 0:2.5.2-1ubuntu2.8 0:2.4+20121230.gitdf6c518-1ubuntu0.1 4:4.13.3-0ubuntu0.5 1:1.9.1-1ubuntu0.5 0:1.5-6ubuntu0.1 0:2.0.0+dfsg-2ubuntu1.34 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-119 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-78 0:4.3-7ubuntu1.7 0:1.900.1-14ubuntu3.4 2:4.3.11+dfsg-0ubuntu0.14.04.8 0:0.11+20120125-1ubuntu1.1 0:1.6-3ubuntu2.14.04.3 0:53.0.3+build1-0ubuntu0.14.04.2 0:1.25.6-0ubuntu1.14.04.2 0:5.1.2-0ubuntu2.6 8:6.7.7.10-6ubuntu3.7 0:1.8.9p5-1ubuntu1.4 0:375.66-0ubuntu0.14.04.1 0:1.0.25-7ubuntu2.2 0:2.4.31-1+nmu2ubuntu8.4 0:3.4.3-1ubuntu1.2 0:3.4-3ubuntu0.5 0:3.2.21-1ubuntu4.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-79 0:54.0+build3-0ubuntu0.14.04.1 0:0.8.15-5ubuntu3.2 0:2.12.23-12ubuntu2.8 0:3.0.11+really2.12.23-12ubuntu2.8 0:0.1.11-1ubuntu1.1 0:0.13.62-2ubuntu0.1 1:52.2.1+build1-0ubuntu0.14.04.1 0:4.82-3ubuntu2.3 0:2.19-0ubuntu6.13 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-81 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-121 2:3.28.4-0ubuntu0.14.04.2 1:3.10.1-1ubuntu3~14.5 0:2.3.2-7ubuntu3.2 1:2.4.7-1ubuntu4.16 0:2.4.7-1ubuntu4.16 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-123 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-83 1:9.9.5.dfsg-3ubuntu0.15 1:9.9.5.dfsg-3ubuntu0.16 0:1.5.3-2ubuntu4.5 2:4.3.11+dfsg-0ubuntu0.14.04.9 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 0:0.24.5-2ubuntu4.5 0:3.10.3-0ubuntu10.3 0:1.4.6-1ubuntu3.8 0:1.6~git20131207+dfsg-1ubuntu1.2 2:4.3.11+dfsg-0ubuntu0.14.04.10 0:2.14.1-0ubuntu3.25 0:0.12.4-0nocelt2ubuntu1.5 0:2.1.0-4ubuntu1.4 0:5.5.57-0ubuntu0.14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-125 2:1.15.1-0ubuntu2.9 2:1.18.3-1ubuntu2.3~trusty2 8:6.7.7.10-6ubuntu3.8 8:6.7.7.10-6ubuntu3.9 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-87 0:1.9.3.484-2ubuntu1.3 0:2.0.0.484-1ubuntu2.4 0:7.7.1-0ubuntu5~14.04.3 0:20131116-1ubuntu0.2 0:2.1.12+dfsg-1.2ubuntu8.2 1:2.4.7-1ubuntu4.17 0:2.4.7-1ubuntu4.17 0:3.2.4-1ubuntu0.1 0:1.0.10-0ubuntu1.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-89 0:0.18.0-0ubuntu4.5 0:1.0.2-2ubuntu1.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-126 0:5.5.9+dfsg-1ubuntu4.22 0:2.44.2-1ubuntu2.2 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-91 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-128 1:1.9.1-1ubuntu0.6 0:1.8.8-1ubuntu3.3 0:2.1.0-3ubuntu0.7 0:9.3.18-0ubuntu0.14.04.1 0:55.0.1+build2-0ubuntu0.14.04.2 0:3.4-0ubuntu0.14.04.1 0:55.0.2+build1-0ubuntu0.14.04.1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-92 0:0.99.2+addedllvm-0ubuntu0.14.04.2 0:1.10.0-2ubuntu0.2 0:7u151-2.6.11-0ubuntu1.14.04.1 0:5.1.2-0ubuntu2.7 0:1.3.10-0ubuntu0.14.04.1 2:1.12.13+real-12ubuntu0.1 0:1.2.0-0ubuntu1.3 0:2013.20140215-1ubuntu0.1 0:9.10~dfsg-0ubuntu10.10 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-93 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-129 0:2.5.3-2ubuntu1.1 0:20120731.b-5ubuntu0.1 0:2.1.0-3ubuntu0.8 0:2.6.0+bzr6593-1ubuntu1.6 0:4.101-0ubuntu13.3 0:2.0.0+dfsg-2ubuntu1.35 0:2.0.0+dfsg-2ubuntu1.36 0:4.9.2-0ubuntu0.14.04.1 1:52.3.0+build1-0ubuntu0.14.04.1 0:2.30.7-0ubuntu1.7 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-96 0:0.9-1ubuntu0.1~esm1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-132 0:2.9.1+dfsg1-3ubuntu4.10 1:2.4.7-1ubuntu4.18 0:2.4.7-1ubuntu4.18 2:4.3.11+dfsg-0ubuntu0.14.04.12 0:24.3+1-2ubuntu1.1 0:1.10-1ubuntu0.1 0:2.68-1ubuntu0.2 2:3.28.4-0ubuntu0.14.04.3 0:20170717~14.04.1 0:0.24.5-2ubuntu4.6 0:1.28-1ubuntu2.2 0:56.0+build6-0ubuntu0.14.04.1 0:56.0+build6-0ubuntu0.14.04.2 1:52.4.0+build1-0ubuntu0.14.04.2 0:4.01.0-3ubuntu3.1 1:1.9.1-1ubuntu0.7 0:1.9.3.484-2ubuntu1.5 0:0.24.5-2ubuntu4.7 0:7.35.0-1ubuntu2.11 1:1.4.7-1ubuntu0.3 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-97 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-133 1:2014.1.5-0ubuntu1.1 1:2014.1.5-0ubuntu2.1 1:2014.1.5-0ubuntu1.7 0:1.13.1-0ubuntu1.5 0:0.80.11-0ubuntu1.14.04.3 2:1.15.1-0ubuntu2.10 2:1.18.3-1ubuntu2.3~trusty3 0:3.1~rc1+r3.0.13-12ubuntu0.2 1:2.1-0ubuntu1.5 0:2.1-0ubuntu1.5 2:1.15.1-0ubuntu2.11 2:1.18.3-1ubuntu2.3~trusty4 0:7.35.0-1ubuntu2.12 0:52.1-3ubuntu0.7 0:5.5.58-0ubuntu0.14.04.1 0:384.90-0ubuntu0.14.04.1 0:1.1.10+git20130802-1ubuntu2.4 0:0.9.4+dfsg-1.1ubuntu2.1 0:1.15-1ubuntu1.14.04.3 0:0.8.15-5ubuntu3.3 0:0.24.5-2ubuntu4.8 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-98 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-135 0:0.99.22.4-3ubuntu1.4 0:1.0.2+LibO4.2.8-0ubuntu5.2 0:1.1.2+LibO4.2.8-0ubuntu5.2 1:4.2.8-0ubuntu5.2 2:1.0+LibO4.2.8-0ubuntu5.2 2:102.6+LibO4.2.8-0ubuntu5.2 0:4.2.8-0ubuntu5.2 0:2.5.3-2ubuntu1.2 0:1.0.1f-1ubuntu2.23 0:154ubuntu1.1 0:9.3+154ubuntu1.1 0:57.0+build4-0ubuntu0.14.04.4 0:57.0+build4-0ubuntu0.14.04.5 0:57.0.1+build2-0ubuntu0.14.04.1 0:57.0.3+build1-0ubuntu0.14.04.1 0:5.18.2-2ubuntu1.3 0:9.3.20-0ubuntu0.14.04 0:2.14.1-0ubuntu3.27 0:3.22-21ubuntu0.2 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-101 4.4.0-\d+(-aws) 0:4.4.0-1003 2:4.3.11+dfsg-0ubuntu0.14.04.13 0:5.3.28-3ubuntu3.1 1:52.5.0+build1-0ubuntu0.14.04.1 0:1.6.17-1ubuntu0.1 0:0.15.4-1ubuntu0.1 0:2.0108+dfsg-1ubuntu0.2 0:0.6.4-1ubuntu0.14.04.2 0:2.7.6-8ubuntu0.4 0:3.4.3-1ubuntu1~14.04.6 0:7u151-2.6.11-2ubuntu0.14.04.1 0:7.35.0-1ubuntu2.13 1:1.4.7-1ubuntu0.4 1:1.1.14-1ubuntu0.14.04.1 0:3.10.3-0ubuntu10.4 0:2.9.1+dfsg1-3ubuntu4.11 0:1.127.24 0:3.1.0-2ubuntu0.3 4.4.0-\d+(-aws) 0:4.4.0-1005 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-103 4.4.0-\d+(-aws) 0:4.4.0-1006 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-104 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-137 0:2.9.1+dfsg1-3ubuntu4.12 0:1.9.3.484-2ubuntu1.6 0:2.0.0.484-1ubuntu2.5 0:57.0.4+build1-0ubuntu0.14.04.1 0:0.24.5-2ubuntu4.9 0:7.2+dfsg-1ubuntu0.1 0:7.0.52-1ubuntu0.13 0:384.111-0ubuntu0.14.04.1 4.4.0-\d+(-aws) 0:4.4.0-1009 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-108 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-109 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-139 0:0.8.15-5ubuntu3.4 0:1.9.3.484-2ubuntu1.7 1:52.6.0+build1-0ubuntu0.14.04.1 0:3.20180108.0~ubuntu14.04.2 0:3.20180108.0+really20170707ubuntu14.04.1 0:3.20180312.0~ubuntu14.04.1 0:2.30.7-0ubuntu1.8 0:2.82-1.1ubuntu3.2 0:2.19-0ubuntu6.14 1:9.9.5.dfsg-3ubuntu0.17 0:5.5.59-0ubuntu0.14.04.1 1:6.6p1-2ubuntu2.10 0:2.8.10-0ubuntu1.2 4.4.0-\d+(-aws) 0:4.4.0-1011 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-111 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-141 0:3.1.0-2ubuntu0.4 0:58.0+build6-0ubuntu0.14.04.1 0:58.0.2+build1-0ubuntu0.14.04.1 1:52.7.0+build1-0ubuntu0.14.04.1 0:3.4-3ubuntu0.6 0:0.99.3+addedllvm-0ubuntu0.14.04.1 0:58.0.1+build1-0ubuntu0.14.04.1 0:7.35.0-1ubuntu2.14 0:0.5.3-15ubuntu0.2 1:2.2.9-1ubuntu2.3 0:3.3.8-1ubuntu6.11 1:204-5ubuntu20.26 0:204-5ubuntu20.26 0:2.0.0+dfsg-2ubuntu1.38 0:1.2.2-0ubuntu13.1.25 0:1.6-3ubuntu2.14.04.4 1:2.1.16-2ubuntu0.5 0:9.3.21-0ubuntu0.14.04 0:4.82-3ubuntu2.4 0:5.5.9+dfsg-1ubuntu4.23 0:5.5.9+dfsg-1ubuntu4.29+esm2 0:3.4.3-1ubuntu1.3 0:4.70.0-1ubuntu0.1 0:1.3.2-1.3ubuntu1.1 0:1.18-1ubuntu0.1 1:16.b.3-dfsg-1ubuntu2.2 0:0.99.22.4-3ubuntu1.5 0:2.0.0+dfsg-2ubuntu1.39 0:2.0.0+dfsg-2ubuntu1.40 0:1.2.2-0ubuntu13.1.26 0:1.7.2-0ubuntu1.9 0:1.0.2+LibO4.2.8-0ubuntu5.3 0:1.1.2+LibO4.2.8-0ubuntu5.3 1:4.2.8-0ubuntu5.3 2:1.0+LibO4.2.8-0ubuntu5.3 2:102.6+LibO4.2.8-0ubuntu5.3 0:4.2.8-0ubuntu5.3 4.4.0-\d+(-aws) 0:4.4.0-1014 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-116 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-142 0:0.0.9ubuntu0.14.04.1 0:13.2.0-1ubuntu1.2 1:13.2.0-1ubuntu1.2 0:4.2.4-7ubuntu12.12 1:2.2.9-1ubuntu2.4 0:1.4.14-0ubuntu9.2 0:9.3.22-0ubuntu0.14.04 0:0.8.15-5ubuntu3.5 0:1.6.11-0ubuntu1.2 0:0.99.4+addedllvm-0ubuntu0.14.04.1 0:5.0.2-3ubuntu6.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-143 2:4.3.11+dfsg-0ubuntu0.14.04.14 0:59.0+build5-0ubuntu0.14.04.1 0:59.0.2+build1-0ubuntu0.14.04.4 0:7.35.0-1ubuntu2.15 0:59.0.1+build1-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.24 0:1.4.14-0ubuntu9.3 0:4.0.3-7ubuntu0.8 0:1.10.1-1git1ubuntu0.1 0:1.3.2-1.3ubuntu1.2 1:4.14-1ubuntu1.1 0:4.0.3-7ubuntu0.9 0:0.17.1.1~14.04.1 0:5.0.2-3ubuntu6.2 0:59.0.2+build1-0ubuntu0.14.04.1 0:52.1-3ubuntu0.8 0:1.0.1f-1ubuntu2.24 0:1.2.2-2ubuntu1.1 0:7u171-2.6.13-0ubuntu0.14.04.2 0:0.15.4-1ubuntu0.2 0:2.6.1-4ubuntu0.3 0:0.9.9+dfsg-1ubuntu1.3 4.4.0-\d+(-aws) 0:4.4.0-1016 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-119 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-144 0:1.9.3.484-2ubuntu1.8 0:2.0.0.484-1ubuntu2.6 0:1.9.3.484-2ubuntu1.10 0:2.0.0.484-1ubuntu2.8 0:1.4.0-1ubuntu1.1 1:0.220.10 0:2.7.1-4ubuntu2.4 0:5.18.2-2ubuntu1.4 0:1.9.3.484-2ubuntu1.11 0:2.0.0.484-1ubuntu2.9 1:2.4.7-1ubuntu4.20 0:2.4.7-1ubuntu4.20 0:1.0.1f-1ubuntu2.25 0:5.5.60-0ubuntu0.14.04.1 4.4.0-\d+(-aws) 0:4.4.0-1017 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-121 0:9.10~dfsg-0ubuntu10.12 0:8.0.2-3~14.04.1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-147 4.4.0-\d+(-aws) 0:4.4.0-1019 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-124 0:1.15-1ubuntu1.14.04.4 0:60.0+build2-0ubuntu0.14.04.1 0:60.0.1+build2-0ubuntu0.14.04.1 0:5.5.9+dfsg-1ubuntu4.25 0:0.24.5-2ubuntu4.11 0:7.35.0-1ubuntu2.16 0:2.0.0+dfsg-2ubuntu1.41 0:1.1.0~rc1-2ubuntu7.2 0:2.0.0+dfsg-2ubuntu1.42 4.4.0-\d+(-aws) 0:4.4.0-1022 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-127 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-149 1:3.3.9-1ubuntu2.3 0:0.12.4-0nocelt2ubuntu1.6 1:52.8.0+build1-0ubuntu0.14.04.1 0:1.7.ubuntu-8ubuntu2.14.04.3 0:384.130-0ubuntu0.14.04.1 0:2.14.1-0ubuntu3.29 0:7.0.52-1ubuntu0.14 0:1.5-6ubuntu0.2 0:2.2.1-1ubuntu1.1 0:2.5.3-2ubuntu1.3 0:0.158-0ubuntu5.3 1:1.9.1-1ubuntu0.8 0:2.5.3-2ubuntu1.4 0:1.4.22-1ubuntu4.14.04.3 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-151 0:1.4.16-1ubuntu2.5 0:2.0.22-3ubuntu1.4 4.4.0-\d+(-aws) 0:4.4.0-1023 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-128 0:2.0.0+dfsg-2ubuntu1.43 0:1.2.2-0ubuntu13.1.27 8:6.7.7.10-6ubuntu3.11 0:60.0.2+build1-0ubuntu0.14.04.1 0:5.18.2-2ubuntu1.6 0:1.9.3.484-2ubuntu1.12 0:2.0.0.484-1ubuntu2.10 0:2.0.0.484-1ubuntu2.13+esm1 1:5.14-2ubuntu3.4 0:1.5.3-2ubuntu4.6 0:3.20180524.1~ubuntu0.14.04.1 0:3.20180524.1~ubuntu0.14.04.2+really20130710.1 0:7u181-2.6.14-0ubuntu0.1 0:1.0.1f-1ubuntu2.26 0:1.900.1-14ubuntu3.5 0:2.10.09-1ubuntu0.1 4.4.0-\d+(-aws) 0:4.4.0-1024 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-130 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-153 0:0.13.62-2ubuntu0.2 0:0.23-1ubuntu2.1 0:2.44.2-1ubuntu2.3 0:1.30-7ubuntu0.1 0:61.0+build3-0ubuntu0.14.04.2 0:61.0.1+build1-0ubuntu0.14.04.1 0:1.3.0-0ubuntu2.1 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 0:1.2.1-9ubuntu0.3 8:6.7.7.10-6ubuntu3.12 0:1.2.50-1ubuntu2.14.04.3 0:1.7.2-0ubuntu1.10 1:52.9.1+build3-0ubuntu0.14.04.1 0:0.105-4ubuntu3.14.04.2 0:1.5.21-6.4ubuntu2.2 0:1.9.3-2ubuntu0.1 0:0.100.1+dfsg-1ubuntu0.14.04.1 0:0.100.1+dfsg-1ubuntu0.14.04.2 0:0.100.1+dfsg-1ubuntu0.14.04.4 0:7.0.52-1ubuntu0.15 0:3.10.4-0ubuntu1.6 0:5.5.61-0ubuntu0.14.04.1 0:1.49+dfsg-2ubuntu0.1 0:0.100.1+dfsg-1ubuntu0.14.04.3 1:1.1.14-1ubuntu0.14.04.2 0:4.4.13-1ubuntu0.1 0:1.4.16-1ubuntu2.6 0:7u181-2.6.14-0ubuntu0.2 0:3.1.2-7ubuntu2.6 2:4.3.11+dfsg-0ubuntu0.14.04.16 0:2.9.1+dfsg1-3ubuntu4.13 4.4.0-\d+(-aws) 0:4.4.0-1027 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-133 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-156 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-155 0:9.3.24-0ubuntu0.14.04 1:2.1-0ubuntu1.6 0:2.1-0ubuntu1.6 0:0.12.4-0nocelt2ubuntu1.7 4.4.0-\d+(-aws) 0:4.4.0-1028 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-134 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-157 0:2.1.0-3ubuntu0.10 0:3.20180807a.0ubuntu0.14.04.1 0:0.24.5-2ubuntu4.12 2:1.6.2-1ubuntu2.1 0:0.2.2-5ubuntu2.1 1:3.2.5.e-1ubuntu1.1 0:62.0+build2-0ubuntu0.14.04.3 0:62.0+build2-0ubuntu0.14.04.4 0:62.0+build2-0ubuntu0.14.04.5 0:5.0.2-3ubuntu6.3 0:7.35.0-1ubuntu2.17 0:5.5.9+dfsg-1ubuntu4.26 0:2.40.2-0ubuntu1.1 0:9.10~dfsg-0ubuntu10.13 1:9.9.5.dfsg-3ubuntu0.18 0:2.5-0ubuntu4.2 0:5.1.2-0ubuntu2.10 0:9.25~dfsg+1-0ubuntu0.14.04.1 0:5.1.2-0ubuntu2.11 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-160 4.4.0-\d+(-aws) 0:4.4.0-1031 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-137 0:62.0.3+build1-0ubuntu0.14.04.2 0:2.5.3-2ubuntu1.5 0:2.10.95-0ubuntu2.6~14.04.4 8:6.7.7.10-6ubuntu3.13 0:0.4.1-0ubuntu1.1 0:7.0.52-1ubuntu0.16 0:2013.20130729.30972-2ubuntu0.1 0:0.100.2+dfsg-1ubuntu0.14.04.1 0:2.2.1-1ubuntu0.4 1:1.9.1-1ubuntu0.9 0:5.7.2~dfsg-8.1ubuntu3.3 1:60.2.1+build1-0ubuntu0.14.04.2 0:1.9.7-1ubuntu2.2 0:0.6.1-0ubuntu3.4 0:0.6.1-0ubuntu3.5 0:1.10.1-1git1ubuntu0.2 4.4.0-\d+(-aws) 0:4.4.0-1032 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-138 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-161 0:5.5.62-0ubuntu0.14.04.1 0:0.3.6-2ubuntu0.14.04.3 0:63.0+build2-0ubuntu0.14.04.2 0:63.0.3+build1-0ubuntu0.14.04.1 0:9.25~dfsg+1-0ubuntu0.14.04.2 0:7.35.0-1ubuntu2.19 0:1.9.3.484-2ubuntu1.13 0:2.0.0.484-1ubuntu2.11 1:6.6p1-2ubuntu2.11 0:2.4.5-5.1ubuntu2.3 0:3.4.2-0ubuntu0.14.04.1 0:1.4.6-1ubuntu3.9 0:0.100.2+dfsg-1ubuntu0.14.04.2 0:0.18.3.1-1ubuntu3.1 0:2.7.6-8ubuntu0.5 0:3.4.3-1ubuntu1~14.04.7 4.15.0-\d+(-azure) 0:4.15.0-1031 4.4.0-\d+(-aws) 0:4.4.0-1034 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-139 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-162 0:7u181-2.6.14-0ubuntu0.3 0:2.0.8+httpd24-r1449661-6ubuntu2.1 0:2.0.0+dfsg-2ubuntu1.44 2:4.3.11+dfsg-0ubuntu0.14.04.19 1:1.9.1-1ubuntu0.10 0:9.26~dfsg+0-0ubuntu0.14.04.1 0:9.26~dfsg+0-0ubuntu0.14.04.3 0:5.18.2-2ubuntu1.7 0:0.24.5-2ubuntu4.13 0:0.24.5-2ubuntu4.14 0:0.15.4-1ubuntu0.3 0:4.70.0-1ubuntu0.2 0:1.0.1f-1ubuntu2.27 0:3.3.3-1ubuntu0.2 0:1.7.2-0ubuntu1.11 0:0.30.2-2ubuntu1.2 0:64.0+build3-0ubuntu0.14.04.1 0:1.0.2-2ubuntu1.2 4.15.0-\d+(-azure) 0:4.15.0-1036 4.4.0-\d+(-aws) 0:4.4.0-1037 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-141 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-164 2:3.28.4-0ubuntu0.14.04.4 0:1.6.11-0ubuntu1.3 0:0.23-1ubuntu2.2 0:3.1.2-7ubuntu2.7 0:0.99.beta18-1ubuntu5.1 0:0.105-4ubuntu3.14.04.5 0:0.8.15-5ubuntu3.6 0:1.0.1ubuntu2.19 0:4.0.3-7ubuntu0.10 0:0.24.5-2ubuntu4.15 0:9.26~dfsg+0-0ubuntu0.14.04.4 0:9.26~dfsg+0-0ubuntu0.14.04.5 0:9.26~dfsg+0-0ubuntu0.14.04.7 1:60.4.0+build2-0ubuntu0.14.04.1 0:0.12.4-0nocelt2ubuntu1.8 4.15.0-\d+(-azure) 0:4.15.0-1037 0:65.0+build2-0ubuntu0.14.04.1 0:0.6.31-4ubuntu1.3 0:0.9.9+dfsg-1ubuntu1.4 4.4.0-\d+(-aws) 0:4.4.0-1038 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-142 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-165 1:2.2.9-1ubuntu2.5 0:7.35.0-1ubuntu2.20 0:1.0.2+LibO4.2.8-0ubuntu5.5 0:1.1.2+LibO4.2.8-0ubuntu5.5 1:4.2.8-0ubuntu5.5 2:1.0+LibO4.2.8-0ubuntu5.5 2:102.6+LibO4.2.8-0ubuntu5.5 0:4.2.8-0ubuntu5.5 0:3.1.2-7ubuntu2.8 1:6.6p1-2ubuntu2.12 1:6.6p1-2ubuntu2.13 0:0.24.5-2ubuntu4.16 0:2.34.2~14.04.1 1:9.9.5.dfsg-3ubuntu0.19 0:3.10.1-1ubuntu4.4 1:1.1.24-0ubuntu0.14.04.2 0:65.0.1+build2-0ubuntu0.14.04.1 1:60.5.1+build2-0ubuntu0.14.04.1 2:3.28.4-0ubuntu0.14.04.5 0:2.1.0-3ubuntu0.11 4.15.0-\d+(-azure) 0:4.15.0-1040 0:5.5.9+dfsg-1ubuntu4.27 0:0.24.5-2ubuntu4.17 0:4.0.3-7ubuntu0.11 0:2.2.32-0ubuntu1~14.04.2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-166 4.4.0-\d+(-aws) 0:4.4.0-1039 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-143 0:9.26~dfsg+0-0ubuntu0.14.04.8 0:2.37.4~14.04.1 0:66.0.1+build1-0ubuntu0.14.04.1 0:66.0.2+build1-0ubuntu0.14.04.1 0:66.0.3+build1-0ubuntu0.14.04.1 0:66.0.1+build1-0ubuntu0.14.04.1 0:1.5.3-2+deb8u3ubuntu0.1 0:5.5.9+dfsg-1ubuntu4.29 0:2.0.0+dfsg-2ubuntu1.45 0:3.15.4-3ubuntu0.1 1:60.6.1+build2-0ubuntu0.14.04.1 1:2.2.9-1ubuntu2.6 0:2.5.2.26540.ds4-9ubuntu1.1 4.15.0-\d+(-azure) 0:4.15.0-1041 4.4.0-\d+(-aws) 0:4.4.0-1040 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-144 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-168 0:0.105-4ubuntu3.14.04.6 1:1.21.0-1ubuntu1.4 0:1.18-1ubuntu0.2 1:2.4.7-1ubuntu4.22 0:2.4.7-1ubuntu4.22 1:204-5ubuntu20.31 0:204-5ubuntu20.31 2:4.3.11+dfsg-0ubuntu0.14.04.20 0:0.100.3+dfsg-0ubuntu0.14.04.1 0:7u211-2.6.17-0ubuntu0.1 0:1.15-1ubuntu1.14.04.5 1:2.1-0ubuntu1.7 0:2.1-0ubuntu1.7 0:1.9.3.484-2ubuntu1.14 0:2.0.0.484-1ubuntu2.13 0:2.3.4-4+deb8u2ubuntu0.14.04.2 0:1.1.28-2ubuntu0.2 0:5.5.9+dfsg-1ubuntu4.29+esm1 1:9.9.5.dfsg-3ubuntu0.19+esm1 0:5.5.64-1ubuntu0.14.04.1 0:1.8.9p5-1ubuntu1.5+esm1 0:1.8.9p5-1ubuntu1.5+esm5 0:2.1-0ubuntu1.7+esm1 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2 0:3.20190514.0ubuntu0.14.04.1 0:3.20190514.0ubuntu0.14.04.2 0:3.20190618.0ubuntu0.14.04.1 0:2.0.0+dfsg-2ubuntu1.46 4.15.0-\d+(-azure) 0:4.15.0-1045 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-148 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-170 0:1.2.2-0ubuntu13.1.28 0:1.7.1-1ubuntu4.1+esm1 0:7.35.0-1ubuntu2.20+esm2 1:1.2.7-1ubuntu1+esm1 0:4.1.0~20120320gitdb59704-9ubuntu0.1~esm1 0:2.4.1-0ubuntu0.14.04.2 0:5.3.28-3ubuntu3.1+esm1 4.4.0-\d+(-aws) 0:4.4.0-1045 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-150 0:5.5.9+dfsg-1ubuntu4.29+esm3 0:2.7.2-2ubuntu0.1~esm1 0:2.40.2-0ubuntu1.1+esm1 0:1.6.18-0ubuntu4.5+esm1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-171 4.15.0-\d+(-azure) 0:4.15.0-1047 4.4.0-\d+(-aws) 0:4.4.0-1046 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-151 0:3.8.2-1ubuntu2.2+esm1 0:1.0.6-5ubuntu0.1~esm1 0:1.0.6-5ubuntu0.1~esm2 0:2.1.0-4ubuntu1.4+esm1 4.15.0-\d+(-azure) 0:4.15.0-1049 4.4.0-\d+(-aws) 0:4.4.0-1048 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-154 0:1.2.2-0ubuntu13.1.28+esm1 0:2.40.2-0ubuntu1.1+esm2 0:2.40.2-0ubuntu1.1+esm3 0:2.14.1-0ubuntu3.29+esm1 0:4.3-7ubuntu1.8+esm1 2:3.28.4-0ubuntu0.14.04.5+esm1 0:0.100.3+dfsg-0ubuntu0.14.04.1+esm1 0:2.7.1-4ubuntu2.4+esm1 0:2.4.31-1+nmu2ubuntu8.5+esm1 0:5.5.9+dfsg-1ubuntu4.29+esm4 4.4.0-\d+(-aws) 0:4.4.0-1050 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-159 0:5.5.9+dfsg-1ubuntu4.29+esm5 1:2.2.9-1ubuntu2.6+esm1 1:2.2.9-1ubuntu2.6+esm2 0:4.82-3ubuntu2.4+esm1 0:2.5.2-1ubuntu2.8+esm1 0:2.7.6-8ubuntu0.6+esm2 0:3.4.3-1ubuntu1~14.04.7+esm2 0:7.35.0-1ubuntu2.20+esm3 0:2.1.0-4ubuntu1.4+esm2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-173 4.15.0-\d+(-azure) 0:4.15.0-1059 4.4.0-\d+(-aws) 0:4.4.0-1054 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-164 1:2.1-0ubuntu1.7+esm2 0:2.1-0ubuntu1.7+esm2 0:1.42.9-3ubuntu1.3+esm1 0:2.0-1.42.9-3ubuntu1.3+esm1 0:2.1-1.42.9-3ubuntu1.3+esm1 0:0.101.4+dfsg-0ubuntu0.14.04.1+esm1 0:2.7.6-8ubuntu0.6+esm3 0:3.4.3-1ubuntu1~14.04.7+esm4 0:1.8.9p5-1ubuntu1.5+esm2 0:0.60.7~20110707-1ubuntu1+esm1 0:1.2.15-8ubuntu1.1+esm1 4.15.0-\d+(-azure) 0:4.15.0-1061 4.4.0-\d+(-aws) 0:4.4.0-1056 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-166 0:1.1.28-2ubuntu0.2+esm1 0:5.5.9+dfsg-1ubuntu4.29+esm6 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3 0:3.1.2-7ubuntu2.8+esm1 0:2.14.1-0ubuntu3.29+esm2 0:2.14.1-0ubuntu3.29+esm3 1:5.14-2ubuntu3.4+esm1 0:2.11+dfsg-1ubuntu1.2+esm1 0:3.20191112-0ubuntu0.14.04.2 0:3.20191115.1ubuntu0.14.04.2 4.15.0-\d+(-azure) 0:4.15.0-1063 4.4.0-\d+(-aws) 0:4.4.0-1058 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-168 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-175 0:2.0.0+dfsg-2ubuntu1.47 0:154ubuntu1.1+esm1 0:9.3+154ubuntu1.1+esm1 0:1.3.0-2ubuntu0.1~esm1 2:3.28.4-0ubuntu0.14.04.5+esm2 4.4.0-\d+(-aws) 0:4.4.0-1059 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-170 0:0.4.1-1ubuntu0.1~esm1 2:3.28.4-0ubuntu0.14.04.5+esm3 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 0:2.19-0ubuntu6.15+esm1 0:1.5.3-2ubuntu0.1 4.15.0-\d+(-azure) 0:4.15.0-1066 4.4.0-\d+(-aws) 0:4.4.0-1060 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-171 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1 0:0.102.1+dfsg-0ubuntu0.14.04.1+esm1 2:3.28.4-0ubuntu0.14.04.5+esm4 0:1.4.6-1ubuntu3.9+esm1 0:1.5.3-2ubuntu4.6+esm1 0:3.4.2-0ubuntu0.14.04.1+esm1 0:5.5.9+dfsg-1ubuntu4.29+esm8 0:0.6.0-2ubuntu1+esm1 0:0.9.3.5ubuntu3+esm2 0:1.42.9-3ubuntu1.3+esm2 0:2.0-1.42.9-3ubuntu1.3+esm2 0:2.1-1.42.9-3ubuntu1.3+esm2 0:4.9.3-0ubuntu0.14.04.1+esm1 4.4.0-\d+(-aws) 0:4.4.0-1061 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-173 0:2.1.25.dfsg1-17ubuntu0.1~esm1 0:1.8.9p5-1ubuntu1.5+esm3 0:3.4.2-0ubuntu0.14.04.1+esm2 0:2.3.0-1ubuntu3.4+esm1 0:2.9.1+dfsg1-3ubuntu4.13+esm1 0:0.6.21-1ubuntu1+esm1 0:5.5.9+dfsg-1ubuntu4.29+esm10 0:0.102.2+dfsg-0ubuntu0.14.04.1+esm1 4.4.0-\d+(-aws) 0:4.4.0-1062 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-174 4.15.0-\d+(-azure) 0:4.15.0-1069 0:2.4.5-5.1ubuntu2.3+esm1 0:1.3.17-0ubuntu4+esm1 0:3.8.2-1ubuntu2.2+esm2 4.15.0-\d+(-azure) 0:4.15.0-1074 4.4.0-\d+(-aws) 0:4.4.0-1064 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-176 0:52.1-3ubuntu0.8+esm1 0:13.2.0-1ubuntu1.2+esm1 1:13.2.0-1ubuntu1.2+esm1 2:7.4.052-1ubuntu3.1+esm1 0:4.6-2ubuntu0.1~esm1 0:2.14.1-0ubuntu3.29+esm4 0:2.1.0-3ubuntu0.11+esm1 4.4.0-\d+(-aws) 0:4.4.0-1065 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-177 4.15.0-\d+(-azure) 0:4.15.0-1077 0:5.5.9+dfsg-1ubuntu4.29+esm11 0:2.7.6-8ubuntu0.6+esm5 0:3.4.3-1ubuntu1~14.04.7+esm6 0:2.24-5ubuntu14.2+esm2 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 4.4.0-\d+(-aws) 0:4.4.0-1066 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-178 0:2.4.31-1+nmu2ubuntu8.5+esm2 0:0.6.21-1ubuntu1+esm2 0:1.0.1ubuntu2.24+esm1 0:0.11-3ubuntu1.2+esm1 0:0.11-3ubuntu1.2+esm2 0:0.11-3ubuntu1.2+esm3 4.4.0-\d+(-aws) 0:4.4.0-1067 4.4.0-\d+(-generic-lpae|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-179 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-179 1:9.9.5.dfsg-3ubuntu0.19+esm2 0:4.82-3ubuntu2.4+esm2 0:0.102.3+dfsg-0ubuntu0.14.04.1+esm1 0:5.5.9+dfsg-1ubuntu4.29+esm12 0:1.0.1f-1ubuntu2.27+esm1 0:20190110~14.04.1~esm1 0:0.10.1-2ubuntu0.1~esm1 0:1.6.11-0ubuntu1.3+esm1 0:3.20200609.0ubuntu0.14.04.0 0:3.20200609.0ubuntu0.14.04.1 0:1.3.0-0ubuntu2.1+esm1 4.15.0-\d+(-azure) 0:4.15.0-1089 4.4.0-\d+(-aws) 0:4.4.0-1073 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-184 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-180 0:0.6.21-1ubuntu1+esm5 2:3.28.4-0ubuntu0.14.04.5+esm5 0:1.6.18-0ubuntu4.5+esm2 0:7.35.0-1ubuntu2.20+esm4 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm7 4.15.0-\d+(-azure) 0:4.15.0-1091 2:3.28.4-0ubuntu0.14.04.5+esm6 4.4.0-\d+(-aws) 0:4.4.0-1074 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-185 4.4.0-\d+(-aws) 0:4.4.0-1075 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-186 0:2.7.6-8ubuntu0.6+esm6 0:3.4.3-1ubuntu1~14.04.7+esm7 0:1.34.22+2.02~beta2-9ubuntu1.20 0:2.02~beta2-9ubuntu1.20 0:1.34.20+2.02~beta2-9ubuntu1.21 0:2.02~beta2-9ubuntu1.21 0:0.102.4+dfsg-0ubuntu0.14.04.1+esm1 0:6.1.17~dfsg-1ubuntu0.1~esm1 0:2.14.1-0ubuntu3.29+esm5 0:2.4.5-5.1ubuntu2.3+esm2 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8 2:3.28.4-0ubuntu0.14.04.5+esm7 1:2.2.9-1ubuntu2.6+esm3 0:0.92.37.8ubuntu0.1~esm1 0:5.9.1-1ubuntu1.1+esm2 4.4.0-\d+(-aws) 0:4.4.0-1076 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-187 0:7.35.0-1ubuntu2.20+esm5 0:2.0.0+dfsg-2ubuntu1.47+esm1 1:9.9.5.dfsg-3ubuntu0.19+esm3 0:5.7.2~dfsg-8.1ubuntu3.3+esm1 0:5.7.2~dfsg-8.1ubuntu3.3+esm2 2:3.28.4-0ubuntu0.14.04.5+esm8 0:3.1.2-1ubuntu0.1+esm1 4.15.0-\d+(-azure) 0:4.15.0-1093 4.4.0-\d+(-aws) 0:4.4.0-1077 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-189 2:1.6.2-1ubuntu2.1+esm1 2:1.15.1-0ubuntu2.11+esm2 4.15.0-\d+(-azure) 0:4.15.0-1095 0:1.630-1ubuntu0.1~esm1 0:1.630-1ubuntu0.1~esm4 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 4.15.0-\d+(-azure) 0:4.15.0-1096 4.4.0-\d+(-aws) 0:4.4.0-1078 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-190 0:1.630-1ubuntu0.1~esm5 0:0.12.4-0nocelt2ubuntu1.8+esm1 4.15.0-\d+(-azure) 0:4.15.0-1098 4.4.0-\d+(-aws) 0:4.4.0-1081 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-193 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-182 0:2.7.6-8ubuntu0.6+esm7 0:3.4.3-1ubuntu1~14.04.7+esm8 0:5.5.9+dfsg-1ubuntu4.29+esm13 0:2.5.2-1ubuntu2.8+esm2 0:5.18.2-2ubuntu1.7+esm3 0:0.6.35-0ubuntu7.3+esm2 0:2.4.31-1+nmu2ubuntu8.5+esm3 0:0.6.21-1ubuntu1+esm6 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-183 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-194 0:3.20201110.0ubuntu0.14.04.1 0:3.20201110.0ubuntu0.14.04.2 0:2.4.31-1+nmu2ubuntu8.5+esm4 0:1.12+dfsg-2ubuntu5.4+esm2 2:1.15.1-0ubuntu2.11+esm3 4.4.0-\d+(-aws) 0:4.4.0-1082 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-197 4.15.0-\d+(-azure) 0:4.15.0-1100 0:7.35.0-1ubuntu2.20+esm6 0:3.3.3-1ubuntu0.2+esm1 0:3.3.3-1ubuntu0.2+esm2 0:1.0.1ubuntu2.24+esm3 0:0.9.3.5ubuntu3+esm4 0:6.0-9ubuntu1.6 1:2.2.9-1ubuntu2.6+esm4 0:0.20.2-2ubuntu2+esm1 4.15.0-\d+(-azure) 0:4.15.0-1103 4.4.0-\d+(-aws) 0:4.4.0-1083 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-198 0:1.27.1-1ubuntu0.1+esm1 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-200 0:2.3.0-1ubuntu3.4+esm2 0:0.25-4ubuntu0.14.04.1~esm1 0:1.0.25-7ubuntu2.2+esm1 0:1.8.9p5-1ubuntu1.5+esm6 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-201 4.4.0-\d+(-aws) 0:4.4.0-1085 4.15.0-\d+(-azure) 0:4.15.0-1106 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-184 0:1.6.11-0ubuntu1.3+esm2 0:2.14.1-0ubuntu3.29+esm6 1:2.1-0ubuntu1.7+esm3 0:2.1-0ubuntu1.7+esm3 1:9.9.5.dfsg-3ubuntu0.19+esm4 0:1.0.1f-1ubuntu2.27+esm2 0:4.1.0~20120320gitdb59704-9ubuntu0.1~esm2 4.4.0-\d+(-aws) 0:4.4.0-1086 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-203 4.15.0-\d+(-azure) 0:4.15.0-1108 0:2.7.6-8ubuntu0.6+esm8 0:3.4.3-1ubuntu1~14.04.7+esm10 0:2.7.6-8ubuntu0.6+esm9 0:2.7.6-8ubuntu0.6+esm10 1:2.1-0ubuntu1.7+esm4 0:2.1-0ubuntu1.7+esm4 0:3.2.3-2.2ubuntu0.1~esm1 0:1.9.1-1ubuntu0.1~esm1 1:2.2.2+dfsg-1ubuntu1+esm4 0:0.9.15-1ubuntu0.1~esm1 0:0.17.5+ds-1ubuntu0.1~esm1 0:3.4.2-1ubuntu1+esm1 0:8.0.5~dfsg.1-1ubuntu1+esm1 0:4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1 0:7.26-1ubuntu0.1+esm1 0:3.0.6.RELEASE-13ubuntu0.1~esm2 0:1.4.33-1+nmu2ubuntu2.1+esm1 0:2.1.0-2ubuntu0.0.1~esm1 0:0.1.18-1ubuntu0.1~esm1 0:4.01.0-3ubuntu3.1+esm1 0:1.0.11-1ubuntu0.1~esm1 0:3.99.5+repack1-3ubuntu1+esm3 0:2.6.5-1ubuntu0.1~esm5 0:2.6.5-1ubuntu0.1~esm6 0:0.2.12-1ubuntu0.1~esm2 0:1.3-1.1ubuntu1.1+esm3 0:3.4.5+dfsg-1ubuntu0.1~esm1 0:0.16.13-1ubuntu2.1+esm1 0:3.3.4-0ubuntu3.1+esm1 0:5.4.0-3ubuntu2.2+esm1 0:0.10.25~dfsg2-2ubuntu1.2+esm1 0:0.10.1-3ubuntu1+esm1 0:0.19.0-2ubuntu0.4+esm1 0:3.0.2-1ubuntu1.1~esm2 0:5.34.14-1ubuntu0.1~esm1 0:0.2.0~rc3-1ubuntu0.1~esm1 0:1.78-1ubuntu0.1~esm1 0:2.1.6-0ubuntu14.04.5+esm1 0:1.16.0-1ubuntu1.1+esm2 0:1.8.3-3ubuntu14.04.1~esm1 0:0.6.0-1ubuntu0.1+esm1 0:0.5.5-2ubuntu0.14.04.1+esm1 0:1.8.11-5ubuntu7.1+esm1 0:2.4.8+dfsg1-2ubuntu1.2+esm1 0:1.70.1-1ubuntu0.1~esm1 0:3.1.4~abc9f50-4ubuntu2+esm1 0:1.7.1-5ubuntu0.1~esm1 0:5.6.1-6+deb8u3ubuntu0.1~esm1 0:0.1.11+dfsg-1ubuntu0.1~esm1 0:0.3.6-1ubuntu0.1~esm1 4:4.0.10-1ubuntu0.1+esm4 0:0.38-1ubuntu2+esm1 0:1.19-9.3ubuntu0.1~esm1 0:5.8.0-14.1ubuntu3+esm1 0:0.7.67-2ubuntu1+esm1 1:5.6-2ubuntu0.1+esm2 0:0.1.24-1ubuntu0.14.04.1~esm1 0:1.17-5ubuntu0.1+esm1 0:1.18.1-1ubuntu0.1~esm1 0:1.9.3-2ubuntu0.1+esm1 0:5.4.1p1-1ubuntu0.1~esm1 4.4.0-\d+(-aws) 0:4.4.0-1087 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-204 4.15.0-\d+(-azure) 0:4.15.0-1109 4.15.0-\d+(-azure) 0:4.15.0-1110 4.4.0-\d+(-aws) 0:4.4.0-1088 0:3.0.21-7+deb8u1ubuntu0.1~esm1 1:1.1.24-0ubuntu0.14.04.2+esm1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-185 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-206 4.15.0-\d+(-azure) 0:4.15.0-1111 0:3.3.3-1ubuntu0.2+esm3 0:1.6+dfsg-1ubuntu1.1+esm1 0:3.4.2-0ubuntu0.14.04.1+esm3 0:7.35.0-1ubuntu2.20+esm7 4.4.0-\d+(-aws) 0:4.4.0-1090 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-208 2:1.15.1-0ubuntu2.11+esm4 4.15.0-\d+(-azure) 0:4.15.0-1112 0:1.4.4-2ubuntu1+esm1 4.15.0-\d+(-azure) 0:4.15.0-1113 4.4.0-\d+(-aws) 0:4.4.0-1091 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-209 4.4.0-\d+(-aws) 0:4.4.0-1092 4.4.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:4.4.0-210 0:0.103.2+dfsg-0ubuntu0.14.04.1+esm1 0:0.103.2+dfsg-0ubuntu0.14.04.1+esm2 0:1.2.1-9ubuntu0.3+esm1 0:4.0.4+dfsg-2ubuntu0.1+esm3 0:0.99.beta18-1ubuntu5.1+esm1 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 0:1.6.11-0ubuntu1.3+esm3 0:4.82-3ubuntu2.4+esm3 4.15.0-\d+(-azure) 0:4.15.0-1114 0:1.5.4-1ubuntu4+esm1 0:1.3+dfsg.1-2ubuntu2+esm1 0:2.14.1-0ubuntu3.29+esm7 2:1.6.2-1ubuntu2.1+esm2 0:1.4.6-1ubuntu3.9+esm2 0:0.0~r114-2ubuntu1+esm2 0:4.2.4-7ubuntu12.13+esm1 0:0.4.0-4ubuntu0.1~esm1 4.15.0-\d+(-azure) 0:4.15.0-1115 0:3.20210608.0ubuntu0.14.04.1+esm1 0:0.2.1-2ubuntu2.2+esm1 0:0.2.1-2ubuntu2.2+esm2 0:2.9.1+dfsg1-3ubuntu4.13+esm2 1:2.4.7-1ubuntu4.22+esm1 0:2.4.7-1ubuntu4.22+esm1 4.15.0-\d+(-azure) 0:4.15.0-1118 0:5.5.9+dfsg-1ubuntu4.29+esm14 0:0.6.31-4ubuntu1.3+esm1 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-186 4.4.0-\d+(-aws) 0:4.4.0-1094 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-212 4.15.0-\d+(-azure) 0:4.15.0-1121 0:0.60.7~20110707-1ubuntu1+esm2 0:1.0.25-7ubuntu2.2+esm2 0:0.2.4.27-1ubuntu0.1+esm2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-187 4.4.0-\d+(-aws) 0:4.4.0-1095 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-213 0:2.13-3ubuntu2+esm1 4.15.0-\d+(-azure) 0:4.15.0-1122 0:1.0.1f-1ubuntu2.27+esm3 0:1.0.1f-1ubuntu2.27+esm4 0:1.9.17.1-5ubuntu0.1+esm1 0:1.5.0-1ubuntu0.1~esm1 1:2013.1.13AR.1-2ubuntu2+esm1 4.4.0-\d+(-aws) 0:4.4.0-1096 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-214 0:2.11+dfsg-1ubuntu1.2+esm2 0:2.1.0-3ubuntu0.11+esm2 4.15.0-\d+(-azure) 0:4.15.0-1123 0:2.14.1-0ubuntu3.29+esm8 0:7.35.0-1ubuntu2.20+esm8 0:7.35.0-1ubuntu2.20+esm9 0:3.4.3-1ubuntu1~14.04.7+esm11 0:20190110~14.04.1~esm2 1:2.4.7-1ubuntu4.22+esm2 0:2.4.7-1ubuntu4.22+esm2 2:7.4.052-1ubuntu3.1+esm3 4.15.0-\d+(-azure) 0:4.15.0-1124 0:2.8.2-1ubuntu1.4+esm1 0:1.4-1ubuntu0.1~esm1 0:1.4.6-1ubuntu3.9+esm3 0:5.1.2-0ubuntu2.11+esm1 4.15.0-\d+(-azure) 0:4.15.0-1125 0:0.99.beta18-1ubuntu5.1+esm2 0:2.14.1-0ubuntu3.29+esm9 0:5.5.9+dfsg-1ubuntu4.29+esm15 1:9.9.5.dfsg-3ubuntu0.19+esm5 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-188 0:52.1-3ubuntu0.8+esm2 4.15.0-\d+(-azure) 0:4.15.0-1126 2:7.4.052-1ubuntu3.1+esm4 0:1.3.9-2ubuntu0.1~esm1 8:6.7.7.10-6ubuntu3.13+esm1 3:4.8.11-1ubuntu0.1~esm1 4.15.0-\d+(-azure) 0:4.15.0-1127 2:3.28.4-0ubuntu0.14.04.5+esm9 2:3.28.4-0ubuntu0.14.04.5+esm10 0:0.616-1ubuntu0.1~esm1 0:0.7.5-1ubuntu2+esm2 0:3.0.5-1ubuntu0.1~esm1 2:1.9.2-1ubuntu0.1~esm1 0:1.5.2-1ubuntu1+esm1 0:2.40.2-0ubuntu1.1+esm4 0:1.3.18-1ubuntu3.1+esm7 2:1.15.1-0ubuntu2.11+esm5 4.15.0-\d+(-azure) 0:4.15.0-1129 3.13.0-\d+(-generic|-generic-lpae|-lowlatency|-powerpc-e500|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp) 0:3.13.0-189 4.4.0-\d+(-aws) 0:4.4.0-1098 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-218 1:2.4.7-1ubuntu4.22+esm3 0:2.4.7-1ubuntu4.22+esm3 2:2.8.4-2ubuntu0.2+esm2 0:3.3.3-1ubuntu0.2+esm5 0:2.3.0-1ubuntu3.4+esm3 0:0.8.11-1ubuntu0.1~esm1 0:0.103.5+dfsg-0ubuntu0.14.04.1+esm1 0:0.7.67-2ubuntu1+esm2 0:4.3.3-1ubuntu0.1+esm2 0:0.16~a2.git20130520-2ubuntu0.1+esm1 0:5.1.2-0ubuntu2.11+esm2 0:0.2.0-4ubuntu1+esm1 0:0.105-4ubuntu3.14.04.6+esm1 0:1.5.2-3+deb8u3ubuntu1~esm4 1:4.1.5.1-1ubuntu9.5+esm1 0:0.7.5-1ubuntu2+esm3 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 4.15.0-\d+(-azure) 0:4.15.0-1130 0:1.6.11-0ubuntu1.3+esm4 0:1.8.11-5ubuntu7.1+esm2 0:2.1.0-4ubuntu1.4+esm4 0:2.54.3+14.04~esm1 0:2.54.3+14.04.0ubuntu0.1~esm3 4.15.0-\d+(-azure) 0:4.15.0-1131 4.4.0-\d+(-aws) 0:4.4.0-1099 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-219 0:2.1.25.dfsg1-17ubuntu0.1~esm2 4.15.0-\d+(-azure) 0:4.15.0-1133 4.4.0-\d+(-aws) 0:4.4.0-1101 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-221 0:2.1.0-4ubuntu1.4+esm6 0:1.0.1f-1ubuntu2.27+esm5 0:1.27.1-1ubuntu0.1+esm2 1:9.9.5.dfsg-3ubuntu0.19+esm6 1:2.4.7-1ubuntu4.22+esm4 0:2.4.7-1ubuntu4.22+esm4 4.15.0-\d+(-azure) 0:4.15.0-1134 0:3.4.3-1ubuntu1~14.04.7+esm12 0:2.7.6-8ubuntu0.6+esm12 4.4.0-\d+(-aws) 0:4.4.0-1102 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-222 0:13.2.0-1ubuntu1.2+esm2 1:13.2.0-1ubuntu1.2+esm2 1:1.2.8.dfsg-1ubuntu1.1+esm1 4.15.0-\d+(-azure) 0:4.15.0-1136 4.4.0-\d+(-aws) 0:4.4.0-1103 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-223 0:1.6.11-0ubuntu1.3+esm5 0:5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 0:1.6-3ubuntu1+esm1 0:2.0.3-0ubuntu1.14.04.3+esm2 0:4.3-7ubuntu1.8+esm2 4.15.0-\d+(-azure) 0:4.15.0-1137 0:1.2.15-8ubuntu1.1+esm2 0:2.68-1ubuntu0.2+esm1 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-224 4.15.0-\d+(-azure) 0:4.15.0-1138 0:4.0.3-7ubuntu0.11+esm1 0:2.9.1+dfsg1-3ubuntu4.13+esm3 0:0.103.6+dfsg-0ubuntu0.14.04.1+esm1 0:2.4.31-1+nmu2ubuntu8.5+esm5 1:8.31-2ubuntu2.3+esm1 0:1.8.27-8ubuntu1+esm2 4.15.0-\d+(-azure) 0:4.15.0-1139 0:5.9+20140118-1ubuntu1+esm1 1:2013.1.13AR.1-2ubuntu2+esm2 8:6.7.7.10-6ubuntu3.13+esm2 1:2013.1.13AR.1-2ubuntu2+esm3 0:1.42.9-3ubuntu1.3+esm3 0:2.0-1.42.9-3ubuntu1.3+esm3 0:2.1-1.42.9-3ubuntu1.3+esm3 4.4.0-\d+(-aws) 0:4.4.0-1107 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-227 4.15.0-\d+(-azure) 0:4.15.0-1142 0:5.9+20140118-1ubuntu1+esm2 3.13.0-\d+(-generic|-generic-lpae|-lowlatency) 0:3.13.0-190 4.15.0-\d+(-azure) 0:4.15.0-1145 1:2.4.7-1ubuntu4.22+esm5 0:2.4.7-1ubuntu4.22+esm5 1:2.4.7-1ubuntu4.22+esm6 0:2.4.7-1ubuntu4.22+esm6 1:2.4.7-1ubuntu4.22+esm8 0:2.4.7-1ubuntu4.22+esm8 0:6b1-4ubuntu1+esm1 0:7.35.0-1ubuntu2.20+esm11 0:1.4.16-1ubuntu2.6+esm1 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-229 4.4.0-\d+(-aws) 0:4.4.0-1109 4.15.0-\d+(-azure) 0:4.15.0-1146 0:2.7.6-8ubuntu0.6+esm11 0:3.4.3-1ubuntu1~14.04.7+esm13 0:6.01-1ubuntu0.14.04~esm1 0:4.0.3-7ubuntu0.11+esm2 0:0.12.0-1ubuntu0.1~esm3 4.4.0-\d+(-aws) 0:4.4.0-1110 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-230 0:1.3.0-0ubuntu2.1+esm2 4.4.0-\d+(-aws) 0:4.4.0-1111 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-231 0:0.83-4.1ubuntu1+esm1 4.15.0-\d+(-azure) 0:4.15.0-1149 1:1.2.8.dfsg-1ubuntu1.1+esm2 4.4.0-\d+(-aws) 0:4.4.0-1112 0:4.82-3ubuntu2.4+esm4 0:1.1.28-2ubuntu0.2+esm2 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-233 0:7.35.0-1ubuntu2.20+esm12 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-191 4.15.0-\d+(-azure) 0:4.15.0-1150 0:4.0.3-7ubuntu0.11+esm3 2:7.4.052-1ubuntu3.1+esm5 0:4.0.3-7ubuntu0.11+esm4 1:9.9.5.dfsg-3ubuntu0.19+esm7 0:3.5-1~ubuntu14.04.3+esm1 0:1.3.0-2ubuntu0.1~esm2 0:2.1.0-4ubuntu1.4+esm7 4.4.0-\d+(-aws) 0:4.4.0-1113 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-234 0:5.1.2-0ubuntu2.11+esm3 4.15.0-\d+(-azure) 0:4.15.0-1151 0:4.2.4-7ubuntu12.13+esm2 0:5.9.1-1ubuntu1.1+esm3 2:5.1.3+dfsg-1ubuntu1+esm1 0:6.0-9ubuntu1.6+esm1 0:1.6~git20131207+dfsg-1ubuntu1.2+esm1 4.15.0-\d+(-azure) 0:4.15.0-1153 0:1.3.0-3ubuntu0.14.04.2+esm1 0:5.18.2-2ubuntu1.7+esm4 1:1.1.1-1ubuntu0.1~esm1 0:7.35.0-1ubuntu2.20+esm13 0:1.6.18-0ubuntu4.5+esm3 1:2013.1.13AR.1-2ubuntu2+esm4 0:4.0.3-7ubuntu0.11+esm5 0:3.8.2-1ubuntu2.2+esm3 0:0.30.2-2ubuntu1.2+esm1 0:1.4.6-1ubuntu3.9+esm4 0:1.3.0-2ubuntu0.14.04.1+esm1 8:6.7.7.10-6ubuntu3.13+esm3 0:1.5.3-1ubuntu0.1~esm1 2:1.15.1-0ubuntu2.11+esm6 0:2.0-2ubuntu4.1+esm1 1:4.1.5.1-1ubuntu9.5+esm2 1:4.1.5.1-1ubuntu9.5+esm3 1:9.9.5.dfsg-3ubuntu0.19+esm9 4.4.0-\d+(-aws) 0:4.4.0-1114 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-235 0:2.9.1+dfsg1-3ubuntu4.13+esm4 0:20211016~14.04.1~esm1 0:1.6~git20131207+dfsg-1ubuntu1.2+esm2 0:2.7.6-8ubuntu0.6+esm13 0:2.0.0+dfsg-2ubuntu1.47+esm2 4.15.0-\d+(-azure) 0:4.15.0-1157 2:1.15.1-0ubuntu2.11+esm7 0:0.6-2ubuntu1.1+esm1 0:1.3.0-3ubuntu0.14.04.2+esm2 4.15.0-\d+(-azure) 0:4.15.0-1158 0:5.7.2~dfsg-8.1ubuntu3.3+esm3 0:0.5.3-15ubuntu0.2+esm1 0:1.6~git20131207+dfsg-1ubuntu1.2+esm3 4.4.0-\d+(-aws) 0:4.4.0-1115 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-236 4.15.0-\d+(-azure) 0:4.15.0-1159 1:3.5.10-1ubuntu0.1+esm1 1:1.9.1-1ubuntu0.10+esm1 0:1.8.9p5-1ubuntu1.5+esm7 0:3.3-1ubuntu2+esm1 0:0.24.0-1~ubuntu1.1+esm1 0:1.5.4-1ubuntu4+esm3 0:1.5.4-1ubuntu4+esm4 0:1.1.8-1ubuntu2.2+esm1 0:1.1.8-1ubuntu2.2+esm3 0:1.12+dfsg-2ubuntu5.4+esm3 2:7.4.052-1ubuntu3.1+esm6 0:0.616-1ubuntu0.1~esm2 0:4.0.3-7ubuntu0.11+esm6 0:1.8-5ubuntu0.1~esm1 0:1.0.1f-1ubuntu2.27+esm6 0:1.6~git20131207+dfsg-1ubuntu1.2+esm4 8:6.7.7.10-6ubuntu3.13+esm5 0:1.5.3-1ubuntu0.1~esm2 2:3.28.4-0ubuntu0.14.04.5+esm11 0:0.103.8+dfsg-0ubuntu0.14.04.1+esm1 2:3.28.4-0ubuntu0.14.04.5+esm12 0:7.35.0-1ubuntu2.20+esm14 0:1.27.1-1ubuntu0.1+esm3 0:14.4.1-3ubuntu1.1+esm2 0:14.4.1-3ubuntu1.1+esm3 0:1.5.2-3+deb8u3ubuntu1~esm6 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-192 0:4.0.3-7ubuntu0.11+esm7 4.15.0-\d+(-azure) 0:4.15.0-1162 4.15.0-\d+(-azure) 0:4.15.0-1162 4.4.0-\d+(-aws) 0:4.4.0-1116 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-237 1:204-5ubuntu20.31+esm2 0:204-5ubuntu20.31+esm2 0:1.12-2ubuntu0.14.04.1~esm1 0:2.5.0-9ubuntu1+esm1 0:1.4.7-1ubuntu0.1+esm1 0:1.2.1-2ubuntu0.1~esm1 0:2.7.6-8ubuntu0.6+esm14 2:7.4.052-1ubuntu3.1+esm7 0:7.35.0-1ubuntu2.20+esm15 1:3.3.3-2ubuntu1.1 1:3.3.3-2ubuntu1.1+esm2 0:0.3.2~RC1-3ubuntu0.1~esm1 0:2.36.0-0ubuntu3.2+esm1 0:1.3.18-1ubuntu3.1+esm8 0:0.9.15-1ubuntu0.1~esm2 2:7.4.052-1ubuntu3.1+esm8 0:0.10.2-3ubuntu1.14.04.2+esm1 4.4.0-\d+(-aws) 0:4.4.0-1117 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-239 2:7.4.052-1ubuntu3.1+esm9 0:2.9.1+dfsg1-3ubuntu4.13+esm5 4.15.0-\d+(-azure) 0:4.15.0-1163 0:2.68-1ubuntu0.2+esm2 0:1.0.1f-1ubuntu2.27+esm7 4.4.0-\d+(-aws) 0:4.4.0-1118 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-240 4.15.0-\d+(-azure) 0:4.15.0-1164 0:0.4.29-1ubuntu0.1~esm1 0:1.6.11-0ubuntu1.3+esm6 4.15.0-\d+(-azure) 0:4.15.0-1165 1:2.97-1+deb8u2ubuntu0.1~esm1 0:5.9+20140118-1ubuntu1+esm3 0:1.05-1ubuntu0.1~esm1 0:2.24-5ubuntu14.2+esm1 0:20230311~14.04.1~esm1 1:2.97-1+deb8u2ubuntu0.1~esm2 1:2.97-1+deb8u2ubuntu0.1~esm3 0:5.18.2-2ubuntu1.7+esm5 1:2.97-1+deb8u2ubuntu0.1~esm4 0:1.7.ubuntu-8ubuntu2.14.04.3+esm1 0:0.6.31-4ubuntu1.3+esm2 4.15.0-\d+(-azure) 0:4.15.0-1166 0:2.7.6-8ubuntu0.6+esm15 0:10.2.0-1ubuntu0.1~esm1 0:2.2.2-1ubuntu2.2+esm1 4.4.0-\d+(-aws) 0:4.4.0-1119 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-241 2:7.4.052-1ubuntu3.1+esm10 0:2.9.18+dfsg-6ubuntu2+esm1 0:2.40.2-0ubuntu1.1+esm6 1:2.24-0ubuntu2+esm1 0:2.0.0+dfsg-2ubuntu1.47+esm3 2:1.6.2-1ubuntu2.1+esm3 0:1.8.0-2ubuntu2+esm1 1:9.9.5.dfsg-3ubuntu0.19+esm10 0:1.0.1f-1ubuntu2.27+esm9 0:0.6.35-0ubuntu7.3+esm3 0:2.4.31-1+nmu2ubuntu8.5+esm6 0:4.1.0~20120320gitdb59704-9ubuntu0.1~esm3 0:2.6.0-1ubuntu0.14.04.1~esm1 4.15.0-\d+(-azure) 0:4.15.0-1167 4.4.0-\d+(-aws) 0:4.4.0-1120 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-242 0:4.0.3-7ubuntu0.11+esm8 0:0.9.9-4ubuntu0.1~esm1 0:2.0.4-4ubuntu0.1~esm1 0:7.35.0-1ubuntu2.20+esm16 1:6.6p1-2ubuntu2.13+esm1 0:0.9.12+debian-3ubuntu0.1~esm2 4.15.0-\d+(-azure) 0:4.15.0-1168 4.4.0-\d+(-aws) 0:4.4.0-1121 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-243 0:2.6.10-1~ubuntu14.04.0~esm2 2:7.4.052-1ubuntu3.1+esm11 0:2.2.14p2-5ubuntu5+esm1 1:6.6p1-2ubuntu2.13+esm2 0:4.0.3-7ubuntu0.11+esm9 2:7.4.052-1ubuntu3.1+esm12 0:0.103.9+dfsg-0ubuntu0.14.04.1+esm1 4.4.0-\d+(-aws) 0:4.4.0-1122 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-244 0:2.7-8+deb8u3ubuntu0.1~esm1 0:0.158-0ubuntu5.3+esm1 0:0.3.2~RC1-3ubuntu0.1~esm2 1:1.21.0-1ubuntu1.4+esm1 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-193 4.15.0-\d+(-azure) 0:4.15.0-1169 0:14.4.1-3ubuntu1.1+esm4 0:2.7.6-8ubuntu0.6+esm16 0:1.3.0-2ubuntu0.14.04.1+esm2 0:2.7.7-2ubuntu0.1~esm1 0:1.4.3-2ubuntu0.2+esm3 1:4.0.1+dfsg-2.1ubuntu2+esm1 0:2.24-5ubuntu14.2+esm3 4.4.0-\d+(-aws) 0:4.4.0-1123 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-245 8:6.7.7.10-6ubuntu3.13+esm6 0:2.7.6-8ubuntu0.6+esm17 4.15.0-\d+(-azure) 0:4.15.0-1170 2:1.6.2-1ubuntu2.1+esm5 1:3.5.10-1ubuntu0.1+esm2 0:4.82-3ubuntu2.4+esm6 0:2.24-5ubuntu14.2+esm5 0:1.10.1+dfsg-1ubuntu0.14.04.1~esm1 2:7.4.052-1ubuntu3.1+esm13 1:9.9.5.dfsg-3ubuntu0.19+esm11 0:4.0.3-7ubuntu0.11+esm10 0:7.35.0-1ubuntu2.20+esm17 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-246 4.4.0-\d+(-aws) 0:4.4.0-1124 4.15.0-\d+(-azure) 0:4.15.0-1171 0:5.9+20140118-1ubuntu1+esm4 2:7.4.052-1ubuntu3.1+esm14 2:1.15.1-0ubuntu2.11+esm8 0:4.82-3ubuntu2.4+esm7 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-194 0:1.12+dfsg-2ubuntu5.4+esm4 0:0.6.0-1ubuntu0.1+esm2 0:1.0.25-7ubuntu2.2+esm3 0:0.6.0-1ubuntu0.1+esm3 1:2.0.20-0ubuntu0.1+esm1 0:0.6.31-4ubuntu1.3+esm3 4.15.0-\d+(-azure) 0:4.15.0-1172 1:2.4.7-1ubuntu4.22+esm9 0:2.4.7-1ubuntu4.22+esm9 0:4.0.3-7ubuntu0.11+esm11 0:2.7.6-8ubuntu0.6+esm18 2:2.8.4-2ubuntu0.2+esm3 4.4.0-\d+(-aws) 0:4.4.0-1125 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-248 0:1.27.1-1ubuntu0.1+esm4 0:2.24-5ubuntu14.2+esm6 2:7.4.052-1ubuntu3.1+esm15 0:0.3.6-2ubuntu0.14.04.3+esm1 0:3.4.5+dfsg-1ubuntu0.1~esm3 1:5.6-2ubuntu0.1+esm3 0:3.1.1-5.1+deb8u4ubuntu0.1~esm1 0:0.5.3-15ubuntu0.2+esm2 0:3.15.4-3ubuntu0.1+esm3 2:1.15.1-0ubuntu2.11+esm9 0:1.1.8-1ubuntu2.2+esm4 0:3.1.1-5.1+deb8u4ubuntu0.1~esm2 0:2.11.0-1ubuntu1.2+esm2 0:2.11.0-1ubuntu1.2+esm3 0:2.7.2-2ubuntu0.1~esm2 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-195 4.4.0-\d+(-aws) 0:4.4.0-1127 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-250 4.15.0-\d+(-azure) 0:4.15.0-1173 0:0.80.11-0ubuntu1.14.04.4+esm2 8:6.7.7.10-6ubuntu3.13+esm7 1:4.1.5.1-1ubuntu9.5+esm4 0:4.0.3-7ubuntu0.11+esm12 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-196 4.4.0-\d+(-aws) 0:4.4.0-1128 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-251 4.15.0-\d+(-azure) 0:4.15.0-1174 0:2.9.1+dfsg1-3ubuntu4.13+esm6 0:5.9+20140118-1ubuntu1+esm5 2:7.4.052-1ubuntu3.1+esm16 3.13.0-\d+(-generic|-lowlatency) 0:3.13.0-197 4.4.0-\d+(-aws) 0:4.4.0-1129 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-252 4.15.0-\d+(-azure) 0:4.15.0-1175 0:2.36.0-0ubuntu3.2+esm2 2:1.15.1-0ubuntu2.11+esm11 2:1.15.1-0ubuntu2.11+esm12 0:1.6.11-0ubuntu1.3+esm7 1:9.9.5.dfsg-3ubuntu0.19+esm12 0:0.4-1ubuntu0.1~esm1 0:0.10.25~dfsg2-2ubuntu1.2+esm2 0:2.0.3-0ubuntu1.14.04.3+esm3 4.4.0-\d+(-aws) 0:4.4.0-1130 4.4.0-\d+(-generic|-lowlatency) 0:4.4.0-253 4.15.0-\d+(-azure) 0:4.15.0-1176 0:2.3.0-1ubuntu3.4+esm4 1:2.2.2+dfsg-1ubuntu1+esm5 0:458-2ubuntu0.1~esm1 0:2.6.0-1ubuntu0.14.04.1~esm2 0:2.19-0ubuntu6.15+esm3 0 65 0 66 0 68 0 70 0 72 0 74 0 76 0 79 0 80 0 81 0 85 0 86 0 87 0 89 0 96 0 97 0 98 0 99 0 100 0 101 0 102 python-django-doc python-django python-django-doc python-django mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 rsync qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips dpkg-dev dselect libdpkg-dev dpkg libdpkg-perl dpkg-dev dselect libdpkg-dev dpkg libdpkg-perl unity-services unity-autopilot libunity-2d-private0 unity-2d-spread libunity-core-6.0-9 libunity-2d-private-dev unity unity-2d libunity-core-6.0-dev unity-2d-shell unity-2d-panel unity-2d-common unity-services unity-autopilot libunity-2d-private0 unity-2d-spread libunity-core-6.0-9 libunity-2d-private-dev unity unity-2d libunity-core-6.0-dev unity-2d-shell unity-2d-panel unity-2d-common firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo libasm1 libdw-dev libelf1 libelf-dev elfutils libdw1 libasm-dev xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta jbigkit-bin libjbig-dev libjbig0 libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb 0: libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc libfontembed-dev libfontembed1 libcupsfilters-dev cups-filters cups-browsed cups-filters-core-drivers libcupsfilters1 libxfont1 libxfont1-udeb libxfont-dev python-django-doc python-django dovecot-pgsql dovecot-mysql dovecot-sieve dovecot-core dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev libpurple-dev pidgin pidgin-data finch-dev pidgin-dev libpurple-bin finch libpurple0 python3-lxml python-lxml python-lxml-doc libapache2-mod-wsgi libapache2-mod-wsgi-py3 0: libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin chkrootkit libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb 0: dpkg-dev dselect libdpkg-dev dpkg libdpkg-perl firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libjson-c2 libjson-c-doc libjson-c-dev libjson0 libjson0-dev libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 nova-api nova-common nova-compute-xen nova-api-os-compute nova-objectstore nova-novncproxy nova-api-os-volume nova-compute-lxc nova-consoleauth python-nova nova-network nova-api-ec2 nova-api-metadata nova-compute-kvm nova-xvpvncproxy nova-doc nova-conductor nova-volume nova-compute-vmware nova-spiceproxy nova-scheduler nova-console nova-ajax-console-proxy nova-cert nova-baremetal nova-compute nova-compute-libvirt nova-compute-qemu nova-cells python-cinder cinder-backup cinder-api cinder-volume cinder-common cinder-scheduler heat-api-cloudwatch heat-api-cfn heat-common python-heat heat-engine heat-api xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed neutron-plugin-nicira neutron-plugin-ibm neutron-plugin-openvswitch-agent neutron-plugin-nec neutron-l3-agent neutron-plugin-linuxbridge neutron-plugin-ml2 neutron-plugin-vpn-agent neutron-lbaas-agent neutron-plugin-metering-agent neutron-plugin-vmware neutron-plugin-cisco neutron-plugin-oneconvergence-agent neutron-plugin-linuxbridge-agent neutron-plugin-mlnx-agent neutron-plugin-metaplugin neutron-dhcp-agent neutron-plugin-mlnx neutron-plugin-openflow-agent neutron-plugin-midonet neutron-plugin-ryu-agent neutron-metering-agent neutron-plugin-hyperv neutron-server neutron-vpn-agent neutron-plugin-openvswitch python-neutron neutron-plugin-plumgrid neutron-plugin-ryu neutron-plugin-bigswitch neutron-plugin-nec-agent neutron-metadata-agent neutron-plugin-bigswitch-agent neutron-plugin-ibm-agent neutron-common neutron-plugin-brocade neutron-plugin-oneconvergence swift-account python-swift swift-doc swift-proxy swift-container swift swift-object-expirer swift-object libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass gnupg-udeb gpgv gpgv-udeb gnupg gnupg-curl scdaemon gpgsm gnupg-agent gnupg2 gpgv2 libnspr4-dev libnspr4 libnspr4-0d 0: dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libmagic-dev python-magic libmagic1 python3-magic file transmission-common transmission transmission-daemon transmission-qt transmission-gtk transmission-cli libminiupnpc-dev libminiupnpc8 miniupnpc 0: mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 liblwp-protocol-https-perl libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon libtasn1-6-dev libtasn1-3-bin libtasn1-bin libtasn1-3-dev libtasn1-6 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta liboxideqtcore0 oxideqt-codecs liboxideqt-qmlplugin oxideqmlscene oxideqt-codecs-extra libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin liblzo2-dev liblzo2-2-udeb liblzo2-2 tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples unity-services unity-autopilot libunity-2d-private0 unity-2d-spread libunity-core-6.0-9 libunity-2d-private-dev unity unity-2d libunity-core-6.0-dev unity-2d-shell unity-2d-panel unity-2d-common libknewstuff3-4 libktexteditor4 libkde3support4 libkutils4 libkdeui5 libnepomukutils4 libkprintutils4 kdelibs5-data kdelibs-bin libsolid4 libkdeclarative5 libknotifyconfig4 kdelibs5-plugins libkdnssd4 libkhtml5 libkemoticons4 libkunitconversion4 libkidletime4 libkmediaplayer4 libplasma3 libkdecore5 libkntlm4 libnepomuk4 libkpty4 libkparts4 libkdewebkit5 libnepomukquery4a libkrosscore4 libkfile4 kdelibs5-dev libkio5 libkcmutils4 libknewstuff2-4 libkdesu5 libkrossui4 libkimproxy4 libthreadweaver4 libkjsembed4 kdoctools libkjsapi4 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof libgpgme11 libgpgme11-dev libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libkadm5srv-mit9 libkadm5srv-mit8 libk5crypto3 krb5-user libgssrpc4 libkrb5support0 krb5-doc libkrb5-dev krb5-pkinit libkrb5-3 krb5-kdc-ldap krb5-otp libkadm5clnt-mit9 krb5-gss-samples krb5-multidev krb5-locales libgssapi-krb5-2 krb5-kdc libkrad-dev libkrad0 libkdb5-7 krb5-admin-server python-pycadf ceilometer-collector ceilometer-alarm-notifier python-ceilometer ceilometer-api ceilometer-alarm-evaluator ceilometer-agent-compute ceilometer-common ceilometer-agent-notification ceilometer-agent-central 0: libserf-1-1 libserf-dev libsvn-dev ruby-svn subversion-tools libapache2-svn libapache2-mod-svn python-subversion libsvn-java subversion libsvn-doc libsvn1 libsvn-perl libsvn-ruby1.8 0: openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo liboxideqtcore0 oxideqt-codecs liboxideqt-qmlplugin oxideqmlscene oxideqt-codecs-extra neutron-plugin-nicira neutron-plugin-ibm neutron-plugin-openvswitch-agent neutron-plugin-nec neutron-l3-agent neutron-plugin-linuxbridge neutron-plugin-ml2 neutron-plugin-vpn-agent neutron-lbaas-agent neutron-plugin-metering-agent neutron-plugin-vmware neutron-plugin-cisco neutron-plugin-oneconvergence-agent neutron-plugin-linuxbridge-agent neutron-plugin-mlnx-agent neutron-plugin-metaplugin neutron-dhcp-agent neutron-plugin-mlnx neutron-plugin-openflow-agent neutron-plugin-midonet neutron-plugin-ryu-agent neutron-metering-agent neutron-plugin-hyperv neutron-server neutron-vpn-agent neutron-plugin-openvswitch python-neutron neutron-plugin-plumgrid neutron-plugin-ryu neutron-plugin-bigswitch neutron-plugin-nec-agent neutron-metadata-agent neutron-plugin-bigswitch-agent neutron-plugin-ibm-agent neutron-common neutron-plugin-brocade neutron-plugin-oneconvergence glance-api python-glance-doc glance-common python-glance glance glance-registry openstack-dashboard python-django-horizon python-django-openstack openstack-dashboard-ubuntu-theme python-keystone keystone-doc keystone nova-api nova-common nova-compute-xen nova-api-os-compute nova-objectstore nova-novncproxy nova-api-os-volume nova-compute-lxc nova-consoleauth python-nova nova-network nova-api-ec2 nova-api-metadata nova-compute-kvm nova-xvpvncproxy nova-doc nova-conductor nova-volume nova-compute-vmware nova-spiceproxy nova-scheduler nova-console nova-ajax-console-proxy nova-cert nova-baremetal nova-compute nova-compute-libvirt nova-compute-qemu nova-cells liboxideqtcore0 oxideqt-codecs liboxideqt-qmlplugin oxideqmlscene oxideqt-codecs-extra squid squid-cgi squid3-common squid-purge squidclient squid3 libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure 0: liblua5.1-0 lua5.1 lua5.1-doc liblua5.1-0-dev libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 procmail libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed liboxideqtcore0 oxideqt-codecs liboxideqt-qmlplugin oxideqmlscene oxideqt-codecs-extra curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl python-django-doc python-django libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 0: firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools bash-builtins bash-doc bash-static bash bash-builtins bash-doc bash-static bash bash-builtins bash-doc bash-static bash bash-builtins bash-doc bash-static bash linuxvnc libvncserver0 libvncserver-config libvncserver-dev libvirt0 libvirt-dev libvirt-doc libvirt-bin libmagic-dev python-magic libmagic1 python3-magic file libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 exuberant-ctags firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta 0: bash-builtins bash-doc bash-static bash rsyslog-pgsql rsyslog-gssapi rsyslog-mysql rsyslog-gnutls rsyslog rsyslog-doc rsyslog-relp python3-requests python-requests hostapd wpagui wpasupplicant-udeb wpasupplicant mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb pollinate openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev libpurple-dev pidgin pidgin-data finch-dev pidgin-dev libpurple-bin finch libpurple0 php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed wget wget-udeb 0: ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libvirt0 libvirt-dev libvirt-doc libvirt-bin python-cinder cinder-backup cinder-api cinder-volume cinder-common cinder-scheduler python-keystone keystone-doc keystone nova-api nova-common nova-compute-xen nova-api-os-compute nova-objectstore nova-novncproxy nova-api-os-volume nova-compute-lxc nova-consoleauth python-nova nova-network nova-api-ec2 nova-api-metadata nova-compute-kvm nova-xvpvncproxy nova-doc nova-conductor nova-volume nova-compute-vmware nova-spiceproxy nova-scheduler nova-console nova-ajax-console-proxy nova-cert nova-baremetal nova-compute nova-compute-libvirt nova-compute-qemu nova-cells neutron-plugin-nicira neutron-plugin-ibm neutron-plugin-openvswitch-agent neutron-plugin-nec neutron-l3-agent neutron-plugin-linuxbridge neutron-plugin-ml2 neutron-plugin-vpn-agent neutron-lbaas-agent neutron-plugin-metering-agent neutron-plugin-vmware neutron-plugin-cisco neutron-plugin-oneconvergence-agent neutron-plugin-linuxbridge-agent neutron-plugin-mlnx-agent neutron-plugin-metaplugin neutron-dhcp-agent neutron-plugin-mlnx neutron-plugin-openflow-agent neutron-plugin-midonet neutron-plugin-ryu-agent neutron-metering-agent neutron-plugin-hyperv neutron-server neutron-vpn-agent neutron-plugin-openvswitch python-neutron neutron-plugin-plumgrid neutron-plugin-ryu neutron-plugin-bigswitch neutron-plugin-nec-agent neutron-metadata-agent neutron-plugin-bigswitch-agent neutron-plugin-ibm-agent neutron-common neutron-plugin-brocade neutron-plugin-oneconvergence qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev apparmor-docs python-apparmor libapparmor-dev libapparmor-perl libapparmor1 apparmor-notify apparmor-profiles python3-libapparmor python-libapparmor libpam-apparmor apparmor-easyprof apparmor python3-apparmor apparmor-utils libapache2-mod-apparmor dh-apparmor 0: squid squid-cgi squid3-common squid-purge squidclient squid3 libclamav-dev clamav-testfiles clamav-base clamav libclamav6 clamav-daemon clamav-milter clamav-docs clamav-freshclam firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc libflac-doc libflac-dev libflac++-dev flac libflac++6 libflac8 libksba8 libksba-dev xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta ppp-udeb ppp ppp-dev openvpn libapache2-mod-wsgi libapache2-mod-wsgi-py3 maas-dhcp maas-cli maas-common python-maas-client maas maas-dns python-django-maas maas-region-controller-min maas-cluster-controller maas-region-controller python-maas-provisioningserver libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof tcpdump libjasper-runtime libjasper-dev libjasper1 libgv-perl libcgraph6 libgv-tcl libgv-guile libxdot4 libgvc6-plugins-gtk libcdt5 graphviz libgv-php5 libgv-python libgv-lua libpathplan4 graphviz-doc libgvpr2 libgraphviz-dev graphviz-dev libgvc6 libgv-ruby xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host nvidia-current-dev libcuda1-304 nvidia-current-updates-dev nvidia-libopencl1-304-updates nvidia-experimental-304-dev nvidia-304-updates nvidia-304 nvidia-current nvidia-304-updates-dev nvidia-current-updates nvidia-304-dev libcuda1-304-updates nvidia-libopencl1-304 nvidia-opencl-icd-304-updates nvidia-opencl-icd-304 nvidia-experimental-304 nvidia-331 nvidia-opencl-icd-331 nvidia-libopencl1-331-updates nvidia-331-updates nvidia-319-updates-dev nvidia-opencl-icd-331-updates libcuda1-331-updates nvidia-319-updates nvidia-libopencl1-331 nvidia-319 libcuda1-331 nvidia-331-updates-dev nvidia-331-dev nvidia-331-updates-uvm nvidia-331-uvm nvidia-319-dev qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips mutt-patched mutt 0: 0: 0: ntp ntp-doc ntpdate strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix cgmanager-utils cgmanager cgmanager-tests libcgmanager-dev libcgmanager0 libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools mime-support bsd-mailx cpio firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast ubufox xul-ext-ubufox firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libyaml-0-2 libyaml-dev libyaml-libyaml-perl python-yaml python3-yaml 0: 0: python-django-doc python-django git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email unzip mktemp coreutils curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libgtk-3-0-udeb libgail-3-0 gtk-3-examples libgtk-3-0 gir1.2-gtk-3.0 libgail-3-dev libgtk-3-common libgail-3-doc libgtk-3-doc libgtk-3-bin libgtk-3-dev liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 libevent-2.0-5 libevent-extra-2.0-5 libevent-pthreads-2.0-5 libevent-core-2.0-5 libevent-dev libevent-openssl-2.0-5 libssh-4 libssh-dev libssh-doc debugedit rpm-i18n python-rpm rpm-common librpm-dev rpm2cpio librpmsign1 rpm librpmbuild3 librpm3 librpmio3 mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libasm1 libdw-dev libelf1 libelf-dev elfutils libdw1 libasm-dev libjasper-runtime libjasper-dev libjasper1 libunbound2 unbound python-unbound unbound-anchor unbound-host libunbound-dev openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo libclamav-dev clamav-testfiles clamav-base clamav libclamav6 clamav-daemon clamav-milter clamav-docs clamav-freshclam unzip libmagic-dev python-magic libmagic1 python3-magic file liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 binutils-dev binutils-multiarch-dev binutils-static binutils-doc binutils-multiarch binutils-static-udeb binutils binutils-source ntp ntp-doc ntpdate libkadm5srv-mit9 libkadm5srv-mit8 libk5crypto3 krb5-user libgssrpc4 libkrb5support0 krb5-doc libkrb5-dev krb5-pkinit libkrb5-3 krb5-kdc-ldap krb5-otp libkadm5clnt-mit9 krb5-gss-samples krb5-multidev krb5-locales libgssapi-krb5-2 krb5-kdc libkrad-dev libkrad0 libkdb5-7 krb5-admin-server postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xdmx-tools xserver-xephyr xserver-xorg-core-udeb xserver-common xserver-xephyr-lts-utopic xserver-xorg-core-lts-utopic xwayland-lts-utopic xserver-xorg-dev-lts-utopic xorg-server-source-lts-utopic php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed unzip dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libss2 e2fslibs-dev e2fsprogs e2fsck-static e2fslibs e2fsprogs-udeb libcomerr2 ss-dev comerr-dev libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass ca-certificates libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 0: 0: 0: 0: libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 icu-devtools libicu52 libicu-dev icu-doc libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin ecryptfs-utils python-ecryptfs libecryptfs0 libecryptfs-dev 0: 0: python3-requests python-requests libfontembed-dev libfontembed1 libcupsfilters-dev cups-filters cups-browsed cups-filters-core-drivers libcupsfilters1 sudo-ldap sudo php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libxfont1 libxfont1-udeb libxfont-dev libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast python-django-doc python-django libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin 0: 0: libmono-system-reactive-observable-aliases0.0-cil libmono-tasklets2.0-cil libmono-ldap4.0-cil libmono-system-reactive-interfaces2.2-cil libmono-system-json4.0-cil libmono-system-windows-forms-datavisualization4.0a-cil libmono-system-windows-forms4.0-cil libmono-cairo4.0-cil mono-dmcs libmono-microsoft-csharp4.0-cil libmono-rabbitmq2.0-cil mono-2.0-gac libmono-corlib4.5-cil libmono-system-json-microsoft4.0-cil libmono-sharpzip4.84-cil libmono-xbuild-tasks4.0-cil libmono-system-web-http4.0-cil libmono2.0-cil libmono-management4.0-cil libmonosgen-2.0-1 libmono-system-web4.0-cil libmono-ldap2.0-cil libmono-posix4.0-cil libmono-compilerservices-symbolwriter4.0-cil libmono-simd2.0-cil libmono-system-web-http-selfhost4.0-cil libmono-system-servicemodel4.0a-cil libmono-wcf3.0a-cil libmono-data-tds2.0-cil libmono-system-web-webpages-deployment2.0-cil libmono-windowsbase4.0-cil libmono-webbrowser4.0-cil libmono-messaging2.0-cil mono-runtime-common libmono-system-servicemodel-web4.0-cil libmono-2.0-1 libmono-oracle4.0-cil libmono-microsoft-build2.0-cil libmono-system-management4.0-cil libmono-system-ldap2.0-cil libmono-microsoft-build4.0-cil libmonosgen-2.0-dev libmono-system-design4.0-cil libmono-sqlite2.0-cil libmono-system-io-compression4.0-cil libmono-opensystem-c4.0-cil libmono-c5-1.1-cil libmono-system-xml4.0-cil libmono-npgsql2.0-cil libmono-sharpzip2.6-cil libmono-system-componentmodel-dataannotations4.0-cil libmono-rabbitmq4.0-cil monodoc-manual libmono-system-net2.0-cil libmono-relaxng2.0-cil libmono-system-data2.0-cil libmono-system-net-http-webrequest4.0-cil libmono-microsoft8.0-cil libmono-system-runtime-serialization4.0-cil libmono-system-data-services2.0-cil libmono-cil-dev libmono-cscompmgd8.0-cil libmono-system-xml-serialization4.0-cil libmono-system-dynamic4.0-cil libmono-system-xml-linq4.0-cil libmono-system-reactive-platformservices2.2-cil mono-runtime mono-4.0-gac mono-mcs libmono-windowsbase3.0-cil libmono-system-security4.0-cil libmono-system-reactive-linq2.2-cil libmono-system-data4.0-cil libmono-i18n2.0-cil libmono-system-reactive-windows-forms2.2-cil libmono-oracle2.0-cil libmono-system-web-extensions-design4.0-cil mono-gmcs libmono-i18n-mideast4.0-cil libmono-i18n4.0-all libmonoboehm-2.0-dev libmono-sqlite4.0-cil libmono-messaging4.0-cil libmono-debugger-soft2.0a-cil libmono-accessibility4.0-cil libmono-simd4.0-cil libmono-system-web-mvc3.0-cil libmono-system-web-http-webhost4.0-cil libmono-system-configuration4.0-cil libmono-system-json2.0-cil libmono-system-numerics4.0-cil libmono-system-data-services-client4.0-cil libmono-i18n4.0-cil libmono-system-enterpriseservices4.0-cil libmono-system-runtime-serialization-formatters-soap4.0-cil mono-xbuild libmono-profiler libmono-system-data-services4.0-cil libmono-microsoft-build-utilities-v4.0-4.0-cil libmono-system-web-webpages-razor2.0-cil libmono-system-drawing-design4.0-cil libmono-system-web-abstractions4.0-cil libmono-db2-1.0-cil libmono-system-web-services4.0-cil libmono-system-reactive-core2.2-cil libmono-system-servicemodel-routing4.0-cil libmono-system-xaml4.0-cil libmono-winforms2.0-cil libmono-microsoft-build-engine4.0-cil libmono-system-web2.0-cil libmono-microsoft-visualc10.0-cil libmono-system-web-razor2.0-cil libmono-system-transactions4.0-cil libmono-i18n-west4.0-cil libmono-system-runtime2.0-cil libmono-entityframework6.0-cil libmono-system-web-applicationservices4.0-cil libmono-cecil-private-cil libmono-debugger-soft4.0a-cil libmono-system-io-compression-filesystem4.0-cil libmono-system-ldap4.0-cil libmono-codecontracts4.0-cil libmono-system-net4.0-cil libmono-system-net-http-formatting4.0-cil libmono-system-identitymodel4.0-cil libmono-system-data-datasetextensions4.0-cil mono-csharp-shell mono-runtime-sgen libmono-sharpzip2.84-cil libmono-peapi2.0a-cil libmono-entityframework-sqlserver6.0-cil libmono-system-reactive-providers2.2-cil libmono-http4.0-cil libmono-relaxng4.0-cil libmono-system-configuration-install4.0-cil libmono-i18n-cjk4.0-cil libmono-security2.0-cil libmono-webbrowser2.0-cil libmono-system-reactive-runtime-remoting2.2-cil libmono-i18n-west2.0-cil mono-devel libmono-system-servicemodel-activation4.0-cil libmono-system-messaging2.0-cil libmono-tasklets4.0-cil libmono-system-runtime4.0-cil libmono-messaging-rabbitmq2.0-cil libmono-system-windows4.0-cil libmono-security4.0-cil libmono-system-serviceprocess4.0-cil libmono-system-componentmodel-composition4.0-cil libmono-cairo2.0-cil mono-runtime-boehm libmono-system-drawing4.0-cil libmono-system-reactive-windows-threading2.2-cil libmono-system-ldap-protocols4.0-cil libmono-accessibility2.0-cil libmono-xbuild-tasks2.0-cil libmono-microsoft-build-tasks-v4.0-4.0-cil libmono-system2.0-cil libmono-system-web-mvc1.0-cil libmono-system-runtime-caching4.0-cil libmono-system-reactive-experimental2.2-cil libmono-system-data-linq2.0-cil libmono-system-web-webpages2.0-cil libmono-system-web-mvc2.0-cil libmono-microsoft-build-framework4.0-cil libmono-system-web-routing4.0-cil libmono-i18n-rare4.0-cil libmono-system-runtime-durableinstancing4.0-cil libmono-system-servicemodel-discovery4.0-cil monodoc-base libmonoboehm-2.0-1 libmono-system-web-extensions4.0-cil libmono-npgsql4.0-cil libmono-system-messaging4.0-cil libmono-corlib4.0-cil libmono-webmatrix-data4.0-cil libmono-system4.0-cil libmono-microsoft-web-infrastructure1.0-cil libmono-i18n-other4.0-cil libmono-system-reactive-debugger2.2-cil libmono-peapi4.0a-cil libmono-corlib2.0-cil libmono-posix2.0-cil libmono-system-net-http4.0-cil mono-complete libmono-system-web-dynamicdata4.0-cil libmono-custommarshalers4.0-cil libmono-csharp4.0c-cil mono-gac libmono-2.0-dev libmono-system-threading-tasks-dataflow4.0-cil libmono-parallel4.0-cil mono-jay libmono-system-data-linq4.0-cil libmono-messaging-rabbitmq4.0-cil mono-2.0-service libmono-data-tds4.0-cil mono-utils libmono-management2.0-cil libmono-system-identitymodel-selectors4.0-cil libmono-web4.0-cil mono-4.0-service libmono-system-core4.0-cil libbatik-java bsdcpio libarchive13 bsdtar libarchive-dev firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libjakarta-taglibs-standard-java libjstl1.1-java xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc gnupg-udeb gpgv gpgv-udeb gnupg gnupg-curl scdaemon gpgsm gnupg-agent gnupg2 gpgv2 libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast mailman libtasn1-6-dev libtasn1-3-bin libtasn1-bin libtasn1-3-dev libtasn1-6 0: 0: dpkg-dev dselect libdpkg-dev dpkg libdpkg-perl ntp ntp-doc ntpdate libxrender-dev libxrender1-udeb libxrender1 python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 usb-creator-gtk usb-creator-kde usb-creator-common hostapd wpagui wpasupplicant-udeb wpasupplicant libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure tcpdump libnm-glib-vpn-dev libnm-util2 network-manager-dev libnm-glib-dev gir1.2-networkmanager-1.0 network-manager libnm-glib4 libnm-glib-vpn1 libnm-util-dev liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 0: 0: curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libxml-libxml-perl dnsmasq dnsmasq-utils dnsmasq-base libclamav-dev clamav-testfiles clamav-base clamav libclamav6 clamav-daemon clamav-milter clamav-docs clamav-freshclam ppp-udeb ppp ppp-dev 0: 0: 0: 0: firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libtasn1-6-dev libtasn1-3-bin libtasn1-bin libtasn1-3-dev libtasn1-6 icu-devtools libicu52 libicu-dev icu-doc libmodule-signature-perl qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 0: 0: libfuse2 libfuse-dev fuse libfuse2-udeb fuse-udeb python-dbusmock python3-dbusmock 0: postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libqtgui4 libqt4-core libqt4-designer qt4-default libqt4-webkit libqt4-svg libqtcore4 libqt4-sql-psql qt4-demos libqt4-gui libqt4-sql-tds libqt4-dbus libqt4-sql-odbc libqt4-script libqt4-xmlpatterns qt4-doc libqt4-xml libqt4-network libqt4-opengl libqt4-assistant libqt4-dev qt4-qmake libqt4-private-dev qt4-dev-tools qt4-qmlviewer libqt4-qt3support libqtdbus4 libqt4-declarative-folderlistmodel qt4-qtconfig qt4-linguist-tools libqt4-declarative-particles libqt4-test libqt4-opengl-dev libqt4-declarative-gestures qdbus libqt4-sql-sqlite qt4-doc-html libqt4-sql libqt4-declarative libqt4-help qtcore4-l10n libqt4-sql-mysql libqt4-scripttools libqt4-declarative-shaders libqt4-dev-bin qt4-designer libqt5opengl5 libqt5widgets5 libqt5concurrent5 libqt5sql5-mysql libqt5sql5-sqlite libqt5sql5-psql libqt5core5a libqt5network5 libqt5sql5 libqt5dbus5 libqt5gui5 libqt5opengl5-dev qtbase5-doc-html qtbase5-dev-tools qt5-qmake qtbase5-dev qtbase5-private-dev libqt5printsupport5 qtbase5-examples libqt5xml5 libqt5sql5-tds libqt5test5 libqt5sql5-odbc qt5-default t1utils strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: 0: 0: libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb 0: 0: 0: 0: 0: python3-aptdaemon.gtk3widgets aptdaemon-data python-aptdaemon-gtk python3-aptdaemon.test aptdaemon python3-aptdaemon python-aptdaemon python3-aptdaemon.pkcompat python-aptdaemon.gtk3widgets python-aptdaemon.gtkwidgets devscripts hostapd wpagui wpasupplicant-udeb wpasupplicant patch liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast unattended-upgrades php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libfontembed-dev libfontembed1 libcupsfilters-dev cups-filters cups-browsed cups-filters-core-drivers libcupsfilters1 0: 0: 0: dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libwmf-dev libwmf0.2-7-gtk libwmf0.2-7 libwmf-doc libwmf-bin python-django-doc python-django libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-be thunderbird-locale-es-ar thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-bg thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests nbd-client-udeb nbd-server nbd-client liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 0: 0: 0: libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin 0: 0: 0: qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host pcregrep libpcre3-dev libpcre3 libpcre3-udeb libpcrecpp0 tidy libtidy-0.99-0 libtidy-dev tidy-doc openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common lemon sqlite3-doc libsqlite3-0 libsqlite3-tcl sqlite3 libsqlite3-dev hplip-gui hplip-doc printer-driver-postscript-hp printer-driver-hpijs hplip libhpmud-dev libhpmud0 hpijs-ppds hplip-data libsane-hpaio printer-driver-hpcups 0: firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast ubufox xul-ext-ubufox firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast swift-account python-swift swift-doc swift-proxy swift-container swift swift-object-expirer swift-object python-keystoneclient firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast pollinate pollinate openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server libsnmp-perl libsnmp-dev libsnmp-base snmp libsnmp30 tkmib snmpd python-netsnmp xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta 0: 0: 0: python-django-doc python-django libsvn-dev ruby-svn subversion-tools libapache2-svn libapache2-mod-svn python-subversion libsvn-java subversion libsvn-doc libsvn1 libsvn-perl libsvn-ruby1.8 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-0-udeb libgdk-pixbuf2.0-doc gir1.2-gdkpixbuf-2.0 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libexpat1 expat libexpat1-dev lib64expat1-dev libexpat1-udeb lib64expat1 dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libvdpau-dev libvdpau1 libvdpau-doc libslp-dev openslp-doc slptool slpd libslp1 0: liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 spice-client libspice-server1 libspice-server-dev 0: libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 icu-devtools libicu52 libicu-dev icu-doc unity-settings-daemon unity-settings-daemon-dev ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast ubufox xul-ext-ubufox webaccounts-chromium-extension webaccounts-extension-common xul-ext-webaccounts xul-ext-websites-integration libufe-xidgetter0 xul-ext-unity firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips python-simplestreams simplestreams python-simplestreams-openstack python3-simplestreams python-simplestreams simplestreams python-simplestreams-openstack python3-simplestreams nvidia-current-dev libcuda1-304 nvidia-current-updates-dev nvidia-libopencl1-304-updates nvidia-304-updates nvidia-304 nvidia-current nvidia-304-updates-dev nvidia-experimental-304-dev nvidia-current-updates nvidia-304-dev libcuda1-304-updates nvidia-libopencl1-304 nvidia-opencl-icd-304-updates nvidia-opencl-icd-304 nvidia-experimental-304 nvidia-331 nvidia-opencl-icd-331 nvidia-opencl-icd-340-updates libcuda1-340 nvidia-340-updates nvidia-331-updates nvidia-340-updates-dev nvidia-340-updates-uvm nvidia-opencl-icd-331-updates nvidia-340-dev libcuda1-331-updates nvidia-libopencl1-331 nvidia-340 nvidia-opencl-icd-340 nvidia-340-uvm libcuda1-340-updates libcuda1-331 nvidia-331-updates-dev nvidia-331-dev nvidia-331-updates-uvm nvidia-libopencl1-340 nvidia-libopencl1-331-updates nvidia-libopencl1-340-updates nvidia-331-uvm libcuda1-346 nvidia-346-uvm nvidia-opencl-icd-346 nvidia-346 nvidia-opencl-icd-346-updates nvidia-libopencl1-346-updates nvidia-346-updates nvidia-libopencl1-346 nvidia-346-updates-dev nvidia-346-dev nvidia-346-updates-uvm libcuda1-346-updates 0: 0: 0: lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta rpcbind liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed 0: 0: 0: spice-client libspice-server1 libspice-server-dev libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-0-udeb libgdk-pixbuf2.0-doc gir1.2-gdkpixbuf-2.0 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libcommons-httpclient-java libcommons-httpclient-java-doc liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 click-doc libclick-0.4-dev libclick-0.4-0 click-dev packagekit-plugin-click gir1.2-click-0.4 python3-click click postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 0: 0: 0: libminiupnpc-dev libminiupnpc8 miniupnpc mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui ntp ntp-doc ntpdate openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed audiofile-tools libaudiofile-dev libaudiofile1 unzip unzip libnspr4-dev libnspr4 libnspr4-0d libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure 0: 0: 0: 0: 0: 0: 0: hostapd wpagui wpasupplicant-udeb wpasupplicant libkadm5srv-mit9 libkadm5srv-mit8 libk5crypto3 krb5-user libgssrpc4 libkrb5support0 krb5-doc libkrb5-dev krb5-pkinit libkrb5-3 krb5-kdc-ldap krb5-otp libkadm5clnt-mit9 krb5-gss-samples krb5-multidev krb5-locales libgssapi-krb5-2 krb5-kdc libkrad-dev libkrad0 libkdb5-7 krb5-admin-server strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev nvidia-current-dev libcuda1-304 nvidia-current-updates-dev nvidia-libopencl1-304-updates nvidia-current nvidia-304-updates nvidia-304 nvidia-304-updates-dev nvidia-opencl-icd-304 nvidia-experimental-304-dev nvidia-current-updates nvidia-304-dev libcuda1-304-updates nvidia-experimental-304 nvidia-libopencl1-304 nvidia-opencl-icd-304-updates nvidia-331 nvidia-opencl-icd-331 libcuda1-340 nvidia-340-updates nvidia-331-updates nvidia-opencl-icd-340-updates nvidia-340-updates-dev nvidia-340-updates-uvm nvidia-opencl-icd-331-updates nvidia-340-dev libcuda1-331-updates nvidia-libopencl1-331 nvidia-340 nvidia-opencl-icd-340 nvidia-340-uvm libcuda1-340-updates libcuda1-331 nvidia-331-updates-dev nvidia-331-dev nvidia-331-updates-uvm nvidia-libopencl1-340 nvidia-libopencl1-331-updates nvidia-libopencl1-340-updates nvidia-331-uvm nvidia-opencl-icd-352 nvidia-opencl-icd-352-updates libcuda1-346 nvidia-352-updates-dev nvidia-346 nvidia-opencl-icd-346-updates nvidia-libopencl1-352 nvidia-opencl-icd-346 nvidia-346-updates libcuda1-352 nvidia-libopencl1-346 nvidia-346-updates-dev nvidia-346-dev nvidia-libopencl1-346-updates nvidia-352 nvidia-libopencl1-352-updates libcuda1-346-updates nvidia-352-dev nvidia-352-updates libcuda1-352-updates libpng12-0-udeb libpng12-dev libpng3 libpng12-0 python-django-doc python-django icedtea-7-plugin icedtea-plugin icedtea-netx-common icedtea-6-plugin icedtea-netx openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta dpkg-dev dselect libdpkg-dev dpkg libdpkg-perl libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin 0: 0: liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libfontembed-dev libfontembed1 libcupsfilters-dev cups-filters cups-browsed cups-filters-core-drivers libcupsfilters1 libsndfile1 libsndfile1-dev sndfile-programs firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email grub-ieee1275 grub-efi-amd64 grub2-common grub-xen-bin grub-uboot-bin grub-common grub-efi-amd64-bin grub-firmware-qemu grub-theme-starfield grub-efi-arm grub-coreboot-bin grub2 grub-efi-arm64-bin grub-pc grub-emu grub-efi-arm-bin grub-linuxbios grub-xen grub-uboot grub-efi-ia32 grub-coreboot grub-efi-ia32-bin grub-ieee1275-bin grub-rescue-pc grub-mount-udeb grub-pc-bin grub-efi-arm64 grub-efi dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libfontembed-dev libfontembed1 libcupsfilters-dev cups-filters cups-browsed cups-filters-core-drivers libcupsfilters1 libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon 0: 0: 0: 0: sosreport 0: 0: 0: 0: libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass ldb-tools libldb-dev python-ldb-dev python-ldb libldb1 0: 0: xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 libpng12-0-udeb libpng12-dev libpng3 libpng12-0 python3-pygments python-pygments libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libvirt0 libvirt-dev libvirt-doc libvirt-bin isc-dhcp-relay isc-dhcp-dev isc-dhcp-client isc-dhcp-common isc-dhcp-server isc-dhcp-client-udeb isc-dhcp-server-ldap openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server 0: 0: 0: 0: dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev ecryptfs-utils python-ecryptfs libecryptfs0 libecryptfs-dev liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 rsync firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo 0: 0: 0: 0: qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 nettle-bin libhogweed2 nettle-dev libnettle4 libgail-doc libgtk2.0-0-udeb libgtk2.0-doc libgail-dev gir1.2-gtk-2.0 libgail-common gtk2.0-examples gtk2-engines-pixbuf libgtk2.0-common libgtk2.0-bin libgtk2.0-0 libgail18 libgtk2.0-dev eog-dev eog libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof xdelta3 libgraphite2-doc libgraphite2-3 libgraphite2-dev libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta liboxideqtcore0 liboxideqt-qmlplugin oxideqt-chromedriver oxideqt-codecs-extra oxideqmlscene oxideqt-codecs liboxideqtquick0 cpio 0: 0: 0: 0: 0: 0: 0: libssh-4 libssh-dev libssh-doc ca-certificates glib-networking glib-networking-services glib-networking-tests glib-networking-common libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb python-django-doc python-django python-django-doc python-django python-django-doc python-django libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libpixman-1-0 libpixman-1-dev libpixman-1-0-udeb libjasper-runtime libjasper-dev libjasper1 liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver squid squid-cgi squid3-common squid-purge squidclient squid3 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libbsh-java bsh bsh-doc bsh-src libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libgraphite2-doc libgraphite2-3 libgraphite2-dev 0: 0: 0: 0: exim4-dev eximon4 exim4 exim4-daemon-light exim4-config exim4-daemon-heavy exim4-base xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libpam-runtime libpam0g-dev libpam-modules libpam-modules-bin libpam-doc libpam-cracklib libpam0g libpam-runtime libpam0g-dev libpam-modules libpam-modules-bin libpam-doc libpam-cracklib libpam0g firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast gir1.2-javascriptcoregtk-1.0 libwebkitgtk-3.0-dev libwebkitgtk-common-dev libwebkitgtk-dev libwebkit-dev libjavascriptcoregtk-1.0-0 libwebkitgtk-3.0-common libwebkitgtk-3.0-0 gir1.2-webkit-1.0 libjavascriptcoregtk-1.0-dev gir1.2-javascriptcoregtk-3.0 gir1.2-webkit2-3.0 libwebkitgtk-1.0-0 libjavascriptcoregtk-3.0-bin libwebkit2gtk-3.0-25 libwebkit2gtk-3.0-dev libjavascriptcoregtk-3.0-0 libwebkitgtk-1.0-common libjavascriptcoregtk-3.0-dev gir1.2-webkit-3.0 git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc quagga quagga-doc openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo pcregrep libpcre3-dev libpcre3 libpcre3-udeb libpcrecpp0 xchat-gnome xchat-gnome-common 0: 0: 0: 0: 0: libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libsoup-gnome2.4-1 libsoup-gnome2.4-dev gir1.2-soup-2.4 libsoup2.4-1 libsoup2.4-dev libsoup2.4-doc libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass optipng php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver libtasn1-6-dev libtasn1-3-bin libtasn1-bin libtasn1-3-dev libtasn1-6 poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver liblcms2-dev liblcms2-2 liblcms2-utils openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo 0: openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server 0: 0: 0: 0: xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: 0: 0: 0: 0: bsdcpio libarchive13 bsdtar libarchive-dev libksba8 libksba-dev libexpat1 expat libexpat1-dev lib64expat1-dev libexpat1-udeb lib64expat1 php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof dosfstools dosfstools-udeb libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev 0: imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev squid squid-cgi squid3-common squid-purge squidclient squid3 0: 0: 0: 0: 0: libexpat1 expat libexpat1-dev lib64expat1-dev libexpat1-udeb lib64expat1 wget wget-udeb spice-client libspice-server1 libspice-server-dev liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver 0: 0: 0: 0: 0: xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples libgimp2.0-doc libgimp2.0-dev libgimp2.0 gimp-data gimp libimobiledevice-utils python-imobiledevice libimobiledevice4 libimobiledevice-dev libnspr4-dev libnspr4 libnspr4-0d libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev libpurple-dev pidgin pidgin-data finch-dev pidgin-dev libpurple-bin finch libpurple0 bsdcpio libarchive13 bsdtar libarchive-dev 0: 0: 0: 0: libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver libknewstuff3-4 libktexteditor4 libkde3support4 libkutils4 libkdeui5 libnepomukutils4 libkprintutils4 kdelibs5-data kdelibs-bin libsolid4 libkdeclarative5 libknotifyconfig4 kdelibs5-plugins libkdnssd4 libkhtml5 libkemoticons4 libkunitconversion4 libkidletime4 libkmediaplayer4 libplasma3 libkdecore5 libkntlm4 libnepomuk4 libkpty4 libkparts4 libkdewebkit5 libnepomukquery4a libkrosscore4 libkfile4 kdelibs5-dev libkio5 libkcmutils4 libknewstuff2-4 libkdesu5 libkrossui4 libkimproxy4 libthreadweaver4 libkjsembed4 kdoctools libkjsapi4 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl 0: 0: 0: liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo fontconfig-config libfontconfig1 fontconfig-udeb libfontconfig1-dev fontconfig gnupg-curl gnupg-udeb gpgv gpgv-udeb gnupg libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 gir1.2-harfbuzz-0.0 libharfbuzz-gobject0 libharfbuzz-dev libharfbuzz-icu0 libharfbuzz0b libharfbuzz-bin libharfbuzz0-udeb libharfbuzz-doc idn libidn11-dev libidn11-java libidn11 eog-dev eog 0: 0: xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta file-roller libimlib2-dev libimlib2 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples 0: 0: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-0-udeb libgdk-pixbuf2.0-doc gir1.2-gdkpixbuf-2.0 libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host python-django-doc python-django python3-imaging-tk python3-pil.imagetk python-imaging-compat python3-sane python-imaging-doc python-pil-doc python3-pil python-sane python-pil.imagetk python3-imaging python-imaging python-pil python-imaging-tk python-imaging-sane python3-imaging-sane python3-imaging-tk python3-pil.imagetk python-imaging-compat python3-sane python-imaging-doc python-pil-doc python3-pil python-sane python-pil.imagetk python3-imaging python-imaging python-pil python-imaging-tk python-imaging-sane python3-imaging-sane liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed ntp ntp-doc ntpdate 0: 0: quagga quagga-doc libdbd-mysql-perl 0: 0: mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 quagga quagga-doc firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light python-django-doc python-django dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev mailman dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host memcached nvidia-current-dev libcuda1-304 nvidia-libopencl1-304-updates nvidia-304-updates nvidia-304 nvidia-current nvidia-304-updates-dev nvidia-304-dev libcuda1-304-updates nvidia-libopencl1-304 nvidia-opencl-icd-304-updates nvidia-opencl-icd-304 nvidia-331 nvidia-opencl-icd-331 nvidia-libopencl1-331-updates libcuda1-340 nvidia-340-updates nvidia-331-updates nvidia-opencl-icd-340-updates nvidia-340-updates-dev nvidia-opencl-icd-331-updates nvidia-340-dev libcuda1-331-updates nvidia-libopencl1-331 nvidia-340 nvidia-opencl-icd-340 libcuda1-340-updates libcuda1-331 nvidia-331-updates-dev nvidia-331-dev nvidia-331-updates-uvm nvidia-libopencl1-340 nvidia-libopencl1-340-updates nvidia-340-uvm nvidia-331-uvm nvidia-opencl-icd-352 nvidia-opencl-icd-352-updates libcuda1-367 nvidia-352-updates-dev nvidia-libopencl1-352 nvidia-367-dev nvidia-opencl-icd-367 nvidia-367 nvidia-352-dev libcuda1-352 nvidia-libopencl1-367 nvidia-352 nvidia-libopencl1-352-updates nvidia-352-updates libcuda1-352-updates curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: 0: openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev tar-scripts tar liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 gstreamer0.10-plugins-good gstreamer0.10-plugins-good-doc gstreamer0.10-gconf gstreamer0.10-pulseaudio gstreamer1.0-pulseaudio gstreamer1.0-plugins-good-doc libgstreamer-plugins-good1.0-dev libgstreamer-plugins-good1.0-0 gstreamer1.0-plugins-good gstreamer0.10-plugins-good gstreamer0.10-plugins-good-doc gstreamer0.10-gconf gstreamer0.10-pulseaudio gstreamer1.0-pulseaudio gstreamer1.0-plugins-good-doc libgstreamer-plugins-good1.0-dev libgstreamer-plugins-good1.0-0 gstreamer1.0-plugins-good lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests python-moinmoin vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev libc-ares2 libc-ares-dev 0: 0: ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common 0: 0: liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass 0: 0: libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools exim4-dev eximon4 exim4 exim4-daemon-light exim4-config exim4-daemon-heavy exim4-base xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta 0: 0: linuxvnc libvncserver0 libvncserver-config libvncserver-dev dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host nvidia-current-dev libcuda1-304 nvidia-libopencl1-304-updates nvidia-304-updates nvidia-304 nvidia-current nvidia-304-updates-dev nvidia-304-dev libcuda1-304-updates nvidia-libopencl1-304 nvidia-opencl-icd-304-updates nvidia-opencl-icd-304 nvidia-331 nvidia-opencl-icd-331 nvidia-libopencl1-331-updates libcuda1-340 nvidia-340-updates nvidia-331-updates nvidia-opencl-icd-340-updates libcuda1-331-updates nvidia-opencl-icd-331-updates nvidia-340-dev nvidia-340-updates-dev nvidia-libopencl1-331 nvidia-340 nvidia-opencl-icd-340 libcuda1-340-updates libcuda1-331 nvidia-331-updates-dev nvidia-331-dev nvidia-331-updates-uvm nvidia-libopencl1-340 nvidia-libopencl1-340-updates nvidia-340-uvm nvidia-331-uvm nvidia-375-dev nvidia-libopencl1-375 nvidia-opencl-icd-367 nvidia-libopencl1-367 nvidia-367-dev nvidia-opencl-icd-375 libcuda1-367 libcuda1-375 nvidia-367 nvidia-375 mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libpcsclite-dev pcscd libpcsclite1 tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin irssi-dev irssi xpmutils libxpm-dev libxpm4 0: 0: squid squid-cgi squid3-common squid-purge squidclient squid3 nettle-bin libhogweed2 nettle-dev libnettle4 openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libgc-dev libgc1c2 python-crypto-doc python3-crypto python-crypto python-crypto-doc python3-crypto python-crypto dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host spice-client libspice-server1 libspice-server-dev libgtk-vnc-2.0-dev gir1.2-gtk-vnc-2.0 libgtk-vnc-1.0-dev libgtk-vnc-1.0-0 gvncviewer libgvnc-1.0-0 libgtk-vnc-2.0-0 libgvnc-1.0-dev python-gtk-vnc tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples tcpdump 0: 0: libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev w3m-img w3m munin-node munin munin-doc munin-plugins-core munin-async munin-plugins-extra munin-plugins-java munin-common munin-node munin munin-doc munin-plugins-core munin-async munin-plugins-extra munin-plugins-java munin-common firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast gir1.2-nmgtk-1.0 libnm-gtk-dev libnm-gtk-common network-manager-gnome libnm-gtk0 0: 0: imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev libknewstuff3-4 libktexteditor4 libkde3support4 libkutils4 libkdeui5 libnepomukutils4 libkprintutils4 kdelibs5-data kdelibs-bin libsolid4 libkdeclarative5 libknotifyconfig4 kdelibs5-plugins libkdnssd4 libkhtml5 libkemoticons4 libkunitconversion4 libkidletime4 libkmediaplayer4 libplasma3 libkdecore5 libkntlm4 libnepomuk4 libkpty4 libkparts4 libkdewebkit5 libnepomukquery4a libkrosscore4 libkfile4 kdelibs5-dev libkio5 libkcmutils4 libknewstuff2-4 libkdesu5 libkrossui4 libkimproxy4 libthreadweaver4 libkjsembed4 kdoctools libkjsapi4 lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests bsdcpio libarchive13 bsdtar libarchive-dev icu-devtools libicu52 libicu-dev icu-doc libevent-2.0-5 libevent-extra-2.0-5 libevent-pthreads-2.0-5 libevent-core-2.0-5 libevent-dev libevent-openssl-2.0-5 python3-imaging-tk python3-pil.imagetk python-imaging-compat python3-sane python-imaging-doc python-pil-doc python3-pil python-sane python-pil.imagetk python3-imaging python-imaging python-pil python-imaging-tk python-imaging-sane python3-imaging-sane libpurple-dev pidgin pidgin-data finch-dev pidgin-dev libpurple-bin finch libpurple0 imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta 0: python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev liboxideqtcore0 liboxideqt-qmlplugin liboxideqtquick-dev oxideqt-codecs-extra liboxideqtcore-dev oxideqmlscene oxideqt-codecs liboxideqtquick0 oxideqt-chromedriver libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof nvidia-current-dev libcuda1-304 nvidia-libopencl1-304-updates nvidia-304-updates nvidia-304 nvidia-current nvidia-304-updates-dev nvidia-304-dev libcuda1-304-updates nvidia-libopencl1-304 nvidia-opencl-icd-304-updates nvidia-opencl-icd-304 nvidia-331 nvidia-opencl-icd-331 nvidia-libopencl1-331-updates libcuda1-340 nvidia-340-updates nvidia-331-updates nvidia-opencl-icd-340-updates libcuda1-331-updates nvidia-opencl-icd-331-updates nvidia-340-dev nvidia-340-updates-dev nvidia-libopencl1-331 nvidia-340 nvidia-opencl-icd-340 libcuda1-340-updates libcuda1-331 nvidia-331-updates-dev nvidia-331-dev nvidia-331-updates-uvm nvidia-libopencl1-340 nvidia-libopencl1-340-updates nvidia-340-uvm nvidia-331-uvm libcuda1-367 nvidia-libopencl1-375 nvidia-367-dev nvidia-opencl-icd-367 nvidia-367 nvidia-375-dev nvidia-opencl-icd-375 libcuda1-375 nvidia-libopencl1-367 nvidia-375 audiofile-tools libaudiofile-dev libaudiofile1 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email gstreamer0.10-plugins-base-apps libgstreamer-plugins-base0.10-0 gir1.2-gst-plugins-base-0.10 gstreamer0.10-plugins-base libgstreamer-plugins-base0.10-dev gstreamer0.10-alsa gstreamer0.10-x gstreamer0.10-gnomevfs gstreamer0.10-plugins-base-doc libgstreamer-plugins-base1.0-dev libgstreamer-plugins-base1.0-0 gstreamer1.0-x gstreamer1.0-plugins-base-doc gstreamer1.0-plugins-base gir1.2-gst-plugins-base-1.0 gstreamer1.0-alsa gstreamer1.0-plugins-base-apps gstreamer0.10-plugins-good gstreamer0.10-plugins-good-doc gstreamer0.10-gconf gstreamer0.10-pulseaudio gstreamer1.0-pulseaudio gstreamer1.0-plugins-good-doc libgstreamer-plugins-good1.0-dev libgstreamer-plugins-good1.0-0 gstreamer1.0-plugins-good eject-udeb eject apparmor-docs python-apparmor libapparmor-dev libapparmor-perl libapparmor1 apparmor-notify apparmor-profiles python3-libapparmor python-libapparmor libpam-apparmor apparmor-easyprof apparmor python3-apparmor apparmor-utils libapache2-mod-apparmor dh-apparmor 0: 0: nagios3-core nagios3-doc nagios3-cgi nagios3-common nagios3 nagios3-core nagios3-doc nagios3-cgi nagios3-common nagios3 python-django-doc python-django 0: 0: dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 0: 0: mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools python-libxslt1 libxslt1-dev libxslt1.1 xsltproc ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure icu-devtools libicu52 libicu-dev icu-doc openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo passwd login uidmap passwd login uidmap xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-kab thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-it thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-vi thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin libbatik-java libfop-java fop fop-doc libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 librtmp0 librtmp-dev rtmpdump libknewstuff3-4 libktexteditor4 libkde3support4 libkutils4 libkdeui5 libnepomukutils4 libkprintutils4 kdelibs5-data kdelibs-bin libsolid4 libkdeclarative5 libknotifyconfig4 kdelibs5-plugins libkdnssd4 libkhtml5 libkemoticons4 libkunitconversion4 libkidletime4 libkmediaplayer4 libplasma3 libkdecore5 libkntlm4 libnepomuk4 libkpty4 libkparts4 libkdewebkit5 libnepomukquery4a libkrosscore4 libkfile4 kdelibs5-dev libkio5 libkcmutils4 libknewstuff2-4 libkdesu5 libkrossui4 libkimproxy4 libthreadweaver4 libkjsembed4 kdoctools libkjsapi4 git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email libytnef0-dev libytnef0 qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: 0: bash-builtins bash-doc bash-static bash libjasper-runtime libjasper-dev libjasper1 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libjbig2dec0 jbig2dec libjbig2dec0-dev libminiupnpc-dev libminiupnpc8 miniupnpc firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast juju juju-core juju-local juju-local-kvm strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev sudo-ldap sudo nvidia-375-dev nvidia-libopencl1-375 nvidia-opencl-icd-367 nvidia-libopencl1-367 nvidia-367-dev nvidia-opencl-icd-375 libcuda1-367 libcuda1-375 nvidia-367 nvidia-375 libsndfile1 libsndfile1-dev sndfile-programs ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd puppetmaster-common puppetmaster puppet-testsuite puppet puppet-common puppet-el puppetmaster-passenger vim-puppet libtasn1-6-dev libtasn1-3-bin libtasn1-bin libtasn1-3-dev libtasn1-6 libnl-route-3-dev libnl-nf-3-200 libnl-utils libnl-nf-3-dev libnl-genl-3-200-udeb libnl-route-3-200 libnl-cli-3-200 libnl-genl-3-dev libnl-3-200 libnl-3-200-udeb libnl-3-dev libnl-cli-3-dev libnl-genl-3-200 0: firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast irssi-dev irssi libgnutlsxx27 gnutls26-doc libgnutls26 libgnutls-dev libgnutls-openssl27 gnutls-bin libmwaw-dev libmwaw-tools libmwaw-0.1-1 libmwaw-doc zziplib-bin libzzip-dev libzzip-0-13 xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta exim4-dev eximon4 exim4 exim4-daemon-light exim4-config exim4-daemon-heavy exim4-base libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof 0: 0: libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools valgrind openvpn libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin 0: 0: dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass ntp ntp-doc ntpdate poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc gir1.2-evince-3.0 libevview3-3 evince-common libevince-dev evince libevdocument3-4 evince-gtk nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light heimdal-servers-x libhcrypto4-heimdal libwind0-heimdal libroken18-heimdal libgssapi3-heimdal heimdal-kcm libhdb9-heimdal libasn1-8-heimdal libsl0-heimdal libkadm5clnt7-heimdal heimdal-kdc libkdc2-heimdal heimdal-servers heimdal-clients-x libheimntlm0-heimdal heimdal-docs libheimbase1-heimdal libkrb5-26-heimdal libotp0-heimdal heimdal-dev libkafs0-heimdal libhx509-5-heimdal heimdal-multidev libkadm5srv8-heimdal heimdal-clients libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui spice-client libspice-server1 libspice-server-dev libexpat1 expat libexpat1-dev lib64expat1-dev libexpat1-udeb lib64expat1 mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 0: xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools xserver-xephyr-lts-xenial xserver-xorg-core-lts-xenial xserver-xorg-dev-lts-xenial xwayland-lts-xenial xorg-server-source-lts-xenial imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev 0: ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev gdb-multiarch gdb-source gdbserver gdb-minimal gdb gdb-doc gdb64 libiberty-dev freeradius-ldap freeradius-mysql freeradius-common libfreeradius-dev freeradius-postgresql freeradius-utils freeradius freeradius-iodbc freeradius-dialupadmin libfreeradius2 freeradius-krb5 libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin rabbitmq-server lxc-dev liblxc1 lxc-templates python3-lxc lxc lxc-tests 0: shotwell shotwell-common libfreerdp1 libfreerdp-plugins-standard freerdp-x11 libfreerdp-dev 0: php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libsoup-gnome2.4-1 libsoup-gnome2.4-dev gir1.2-soup-2.4 libsoup2.4-1 libsoup2.4-dev libsoup2.4-doc 0: 0: git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email libsvn-dev ruby-svn subversion-tools libapache2-svn libapache2-mod-svn python-subversion libsvn-java subversion libsvn-doc libsvn1 libsvn-perl libsvn-ruby1.8 libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast ubufox xul-ext-ubufox firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast 0: libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam libc-ares2 libc-ares-dev openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix libgraphite2-doc libgraphite2-3 libgraphite2-dev cvs augeas-tools libaugeas0 libaugeas-dev augeas-doc augeas-lenses texlive-fonts-recommended-doc texlive-pictures texlive-full texlive-luatex texlive-pictures-doc texlive-xetex texlive-metapost texlive-latex-base texlive-fonts-recommended texlive-latex-recommended-doc texlive-omega texlive-base texlive-generic-recommended texlive-metapost-doc texlive-latex-base-doc texlive texlive-latex-recommended ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common 0: 0: liblouis-bin liblouis2 python-louis liblouis-dev python3-louis liblouis-data fontforge-common fontforge libfontforge-dev python-fontforge fontforge-nox libgdraw4 libfontforge1 libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev bzr-doc python-bzrlib bzr python-bzrlib.tests bluez-audio bluez-pcmcia-support libbluetooth3 bluez-utils bluez-alsa bluez-gstreamer bluetooth bluez-compat bluez bluez-cups libbluetooth-dev qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips tcpdump xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-0-udeb libgdk-pixbuf2.0-doc gir1.2-gdkpixbuf-2.0 0: libidn2-0-dev libidn2-0 idn2 0: python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass emacs24-bin-common emacs24-lucid emacs24 emacs24-el emacs24-nox emacs24-common python-plist libplist-doc libplist-utils libplist-dev libplist1 libplist++-dev libplist++1 dnsmasq dnsmasq-utils dnsmasq-base libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools ca-certificates poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc idn libidn11-dev libidn11-java libidn11 firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta ocaml-mode ocaml-base-nox ocaml-nox camlp4 ocaml camlp4-extra ocaml-source ocaml-native-compilers ocaml-compiler-libs ocaml-interp ocaml-base git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email libtcltk-ruby1.9.1 ruby1.9.1-dev ri1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ruby1.9.1 ruby1.9.3 poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libxfont1 libxfont1-udeb libxfont-dev 0: 0: glance-api python-glance-doc glance-common python-glance glance glance-registry openstack-dashboard python-django-horizon python-django-openstack openstack-dashboard-ubuntu-theme nova-api nova-common nova-compute-xen nova-api-os-compute nova-objectstore nova-novncproxy nova-api-os-volume nova-compute-lxc nova-consoleauth python-nova nova-network nova-api-ec2 nova-api-metadata nova-compute-kvm nova-xvpvncproxy nova-doc nova-conductor nova-volume nova-compute-vmware nova-spiceproxy nova-scheduler nova-console nova-ajax-console-proxy nova-cert nova-baremetal nova-compute nova-compute-libvirt nova-compute-qemu nova-cells swift-account python-swift swift-doc swift-proxy swift-container swift swift-object-expirer swift-object ceph-fs-common ceph-mds librbd-dev rbd-fuse librbd1 librados-dev ceph-fuse python-ceph ceph-common libcephfs-java ceph libcephfs-dev ceph-resource-agents rest-bench radosgw librados2 ceph-test libcephfs-jni libcephfs1 xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools xserver-xephyr-lts-xenial xserver-xorg-core-lts-xenial xserver-xorg-dev-lts-xenial xwayland-lts-xenial xorg-server-source-lts-xenial libffi6-udeb libffi6 libffi-dev hostapd wpagui wpasupplicant-udeb wpasupplicant xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools xserver-xephyr-lts-xenial xserver-xorg-core-lts-xenial xserver-xorg-dev-lts-xenial xwayland-lts-xenial xorg-server-source-lts-xenial curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl icu-devtools libicu52 libicu-dev icu-doc mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 nvidia-opencl-icd-384 nvidia-libopencl1-375 nvidia-375-dev nvidia-libopencl1-384 nvidia-384-dev nvidia-opencl-icd-375 libcuda1-384 nvidia-384 libcuda1-375 nvidia-375 libstonithd2-dev pacemaker-remote libcib3-dev libpe-rules2-dev libpengine4-dev pacemaker-cli-utils libcrmcluster4-dev libtransitioner2-dev libpe-status4-dev libstonithd2 libcrmcluster4 libcrmcommon3-dev libpe-status4 libcrmcommon3 libcrmservice1 libcrmservice1-dev pacemaker liblrmd1-dev libpe-rules2 pacemaker-dev liblrmd1 libtransitioner2 libcib3 libpengine4 python3-werkzeug python-werkzeug python-werkzeug-doc wget wget-udeb irssi-dev irssi poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc 0: 0: quagga quagga-doc libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure liblouis-bin liblouis2 python-louis liblouis-dev python3-louis liblouis-data libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb postgresql-server-dev-all postgresql-client-common postgresql-common postgresql postgresql-contrib postgresql-doc postgresql-client firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui procmail 0: 0: libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass db5.3-doc libdb5.3-java-jni libdb5.3-tcl libdb5.3-java-dev libdb5.3-dev db5.3-util libdb5.3-stl-dev libdb5.3-sql libdb5.3++-dev db5.3-sql-util libdb5.3 libdb5.3-stl libdb5.3-java-gcj libdb5.3-sql-dev libdb5.3-java libdb5.3++ xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libldns-dev python-ldns ldnsutils libldns1 libraw9 libraw-doc libraw-bin libraw-dev libxml-libxml-perl optipng libpython2.7-minimal libpython2.7 python2.7 python2.7-minimal libpython2.7-testsuite libpython2.7-dev idle-python2.7 python2.7-doc python2.7-dev python2.7-examples libpython2.7-stdlib python3.4-dev libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4 python3.4-doc idle-python3.4 libpython3.4-minimal libpython3.4 python3.4-examples libpython3.4-stdlib openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libxfont1 libxfont1-udeb libxfont-dev libxcursor-dev libxcursor1 libxcursor1-udeb gir1.2-evince-3.0 libevview3-3 evince-common libevince-dev evince libevdocument3-4 evince-gtk python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev scsi-firmware nic-firmware linux-firmware rsync 0: 0: 0: 0: 0: python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev firefox-locale-nl firefox-locale-nn firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-ms firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-it firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-vi firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-uk firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc awstats tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples nvidia-opencl-icd-384 nvidia-libopencl1-375 nvidia-375-dev nvidia-libopencl1-384 nvidia-384-dev nvidia-opencl-icd-375 libcuda1-384 nvidia-384 libcuda1-375 nvidia-375 0: 0: 0: 0: irssi-dev irssi libtcltk-ruby1.9.1 ruby1.9.1-dev ri1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ruby1.9.1 ruby1.9.3 xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta intel-microcode intel-microcode intel-microcode libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-0-udeb libgdk-pixbuf2.0-doc gir1.2-gdkpixbuf-2.0 transmission-common transmission transmission-daemon transmission-qt transmission-gtk transmission-cli libc6-i386 libnss-dns-udeb libc6-ppc64 libc-bin libc6-x32 libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc6-dev-armel libnss-files-udeb glibc-doc nscd multiarch-support libc6-dev libc6-amd64 libc6-dev-amd64 libc6 libc6-dev-x32 libc6-udeb libc6-dev-i386 libc-dev-bin libc6-prof dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server libgimp2.0-doc libgimp2.0-dev libgimp2.0 gimp-data gimp 0: 0: 0: rsync firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libtasn1-6-dev libtasn1-3-bin libtasn1-bin libtasn1-3-dev libtasn1-6 libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl w3m-img w3m dovecot-pgsql dovecot-mysql dovecot-sieve dovecot-core dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd squid squid-cgi squid3-common squid-purge squidclient squid3 libgudev-1.0-dev gir1.2-gudev-1.0 libgudev-1.0-0 libsystemd-id128-dev systemd udev-udeb python-systemd libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libudev1 systemd-services libpam-systemd libsystemd-daemon0 libsystemd-login-dev udev libsystemd-daemon-dev libudev1-udeb libudev-dev libsystemd-login0 qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libvirt0 libvirt-dev libvirt-doc libvirt-bin libminiupnpc-dev libminiupnpc8 miniupnpc mailman postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 exim4-dev eximon4 exim4 exim4-daemon-light exim4-config exim4-daemon-heavy exim4-base php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed php5-recode php5-cgi php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5 php5-gmp php5-fpm php5-xmlrpc php5-sqlite php5-ldap php5-mysqlnd php5-readline php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed puppetmaster-common puppetmaster puppet-testsuite puppet puppet-common puppet-el puppetmaster-passenger vim-puppet libwavpack1 libwavpack-dev wavpack libvorbis0a libvorbisfile3 libvorbisenc2 libvorbis-dev advancecomp erlang-gs erlang-x11 erlang-jinterface erlang-asn1 erlang-inets erlang-snmp erlang-mode erlang-odbc erlang-typer erlang-common-test erlang-edoc erlang-examples erlang-ic erlang-os-mon erlang-syntax-tools erlang-ssl erlang-dev erlang-ssh erlang-ic-java erlang-megaco erlang-manpages erlang-appmon erlang erlang-runtime-tools erlang-eunit erlang-tools erlang-pman erlang-observer erlang-percept erlang-debugger erlang-parsetools erlang-public-key erlang-diameter erlang-corba erlang-doc erlang-reltool erlang-xmerl erlang-nox erlang-test-server erlang-eldap erlang-src erlang-tv erlang-webtool erlang-mnesia erlang-toolbar erlang-base-hipe erlang-crypto erlang-erl-docgen erlang-base erlang-et erlang-dialyzer quagga quagga-doc qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libvirt0 libvirt-dev libvirt-doc libvirt-bin libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-pdfimport libreoffice-base-core libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird python3-uno libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-draw libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za libreoffice-sdbc-postgresql openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure 0: 0: 0: sensible-utils twisted-doc python-twisted-news python-twisted-lore python-twisted-names python-twisted-words python-twisted-runner python-twisted-core python-twisted-web python-twisted python-twisted-mail python-twisted-bin python-twisted-conch isc-dhcp-relay isc-dhcp-client-noddns isc-dhcp-dev isc-dhcp-client isc-dhcp-common isc-dhcp-server isc-dhcp-client-udeb isc-dhcp-server-ldap dovecot-pgsql dovecot-mysql dovecot-sieve dovecot-core dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd memcached postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 irssi-dev irssi python-django-doc python-django libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam zsh-beta-doc zsh-static zsh-common zsh-beta zsh-dev zsh zsh-doc 0: libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed memcached libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc paramiko-doc python-paramiko libvorbis0a libvorbisfile3 libvorbisenc2 libvorbis-dev sharutils sharutils-doc libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc screen-resolution-extra zsh-beta-doc zsh-static zsh-common zsh-beta zsh-dev zsh zsh-doc firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast icu-devtools libicu52 libicu-dev icu-doc libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb librelp0 librelp-dev openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo libraw9 libraw-doc libraw-bin libraw-dev python-crypto-doc python3-crypto python-crypto linuxvnc libvncserver0 libvncserver-config libvncserver-dev 0: 0: 0: ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev libwayland-dev libwayland-server0 libwayland0 libwayland-cursor0 libwayland-client0 ubuntu-release-upgrader-core python3-distupgrade ubuntu-release-upgrader-gtk ubuntu-release-upgrader-qt patch libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 0: 0: ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common libqpdf-dev qpdf libqpdf21 0: 0: 0: wget wget-udeb firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips xdg-utils qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: 0: 0: libprocps3 libprocps3-dev procps spice-client libspice-server1 libspice-server-dev xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libbatik-java nvidia-opencl-icd-384 nvidia-libopencl1-375 nvidia-375-dev nvidia-libopencl1-384 nvidia-384-dev nvidia-opencl-icd-375 libcuda1-384 nvidia-384 libcuda1-375 nvidia-375 python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples libytnef0-dev libytnef0 exempi libexempi3 libexempi-dev liblouis-bin liblouis2 python-louis liblouis-dev python3-louis liblouis-data libasm1 libdw-dev libelf1 libelf-dev elfutils libdw1 libasm-dev git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email liblouis-bin liblouis2 python-louis liblouis-dev python3-louis liblouis-data libunbound2 unbound python-unbound unbound-anchor unbound-host libunbound-dev 0: gnupg-curl gnupg-udeb gpgv gpgv-udeb gnupg gpgsm gnupg-agent gnupg2 scdaemon gpgv2 0: 0: qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libvirt0 libvirt-dev libvirt-doc libvirt-bin imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0-dev ruby2.0 libmagic-dev python-magic libmagic1 python3-magic file libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 amd64-microcode amd64-microcode openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb libjasper-runtime libjasper-dev libjasper1 nasm 0: 0: 0: zziplib-bin libzzip-dev libzzip-0-13 exiv2 libexiv2-12 libexiv2-doc libexiv2-dev libsoup-gnome2.4-1 libsoup-gnome2.4-dev gir1.2-soup-2.4 libsoup2.4-1 libsoup2.4-dev libsoup2.4-doc libarchive-zip-perl firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libjpeg-turbo8 libjpeg-turbo-test libjpeg-turbo8-dev libturbojpeg libjpeg-turbo-progs ntp ntp-doc ntpdate libslp-dev openslp-doc slptool slpd libslp1 imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev libpng12-0-udeb libpng12-dev libpng3 libpng12-0 libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-vi thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-cy thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kab thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-testsuite thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-sv-se thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ka thunderbird-locale-nn-no thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-it thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-gl thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta libpolkit-backend-1-0 policykit-1-doc libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-gobject-1-0 policykit-1 gir1.2-polkit-1.0 libpolkit-backend-1-dev libpolkit-agent-1-dev mutt-patched mutt ant ant-doc ant-gcj ant-optional ant-optional-gcj libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples libedata-cal1.2-dev libebook1.2-dev libecal1.2-dev libedataserver-1.2-18 libebook-contacts-1.2-0 libebackend-1.2-7 evolution-data-server-online-accounts libebackend1.2-dev libcamel1.2-dev libecal-1.2-16 gir1.2-edataserver-1.2 libedataserver1.2-dev libebook-contacts1.2-dev gir1.2-ebookcontacts-1.2 evolution-data-server-doc libedata-book-1.2-20 libcamel-1.2-45 evolution-data-server evolution-data-server-common libedata-book1.2-dev libedata-cal-1.2-23 libebook-1.2-14 evolution-data-server-dev gir1.2-ebook-1.2 mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 libbcmail-java libbcpkix-java-doc libbcpkix-java libbcmail-java-doc libbcprov-java libbcpg-java libbcprov-java-doc libbcpg-java-doc libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam libxcursor-dev libxcursor1 libxcursor1-udeb lftp gnupg-curl gnupg-udeb gpgv gpgv-udeb gnupg openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo bsdcpio libarchive13 bsdtar libarchive-dev libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev 0: 0: 0: 0: postgresql-plpython-9.3 postgresql-server-dev-9.3 postgresql-9.3 postgresql-plperl-9.3 postgresql-doc-9.3 postgresql-plpython3-9.3 libecpg6 postgresql-pltcl-9.3 postgresql-client-9.3 libpgtypes3 libecpg-dev libpq-dev libpq5 postgresql-contrib-9.3 libecpg-compat3 hostapd wpagui wpasupplicant-udeb wpasupplicant spice-client libspice-server1 libspice-server-dev 0: 0: 0: libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev intel-microcode poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc libx11-6 libx11-data libx11-xcb-dev libx11-xcb1 libx11-doc libx11-6-udeb libx11-dev libtirpc1 libtirpc-dev transfig firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast zsh-beta-doc zsh-static zsh-common zsh-beta zsh-dev zsh zsh-doc curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libglib2.0-0 libglib2.0-0-refdbg libglib2.0-data libglib2.0-udeb libglib2.0-tests libglib2.0-doc libglib2.0-bin libglib2.0-dev ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host liblcms2-dev liblcms2-2 liblcms2-utils strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common strongswan-plugin-xauth-noauth strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-pkcs11 strongswan-plugin-xauth-eap strongswan-plugin-sshkey strongswan-plugin-error-notify strongswan-plugin-gcrypt strongswan-plugin-sql strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-aka libstrongswan strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-tnc-ifmap strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-xauth-pam strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-plugin-kernel-libipsec strongswan-plugin-ipseckey strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-ntru strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-tnc-client strongswan-plugin-load-tester strongswan-plugin-unity strongswan-plugin-led strongswan-plugin-eap-sim-file strongswan-plugin-systime-fix 0: 0: 0: firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast liblouis-bin liblouis2 python-louis liblouis-dev python3-louis liblouis-data apparmor-docs python-apparmor libapparmor-dev libapparmor-perl libapparmor1 apparmor-notify apparmor-profiles python3-libapparmor python-libapparmor libpam-apparmor apparmor-easyprof apparmor python3-apparmor apparmor-utils libapache2-mod-apparmor dh-apparmor imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev libxkbcommon-x11-dev libxkbcommon-dev libxkbcommon0 libxkbcommon-x11-0 tomcat7-common libservlet3.0-java tomcat7-docs libservlet3.0-java-doc tomcat7 libtomcat7-java tomcat7-user tomcat7-admin tomcat7-examples libkpathsea6 libptexenc1 libptexenc-dev libkpathsea-dev texlive-binaries libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam python-requests-whl python3-requests python-requests git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email libsnmp-perl libsnmp-dev libsnmp-base snmp libsnmp30 tkmib snmpd python-netsnmp thunderbird-locale-es-ar thunderbird-locale-br thunderbird-locale-bn thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-sl thunderbird-locale-sk thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-sv thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-hsb thunderbird-locale-cy thunderbird-locale-cs thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-pa thunderbird-locale-ka thunderbird-locale-ko thunderbird-locale-kk thunderbird-locale-kab thunderbird-locale-pl thunderbird-locale-zh-tw thunderbird-locale-pt thunderbird-locale-nn-no thunderbird-locale-nb-no thunderbird-locale-bn-bd thunderbird-locale-lt thunderbird-locale-en-gb xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-da thunderbird-locale-uk thunderbird-globalmenu thunderbird-testsuite thunderbird-dev thunderbird-locale-el thunderbird-locale-en-us thunderbird-locale-rm thunderbird-locale-ms thunderbird-locale-ro thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-ru thunderbird-locale-mk xul-ext-gdata-provider thunderbird-locale-fr thunderbird-locale-es-es thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-fi thunderbird-locale-ast thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-nb thunderbird-locale-en thunderbird-locale-zh-cn thunderbird-locale-gl thunderbird-locale-ga thunderbird-locale-tr thunderbird-locale-gd thunderbird-locale-ta thunderbird-locale-dsb thunderbird-locale-it thunderbird-locale-hy thunderbird-locale-sv-se thunderbird-locale-hr thunderbird-locale-hu thunderbird-locale-pa-in thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-is thunderbird thunderbird-locale-vi thunderbird-mozsymbols thunderbird-locale-es thunderbird-locale-id python-moinmoin libssh-4 libssh-dev libssh-doc libssh-4 libssh-dev libssh-doc paramiko-doc python-paramiko 0: 0: 0: mysql-source-5.5 mysql-client libmysqlclient18 libmysqlclient-dev libmysqld-pic mysql-client-core-5.5 mysql-client-5.5 mysql-server-5.5 mysql-common mysql-server mysql-testsuite mysql-server-core-5.5 libmysqld-dev mysql-testsuite-5.5 audiofile-tools libaudiofile-dev libaudiofile1 firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server ppp-udeb ppp ppp-dev spamassassin sa-compile spamc nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-milter clamav-docs clamav-freshclam libasprintf-dev gettext libasprintf0c2 gettext-el libgettextpo0 gettext-base libgettextpo-dev autopoint gettext-doc python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 0: 0: 0: 0: openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo libapache2-mod-perl2 libapache2-mod-perl2-doc libapache2-mod-perl2-dev qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass git gitweb git-gui git-daemon-sysvinit git-arch git-bzr git-el gitk git-all git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc libraw9 libraw-doc libraw-bin libraw-dev libwavpack1 libwavpack-dev wavpack libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb python3-lxml python-lxml python-lxml-doc libcupscgi1 libcups2-dev cups-bsd libcupsmime1 cups-common cups-core-drivers cups-server-common libcupsimage2 cups-client libcupscgi1-dev libcups2 libcupsmime1-dev cups-ppdc libcupsppdc1 cups libcupsppdc1-dev libcupsimage2-dev cups-daemon libpixman-1-0 libpixman-1-dev libpixman-1-0-udeb firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libfreerdp1 libfreerdp-plugins-standard freerdp-x11 libfreerdp-dev 0: 0: 0: 0: libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools python-django-doc python-django exiv2 libexiv2-12 libexiv2-doc libexiv2-dev bsdcpio libarchive13 bsdtar libarchive-dev caca-utils libcaca-dev libcaca0 libpolkit-backend-1-0 policykit-1-doc libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-gobject-1-0 policykit-1 gir1.2-polkit-1.0 libpolkit-backend-1-dev libpolkit-agent-1-dev irssi-dev irssi libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common thunderbird-locale-es-ar thunderbird-locale-br thunderbird-locale-bn thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-sl thunderbird-locale-sk thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-sv thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-hsb thunderbird-locale-cy thunderbird-locale-cs thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-pa thunderbird-locale-ka thunderbird-locale-ko thunderbird-locale-kk thunderbird-locale-kab thunderbird-locale-pl thunderbird-locale-zh-tw thunderbird-locale-pt thunderbird-locale-nn-no thunderbird-locale-nb-no thunderbird-locale-bn-bd thunderbird-locale-lt thunderbird-locale-en-gb xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-da thunderbird-locale-uk thunderbird-globalmenu thunderbird-testsuite thunderbird-dev thunderbird-locale-el thunderbird-locale-en-us thunderbird-locale-rm thunderbird-locale-ms thunderbird-locale-ro thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-ru thunderbird-locale-mk xul-ext-gdata-provider thunderbird-locale-fr thunderbird-locale-es-es thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-fi thunderbird-locale-ast thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-nb thunderbird-locale-en thunderbird-locale-zh-cn thunderbird-locale-gl thunderbird-locale-ga thunderbird-locale-tr thunderbird-locale-gd thunderbird-locale-ta thunderbird-locale-dsb thunderbird-locale-it thunderbird-locale-hy thunderbird-locale-sv-se thunderbird-locale-hr thunderbird-locale-hu thunderbird-locale-pa-in thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-is thunderbird thunderbird-locale-vi thunderbird-mozsymbols thunderbird-locale-es thunderbird-locale-id spice-client libspice-server1 libspice-server-dev 0: firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast libavahi-compat-libdnssd-dev libavahi-ui-gtk3-0 libavahi-core7-udeb libavahi-qt4-1 libavahi-core7 libavahi-client3 libavahi-core-dev libavahi-client-dev avahi-ui-utils libavahi-gobject-dev avahi-dnsconfd libavahi-compat-libdnssd1 libavahi-common3 avahi-daemon avahi-discover libavahi-common-dev libavahi-common-data avahi-utils libavahi-common3-udeb libavahi-ui-gtk3-dev libavahi-glib-dev libavahi-ui-dev libavahi-qt4-dev libavahi-gobject0 avahi-autoipd python-avahi libavahi-glib1 libavahi-ui0 linuxvnc libvncserver0 libvncserver-config libvncserver-dev 0: 0: 0: dovecot-pgsql dovecot-mysql dovecot-sieve dovecot-core dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libreoffice-mysql-connector libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-impress libreoffice-officebean libreoffice-base libreoffice-librelogo libreoffice-java-common browser-plugin-libreoffice libreoffice-subsequentcheckbase libreoffice-style-tango libreoffice-sdbc-postgresql libreoffice-style-crystal libreoffice-kde libreoffice-l10n-ku libreoffice-style-galaxy libreoffice-style-hicontrast libreoffice-core libreoffice-presenter-console libreoffice-script-provider-bsh libreoffice-avmedia-backend-gstreamer libreoffice-script-provider-python libreoffice-common libreoffice-gnome libreoffice-dev libreoffice-gtk3 libreoffice-report-builder libreoffice-base-core libreoffice-draw libreoffice-ogltrans libreoffice-sdbc-hsqldb libreoffice-gtk libreoffice-calc libreoffice-base-drivers libreoffice-style-oxygen libreoffice-emailmerge libreoffice-style-human libreoffice-sdbc-firebird libreoffice-pdfimport libreoffice-math libreoffice-writer libreoffice-report-builder-bin libreoffice-script-provider-js libreoffice libreoffice-style-sifr libreoffice-dev-doc libreoffice-l10n-in libreoffice-l10n-za python3-uno openoffice.org-dtd-officedocument1.0 fonts-opensymbol uno-libs3 ure bsdcpio libarchive13 bsdtar libarchive-dev openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server openssh-server-udeb openssh-client openssh-server ssh-askpass-gnome ssh ssh-krb5 openssh-client-udeb openssh-sftp-server poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc ubuntu-core-snapd-units ubuntu-core-launcher snap-confine ubuntu-snappy-cli golang-github-snapcore-snapd-dev snapd-xdg-open snapd golang-github-ubuntu-core-snappy-dev ubuntu-snappy dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host gnome-keyring libpam-gnome-keyring libp11-kit-gnome-keyring ldb-tools libldb-dev python-ldb-dev python-ldb libldb1 firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-csb firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-vi firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast thunderbird-locale-es-ar thunderbird-locale-br thunderbird-locale-bn thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-sl thunderbird-locale-sk thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-sv thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-hsb thunderbird-locale-cy thunderbird-locale-cs thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-pa thunderbird-locale-ka thunderbird-locale-ko thunderbird-locale-kk thunderbird-locale-kab thunderbird-locale-pl thunderbird-locale-zh-tw thunderbird-locale-pt thunderbird-locale-nn-no thunderbird-locale-nb-no thunderbird-locale-bn-bd thunderbird-locale-lt thunderbird-locale-en-gb xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-da thunderbird-locale-uk thunderbird-globalmenu thunderbird-testsuite thunderbird-dev thunderbird-locale-el thunderbird-locale-en-us thunderbird-locale-rm thunderbird-locale-ms thunderbird-locale-ro thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-ru thunderbird-locale-mk xul-ext-gdata-provider thunderbird-locale-fr thunderbird-locale-es-es thunderbird-locale-ta-lk thunderbird-locale-fy thunderbird-locale-fi thunderbird-locale-ast thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-nb thunderbird-locale-en thunderbird-locale-zh-cn thunderbird-locale-gl thunderbird-locale-ga thunderbird-locale-tr thunderbird-locale-gd thunderbird-locale-ta thunderbird-locale-dsb thunderbird-locale-it thunderbird-locale-hy thunderbird-locale-sv-se thunderbird-locale-hr thunderbird-locale-hu thunderbird-locale-pa-in thunderbird-locale-he thunderbird-locale-ar thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-is thunderbird thunderbird-locale-vi thunderbird-mozsymbols thunderbird-locale-es thunderbird-locale-id libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libgd3 libgd-dev libgd2-xpm-dev libgd-tools libgd2-noxpm-dev 0: php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed poppler-utils libpoppler-qt5-1 libpoppler-cpp-dev libpoppler-cpp0 gir1.2-poppler-0.18 libpoppler-dev libpoppler-glib8 libpoppler-private-dev libpoppler-qt4-dev libpoppler-glib-dev libpoppler-qt4-4 libpoppler44 libpoppler-qt5-dev libpoppler-glib-doc libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc walinuxagent 0: 0: 0: ghostscript ghostscript-x libgs-dev ghostscript-doc libgs9 libgs9-common ubuntu-core-snapd-units ubuntu-core-launcher snap-confine ubuntu-snappy-cli golang-github-snapcore-snapd-dev snapd-xdg-open snapd golang-github-ubuntu-core-snappy-dev ubuntu-snappy firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-vi firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-csb firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast firefox-locale-nl firefox-locale-nn firefox-locale-ne firefox-locale-nb firefox-locale-fa firefox-locale-fi firefox-locale-fr firefox-locale-fy firefox-locale-or firefox-locale-kab firefox-testsuite firefox-locale-oc firefox-locale-cs firefox-locale-ga firefox-locale-gd firefox-locale-gn firefox-locale-gl firefox-locale-gu firefox-locale-pa firefox-locale-pl firefox-locale-cy firefox-locale-pt firefox-locale-hi firefox-locale-uk firefox-locale-he firefox-locale-hy firefox-locale-hr firefox-locale-hu firefox-locale-as firefox-locale-ar firefox-locale-ia firefox-locale-az firefox-locale-id firefox-locale-mai firefox-locale-af firefox-locale-is firefox-locale-it firefox-locale-an firefox-locale-bs firefox firefox-locale-ro firefox-locale-ja firefox-locale-ru firefox-locale-br firefox-locale-zh-hant firefox-locale-zh-hans firefox-locale-bn firefox-locale-be firefox-locale-bg firefox-locale-sl firefox-locale-sk firefox-locale-si firefox-locale-sw firefox-locale-sv firefox-locale-sr firefox-locale-sq firefox-locale-ko firefox-locale-kn firefox-locale-km firefox-locale-kk firefox-locale-ka firefox-locale-xh firefox-locale-ca firefox-locale-ku firefox-mozsymbols firefox-locale-lv firefox-locale-lt firefox-locale-th firefox-locale-hsb firefox-dev firefox-locale-te firefox-locale-cak firefox-locale-ta firefox-locale-lg firefox-locale-csb firefox-locale-tr firefox-locale-nso firefox-locale-de firefox-locale-da firefox-locale-ms firefox-locale-mr firefox-locale-my firefox-globalmenu firefox-locale-uz firefox-locale-ml firefox-locale-mn firefox-locale-mk firefox-locale-ur firefox-locale-eu firefox-locale-et firefox-locale-es firefox-locale-vi firefox-locale-el firefox-locale-eo firefox-locale-en firefox-locale-zu firefox-locale-ast xmltooling-schemas libxmltooling6 libxmltooling-doc libxmltooling-dev php5-recode php5-cgi php5-enchant php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-curl php5 php5-gmp php5-fpm php5-xmlrpc php5-sqlite php5-ldap php5-mysqlnd php5-readline php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed qemu-system-common qemu-user-static qemu-system-misc qemu qemu-kvm qemu-user qemu-keymaps qemu-guest-agent qemu-system qemu-utils qemu-system-aarch64 qemu-system-x86 qemu-common qemu-system-sparc qemu-system-arm qemu-system-ppc qemu-system-mips libfreeimage3 libfreeimage-dev xul-ext-gdata-provider thunderbird-locale-bn thunderbird-locale-fr thunderbird-locale-en-us thunderbird-locale-es-es thunderbird-locale-nb-no thunderbird-locale-br thunderbird-locale-dsb thunderbird-locale-fy thunderbird-locale-kab thunderbird-locale-mk thunderbird-locale-bn-bd thunderbird-locale-hu thunderbird-locale-es-ar thunderbird-locale-be thunderbird-locale-bg thunderbird-locale-ja thunderbird-locale-lt thunderbird-locale-sl thunderbird-locale-en-gb thunderbird-locale-sv-se thunderbird-locale-si thunderbird-gnome-support thunderbird-locale-hr xul-ext-calendar-timezones thunderbird-locale-de thunderbird-locale-en thunderbird-locale-da thunderbird-locale-nl thunderbird-locale-nn xul-ext-lightning thunderbird-locale-ga-ie thunderbird-locale-fy-nl thunderbird-locale-sv thunderbird-locale-pa-in thunderbird-locale-it thunderbird-locale-sr thunderbird-locale-sq thunderbird-locale-he thunderbird-locale-hsb thunderbird-locale-kk thunderbird-locale-ar thunderbird-locale-uk thunderbird-globalmenu thunderbird-locale-zh-cn thunderbird-locale-ta-lk thunderbird-locale-ru thunderbird-locale-cs thunderbird-mozsymbols thunderbird-locale-fi thunderbird-locale-ro thunderbird-locale-af thunderbird-locale-pt-pt thunderbird-locale-sk thunderbird-dev thunderbird-locale-cy thunderbird-locale-hy thunderbird-locale-ca thunderbird-locale-pt-br thunderbird-locale-el thunderbird-locale-nn-no thunderbird-locale-pa thunderbird-locale-rm thunderbird-locale-ms thunderbird-locale-gl thunderbird-locale-ko thunderbird-locale-ga thunderbird-locale-ast thunderbird-locale-tr thunderbird-locale-vi thunderbird-locale-pl thunderbird-locale-gd thunderbird-locale-zh-tw thunderbird-locale-id thunderbird-locale-ka thunderbird thunderbird-locale-nb thunderbird-locale-pt thunderbird-locale-eu thunderbird-locale-et thunderbird-locale-zh-hant thunderbird-locale-zh-hans thunderbird-locale-is thunderbird-locale-es thunderbird-locale-ta dovecot-pgsql dovecot-mysql dovecot-sieve dovecot-core dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd firebird2.5-doc libfbclient2 firebird2.5-classic-common libfbembed2.5 firebird2.5-server-common firebird2.5-common firebird2.5-classic firebird2.5-common-doc firebird2.5-superclassic libib-util firebird-dev firebird2.5-examples firebird2.5-super 0: 0: 0: 0: libpolkit-backend-1-0 policykit-1-doc libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-gobject-1-0 policykit-1 gir1.2-polkit-1.0 libpolkit-backend-1-dev libpolkit-agent-1-dev busybox udhcpc busybox-syslogd udhcpd busybox-initramfs busybox-udeb busybox-static advancecomp libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-mpm-worker apache2-suexec-custom apache2-suexec apache2 apache2-suexec-pristine apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin libgudev-1.0-dev libgudev-1.0-0 gir1.2-gudev-1.0 libsystemd-id128-dev systemd udev-udeb python-systemd libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libudev1 systemd-services libpam-systemd libudev-dev libsystemd-daemon0 libsystemd-login-dev udev libsystemd-daemon-dev libudev1-udeb libsystemd-login0 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-docs clamav-milter clamav-freshclam openjdk-7-jre-zero openjdk-7-source icedtea-7-jre-jamvm openjdk-7-tests openjdk-7-jre-lib openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-doc openjdk-7-demo wget wget-udeb hostapd wpagui wpasupplicant wpasupplicant-udeb ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-full libruby1.9.1 ri1.9.1 ruby1.9.1 ruby1.9.3 ruby2.0-tcltk libruby2.0 ruby2.0-doc ruby2.0 ruby2.0-dev rssh python-libxslt1 libxslt1-dev libxslt1.1 xsltproc php5-recode php5-cgi php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5 php5-gmp php5-fpm php5-xmlrpc php5-sqlite php5-ldap php5-mysqlnd php5-readline php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host libisccfg90 libisc95 bind9-host bind9 lwresd mariadb-test-5.5 mariadb-server libmariadbd-dev mariadb-test mariadb-server-core-5.5 mariadb-common mariadb-client-core-5.5 mariadb-client-5.5 mariadb-server-5.5 libmariadbclient-dev libmariadbclient18 mariadb-client sudo-ldap sudo sudo-ldap sudo hostapd wpagui wpasupplicant-udeb wpasupplicant libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev samba-vfs-modules winbind smbclient python-samba libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass intel-microcode intel-microcode intel-microcode qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips 0: 0: 0: libvirt0 libvirt-bin python-urllib3 python-urllib3-whl python3-urllib3 curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl keepalived screen libseccomp-dev libseccomp2 seccomp db5.3-doc libdb5.3-java-jni libdb5.3++ libdb5.3-tcl libdb5.3-java-dev libdb5.3-dev db5.3-util libdb5.3-stl-dev libdb5.3-sql libdb5.3++-dev db5.3-sql-util libdb5.3 libdb5.3-stl libdb5.3-java-gcj libdb5.3-sql-dev libdb5.3-java 0: 0: php5-recode php5-cgi php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5 php5-gmp php5-fpm php5-xmlrpc php5-sqlite php5-ldap php5-mysqlnd php5-readline php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed python-jinja2 python-jinja2-doc python3-jinja2 libglib2.0-0 libglib2.0-0-refdbg libglib2.0-data libglib2.0-udeb libglib2.0-tests libgio-fam libglib2.0-doc libglib2.0-bin libglib2.0-dev dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc 0: 0: 0: 0: lemon sqlite3-doc libsqlite3-0 libsqlite3-tcl sqlite3 libsqlite3-dev bzip2 bzip2-doc lib32bz2-1.0 lib32bz2-dev lib64bz2-1.0 libbz2-dev lib64bz2-dev libbz2-1.0 bzip2 bzip2-doc lib32bz2-1.0 lib32bz2-dev lib64bz2-1.0 libbz2-dev lib64bz2-dev libbz2-1.0 libexpat1-udeb expat libexpat1-dev lib64expat1-dev libexpat1 lib64expat1 0: 0: 0: libvirt0 libvirt-dev libvirt-doc libvirt-bin libglib2.0-0 libglib2.0-0-refdbg libglib2.0-data libglib2.0-udeb libglib2.0-tests libgio-fam libglib2.0-doc libglib2.0-bin libglib2.0-dev libglib2.0-0 libglib2.0-0-refdbg libglib2.0-data libglib2.0-udeb libglib2.0-tests libgio-fam libglib2.0-doc libglib2.0-bin libglib2.0-dev python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui bash-builtins bash-doc bash bash-static libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libclamav-dev clamav-testfiles clamav-base clamav libclamav7 clamav-daemon clamav-docs clamav-milter clamav-freshclam patch ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd php5-recode php5-cgi php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5 php5-gmp php5-fpm php5-xmlrpc php5-sqlite php5-ldap php5-mysqlnd php5-readline php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed 0: 0: php5-recode php5-xmlrpc php5-enchant php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-curl php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed dovecot-pgsql dovecot-mysql dovecot-core dovecot-sieve dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd dovecot-pgsql dovecot-mysql dovecot-core dovecot-sieve dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-solr dovecot-lmtpd exim4-daemon-custom exim4-dev eximon4 exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libexpat1-udeb expat libexpat1-dev lib64expat1-dev libexpat1 lib64expat1 0: 0: 0: 0: hostapd wpagui wpasupplicant wpasupplicant-udeb libss2 e2fslibs-dev e2fsprogs e2fsck-static e2fslibs e2fsprogs-udeb libcomerr2 ss-dev comerr-dev libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-milter clamav-docs clamav-freshclam libclamav9 python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7 libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 libpython3.4-dev python3.4 libpython3.4-minimal libpython3.4 sudo-ldap sudo libaspell15 aspell-doc aspell libpspell-dev libaspell-dev libsdl1.2debian libsdl1.2-dev 0: 0: 0: python-libxslt1 libxslt1-dev libxslt1.1 xsltproc php5-recode php5-xmlrpc php5-enchant php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-curl php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass bsdcpio libarchive13 bsdtar libarchive-dev python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui libmagic-dev python-magic libmagic1 file python3-magic cpio intel-microcode intel-microcode 0: 0: 0: 0: qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips postgresql-server-dev-all postgresql-client-common postgresql-common postgresql postgresql-contrib postgresql-doc postgresql-client libvpx-dev libvpx1 libvpx-doc vpx-tools libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools 0: 0: librabbitmq1 amqp-tools librabbitmq-dev libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev samba-vfs-modules winbind smbclient python-samba libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libc6-dev-powerpc libc6.1-pic libc6-i386 libc6-dev-mips64 libc0.1-pic libc0.3 libc6-dev-sparc64 libc0.3-dev libc6-ppc64 libc0.3-xen libc6-dev-s390 libc6-i686 libc-bin libc6-x32 libc6-s390 libc0.1-prof libc6-armel eglibc-source libc6-pic libc6-dev-ppc64 libc0.3-udeb libc6-sparc libc6-dev-armel libc0.1-dev libc0.1 libnss-files-udeb libc0.1-i386 glibc-doc libc6-armhf nscd libc6.1-alphaev67 libc0.1-i686 libc0.1-dev-i386 libc6-dev libc6-amd64 libc6.1-prof libc6-dev-amd64 libc6 libc6-sparc64 libc0.1-udeb libc6-dev-mipsn32 libnss-dns-udeb libc6-udeb multiarch-support libc6-loongson2f libc6-powerpc libc6-dev-i386 libc6-mipsn32 libc6.1-udeb libc6-dev-x32 libc6.1-dev libc0.3-i686 libc6-dev-sparc libc6.1 libc-dev-bin libc0.3-pic libc6-prof libc6-mips64 libc6-dev-armhf libc6-xen libc0.3-prof libpcap-dev libpcap0.8-dev libpcap0.8 0: 0: 0: ntp ntp-doc ntpdate libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-docs clamav-milter clamav-freshclam libclamav9 libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light libgcrypt11-doc libgcrypt11-udeb libgcrypt11-dev libgcrypt11 spamassassin sa-compile spamc php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libbsd-dev libbsd0-udeb libbsd0 python3-apt python-apt python-apt-common python-apt-dev python-apt-doc libss2 e2fslibs-dev e2fsprogs e2fsck-static e2fslibs e2fsprogs-udeb libcomerr2 ss-dev comerr-dev tcpdump 0: 0: libsasl2-2 libsasl2-modules-gssapi-heimdal sasl2-bin libsasl2-modules-gssapi-mit libsasl2-dev libsasl2-modules-sql cyrus-sasl2-doc libsasl2-modules libsasl2-modules-otp libsasl2-modules-ldap libsasl2-modules-db sudo-ldap sudo spamassassin sa-compile spamc python3-imaging-tk python3-pil.imagetk python-imaging-compat python3-sane python-imaging-doc python-pil-doc python3-pil python-sane python-pil.imagetk python3-imaging python-imaging python-pil python-imaging-tk python-imaging-sane python3-imaging-sane python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev libexif-dev libexif12 php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-docs clamav-milter clamav-freshclam libclamav9 0: 0: 0: ppp-udeb ppp ppp-dev libpam-radius-auth lemon sqlite3-doc libsqlite3-0 libsqlite3-tcl sqlite3 libsqlite3-dev 0: 0: 0: icu-devtools libicu52 libicu-dev icu-doc twisted-doc python-twisted-news python-twisted-lore python-twisted-names python-twisted-words python-twisted-runner python-twisted-core python-twisted-web python-twisted python-twisted-mail python-twisted-bin python-twisted-conch vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libpam-heimdal libpam-krb5 python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui libgd3 libgd-dev libgd2-xpm-dev libgd-tools libgd2-noxpm-dev 0: 0: 0: php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 binutils binutils-dev binutils-doc binutils-multiarch binutils-multiarch-dev binutils-source binutils-static libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev samba-vfs-modules winbind smbclient python-samba libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass 0: 0: ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd libexif-dev libexif12 libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 libjson-c2 libjson-c-doc libjson-c-dev libjson0 libjson0-dev libjson-c2 libjson-c-doc libjson-c-dev libjson0 libjson0-dev libjson-c2 libjson-c-doc libjson-c-dev libjson0 libjson0-dev 0: 0: 0: dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host libisccfg90 libisc95 bind9-host bind9 lwresd exim4-daemon-custom exim4-dev eximon4 exim4 exim4-daemon-light exim4-config exim4-daemon-heavy exim4-base libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-docs clamav-milter clamav-freshclam libclamav9 php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb ca-certificates-udeb ca-certificates python-flask-doc python-flask python3-flask python-django-doc python-django intel-microcode intel-microcode libjpeg-turbo8 libjpeg-turbo-test libjpeg-turbo8-dev libturbojpeg libjpeg-turbo-progs 0: 0: 0: 0: libexif-dev libexif12 libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass 0: libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools 0: 0: 0: 0: python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 grub-efi-amd64-signed grub-firmware-qemu grub-ieee1275 grub-efi-amd64 grub2-common grub-uboot-bin grub-common grub-efi-amd64-bin grub-pc-bin grub-theme-starfield grub-efi-arm grub2 grub-efi-arm64-bin grub-pc grub-emu grub-efi-arm-bin grub-linuxbios grub-xen grub-uboot grub-efi-ia32 grub-coreboot grub-efi-ia32-bin grub-ieee1275-bin grub-xen-bin grub-rescue-pc grub-mount-udeb grub-coreboot-bin grub-efi-arm64 grub-efi grub-efi-amd64-signed grub-firmware-qemu grub-ieee1275 grub-efi-amd64 grub2-common grub-uboot-bin grub-common grub-efi-amd64-bin grub-pc-bin grub-theme-starfield grub-efi-arm grub2 grub-efi-arm64-bin grub-pc grub-emu grub-efi-arm-bin grub-linuxbios grub-xen grub-uboot grub-efi-ia32 grub-coreboot grub-efi-ia32-bin grub-ieee1275-bin grub-xen-bin grub-rescue-pc grub-mount-udeb grub-coreboot-bin grub-efi-arm64 grub-efi libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-docs clamav-milter clamav-freshclam libclamav9 sympa python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui ppp-udeb ppp ppp-dev libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools dovecot-pgsql dovecot-mysql dovecot-core dovecot-sieve dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-lmtpd dovecot-solr python-software-properties software-properties-common software-properties-kde python3-software-properties software-properties-gtk libonig2 libonig-dev 0: 0: curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl qemu-system-common qemu-user-static qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-system-aarch64 qemu-system-sparc qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host libsnmp-perl libsnmp-dev libsnmp-base snmp libsnmp30 tkmib snmpd python-netsnmp libsnmp-perl libsnmp-dev libsnmp-base snmp libsnmp30 tkmib snmpd python-netsnmp libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools python-rsa python3-rsa 0: 0: 0: libx11-6 libx11-data libx11-xcb-dev libx11-xcb1 libx11-doc libx11-6-udeb libx11-dev xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xdmx-tools xserver-xephyr xserver-xorg-core-udeb xserver-common 0: libdbi-perl libdbi-perl libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev samba-vfs-modules winbind smbclient python-samba libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass 0: 0: 0: libdbi-perl spice-client libspice-server1 libspice-server-dev 0: 0: 0: 0: python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 php5-recode php5-xmlrpc php5-curl php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-enchant php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libfreetype6-dev libfreetype6-udeb freetype2-demos libfreetype6 libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug libpam-pin libaccountsservice0 accountsservice libaccountsservice-dev gir1.2-accountsservice-1.0 libaccountsservice-doc ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd libexif-dev libexif12 0: 0: intel-microcode intel-microcode ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd libkadm5srv-mit9 libkadm5srv-mit8 libk5crypto3 krb5-user libgssrpc4 libkrb5support0 krb5-doc libkrb5-dev krb5-pkinit libkrb5-3 krb5-kdc-ldap krb5-otp libkadm5clnt-mit9 krb5-gss-samples krb5-multidev krb5-locales libgssapi-krb5-2 krb5-kdc libkrad-dev libkrad0 libkdb5-7 krb5-admin-server xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools 0: 0: 0: curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl python3-lxml python-lxml python-lxml-doc python3-lxml python-lxml python-lxml-doc libapt-inst1.5 apt-doc apt-transport-https libapt-pkg-doc apt apt-utils libapt-pkg-dev libapt-pkg4.12 python3-apt python-apt python-apt-common python-apt-dev python-apt-doc unzip dovecot-pgsql dovecot-mysql dovecot-core dovecot-sieve dovecot-ldap dovecot-sqlite dovecot-dev dovecot-pop3d dovecot-imapd dovecot-managesieved mail-stack-delivery dovecot-gssapi dovecot-lmtpd dovecot-solr libp11-kit0 libp11-kit-dev p11-kit-modules p11-kit 0: 0: 0: tar-scripts tar 0: python3-imaging-tk python3-pil.imagetk python-imaging-compat python-imaging python-imaging-doc python-pil-doc python3-pil python-sane python-pil.imagetk python3-imaging python3-sane python-pil python-imaging-tk python-imaging-sane python3-imaging-sane python3-xdg python-xdg libsndfile1 libsndfile1-dev sndfile-programs sudo-ldap sudo 0: 0: 0: 0: python-django-doc python-django apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk python-apport python-problem-report apport-noui hostapd wpagui wpasupplicant wpasupplicant-udeb dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host libisccfg90 libisc95 bind9-host bind9 lwresd libssl1.0.0 libssl-dev openssl libssl-doc libcrypto1.0.0-udeb libssl1.0.0-udeb screen 0: 0: 0: python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7 libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 python3.4 libpython3.4-minimal libpython3.4 libpython2.7-minimal libpython2.7 python2.7 idle-python2.7 libpython2.7-testsuite libpython2.7-dev python2.7-minimal python2.7-doc python2.7-dev python2.7-examples libpython2.7-stdlib libpython2.7-minimal libpython2.7 python2.7 python2.7-minimal libpython2.7-testsuite libpython2.7-dev idle-python2.7 python2.7-doc python2.7-dev python2.7-examples libpython2.7-stdlib hostapd wpagui wpasupplicant-udeb wpasupplicant libtsk3-3 sleuthkit libtsk-dev libcommons-beanutils-java libcommons-beanutils-java-doc zabbix-java-gateway zabbix-frontend-php zabbix-proxy-mysql zabbix-server-pgsql zabbix-server-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-agent musl-dev musl-tools musl salt-doc salt-minion salt-syndic salt-ssh salt-common salt-master glusterfs-client glusterfs-server glusterfs-common libclassad-dev htcondor-doc htcondor htcondor-dev libclassad5 xvnc4viewer vnc4server drupal7 libspring-aop-java libspring-web-struts-java libspring-core-java libspring-oxm-java libspring-beans-java libspring-jms-java libspring-web-portlet-java libspring-transaction-java libspring-orm-java libspring-context-java libspring-expression-java libspring-web-servlet-java libspring-instrument-java libspring-context-support-java libspring-jdbc-java libspring-web-java libspring-test-java lighttpd-mod-mysql-vhost lighttpd-doc lighttpd-mod-magnet lighttpd-dev lighttpd lighttpd-mod-cml lighttpd-mod-webdav lighttpd-mod-trigger-b4-dl libjs-semver node-semver node-tar ocaml-mode ocaml-base-nox ocaml-nox camlp4 ocaml camlp4-extra ocaml-source ocaml-native-compilers ocaml-compiler-libs ocaml-interp ocaml-base php-gettext libmp3lame0 libmp3lame-dev lame-doc lame libslurmdb26 libslurm26 libpmi0-dev libslurm-dev slurm-llnl-doc libslurmdb-dev slurm-llnl-basic-plugins-dev slurm-llnl-basic-plugins libpam-slurm libslurm-perl slurm-llnl libslurmdb-perl slurm-llnl-slurmdbd libpmi0 slurm-llnl-torque slurm-llnl-sview libslurmdb26 libslurm26 libpmi0-dev libslurm-dev slurm-llnl-doc libslurmdb-dev slurm-llnl-basic-plugins-dev slurm-llnl-basic-plugins libpam-slurm libslurm-perl slurm-llnl libslurmdb-perl slurm-llnl-slurmdbd libpmi0 slurm-llnl-torque slurm-llnl-sview node-minimatch jq libzookeeper-java libzookeeper-java-doc libzookeeper2 zookeeper zookeeperd libzookeeper-st-dev zookeeper-bin libzookeeper-mt-dev libzookeeper-mt2 libzookeeper-st2 python-zookeeper python3-libtorrent libtorrent-rasterbar7 libtorrent-rasterbar-doc libtorrent-rasterbar-dev python-libtorrent freeipa-client python-freeipa libcollectdclient1 collectd collectd-core collectd-dev collectd-utils libcollectdclient-dev nodejs-dev nodejs-legacy nodejs libass-dev libass4 libgit2-0 libgit2-dev r-base-html r-base-core r-doc-pdf r-base r-recommended r-doc-html r-doc-info r-mathlib r-base-dev libroot-misc-table-dev libroot-misc-minicern-dev libroot-graf2d-postscript5.34 root-plugin-sql-odbc libroot-net-auth5.34 libroot-misc-memstat5.34 root-plugin-math-minuit2 libroot-core-dev libroot-math-foam5.34 libroot-tree-treeplayer-dev libroot-net5.34 libroot-core5.34 root-plugin-graf2d-asimage root-plugin-hist-spectrumpainter libroot-misc-memstat-dev libroot-net-auth-dev libroot-montecarlo-eg-dev root-system-proofd libroot-hist-spectrum-dev libroot-hist-spectrum5.34 libroot-math-mathcore-dev libroot-tree-dev root-plugin-montecarlo-pythia8 libroot-math-mathmore-dev root-plugin-gui-qt libroot-math-mlp5.34 libroot-graf3d-gl-dev libroot-net-ldap5.34 root-plugin-gui-fitpanel libroot-math-mathcore5.34 libroot-net-bonjour-dev libroot-tree-treeplayer5.34 libroot-html-dev root-plugin-net-krb5 libroot-montecarlo-eg5.34 libroot-bindings-ruby-dev libroot-proof-proofplayer5.34 root-plugin-sql-pgsql libroot-montecarlo-vmc5.34 libroot-geom-dev libroot-hist-dev libroot-math-genvector-dev libroot-math-mathmore5.34 libroot-montecarlo-vmc-dev libroot-math-foam-dev libroot-math-physics5.34 libroot-geom5.34 root-plugin-tree-treeviewer libroot-io-xmlparser5.34 root-plugin-graf3d-x3d libroot-graf3d-eve5.34 root-plugin-net-globus libroot-math-minuit5.34 libroot-math-smatrix-dev libroot-proof-proofplayer-dev libroot-net-ldap-dev root-plugin-io-xml root-plugin-gui-sessionviewer libroot-graf3d-eve-dev root-system libroot-misc-table5.34 root-system-rootd root-plugin-graf2d-qt libroot-net-dev root-plugin-math-fumili libroot-roofit-dev libroot-gui5.34 root-plugin-geom-gdml root-plugin-graf2d-x11 root-system-common libroot-graf2d-graf-dev libroot-math-matrix5.34 libroot-gui-dev libroot-tree5.34 root-plugin-geom-geompainter libroot-math-mlp-dev libroot-bindings-python-dev root-plugin-hist-histpainter ttf-root-installer libroot-roofit5.34 libroot-gui-ged5.34 root-system-doc libroot-graf2d-postscript-dev libroot-graf3d-g3d5.34 root-plugin-gui-guibuilder root-plugin-io-sql libroot-math-quadp5.34 libroot-tmva5.34 libroot-math-genvector5.34 libroot-bindings-ruby5.34 libroot-bindings-python5.34 libroot-gui-ged-dev libroot-io-xmlparser-dev libroot-graf2d-gpad5.34 libroot-graf3d-gl5.34 libroot-net-bonjour5.34 libroot-html5.34 libroot-math-unuran5.34 libroot-graf2d-gpad-dev root-plugin-sql-mysql libroot-math-matrix-dev libroot-math-smatrix5.34 root-plugin-math-fftw3 libroot-graf2d-graf5.34 libroot-math-unuran-dev libroot-math-physics-dev libroot-math-splot5.34 root-plugin-hist-hbook libroot-math-splot-dev libroot-io-dev libroot-misc-minicern5.34 libroot-proof5.34 libroot-graf3d-g3d-dev libroot-math-minuit-dev libroot-static libroot-hist5.34 libroot-io5.34 libroot-tmva-dev libroot-math-quadp-dev root-system-bin root-plugin-geom-geombuilder libroot-proof-dev libhts-dev htslib-test libhts0 gifsicle vlc-plugin-notify vlc-plugin-pulse vlc-plugin-svg libvlc-dev libvlccore7 vlc vlc-data vlc-plugin-fluidsynth libvlc5 vlc-plugin-jack vlc-plugin-zvbi libvlccore-dev vlc-nox vlc-plugin-sdl mpg123 libmpg123-dev libmpg123-0 tinyproxy xrdp libgme0 libgme-dev libhdf5-doc libhdf5-mpich2-7 hdf5-helpers libhdf5-7 libhdf5-dev libhdf5-openmpi-dev libhdf5-mpich2-dev libhdf5-mpi-dev libhdf5-serial-dev libhdf5-openmpi-7 hdf5-tools libopencv-ocl-dev libopencv-superres2.4 libopencv-ts2.4 libopencv-features2d-dev libopencv-photo-dev libopencv-videostab-dev libopencv-video2.4 libopencv-flann-dev libopencv-flann2.4 libopencv-ts-dev libopencv-gpu-dev libopencv-gpu2.4 libopencv-stitching2.4 libcvaux-dev libopencv-imgproc2.4 libopencv-superres-dev libcvaux2.4 libopencv-stitching-dev libopencv-imgproc-dev libopencv-ml-dev opencv-doc libopencv-contrib2.4 libopencv-calib3d-dev python-opencv libopencv-objdetect2.4 opencv-data libopencv-ml2.4 libopencv2.4-jni libopencv-dev libopencv-contrib-dev libcv2.4 libopencv-calib3d2.4 libopencv-video-dev libopencv2.4-java libcv-dev libopencv-highgui2.4 libopencv-photo2.4 libopencv-highgui-dev libopencv-features2d2.4 libopencv-legacy2.4 libopencv-objdetect-dev libopencv-core2.4 libhighgui-dev libopencv-ocl2.4 libopencv-core-dev libhighgui2.4 libopencv-legacy-dev libopencv-videostab2.4 leptonica-progs libleptonica-dev liblept4 libcoin80-runtime libcoin80-dev libcoin80-doc libcoin80 libsoundtouch-dev soundstretch libsoundtouch0 libcrypto++-dev libcrypto++-doc libcrypto++-utils libcrypto++9 vcftools python3-gnupg python-gnupg phpmyadmin libcgroup-dev libpam-cgroup libcgroup1 cgroup-bin mini-httpd vtk-examples libvtk5-qt4-dev libvtk5.8-qt4 libvtk5.8 vtk-doc libvtk-java libvtk5-dev python-vtk tcl-vtk python-mediainfodll libmediainfo-dev python3-mediainfodll libmediainfo0 libmediainfo-doc monit node-fstream libtomcrypt-dev libtomcrypt0 aria2 ant ant-doc ant-gcj ant-optional ant-optional-gcj opensmtpd 0: 0: 0: 0: 0: privoxy ldb-tools python-ldb-dev python-ldb libldb1 libldb-dev 0: 0: 0: python3-lxml python-lxml python-lxml-doc python-pygments python3-pygments spamassassin sa-compile spamc curl-udeb libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl3-udeb libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl 0: 0: xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xserver-xorg-core-udeb xdmx-tools 0: libjs-underscore node-underscore 0: 0: 0: 0: 0: libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-docs clamav-milter clamav-freshclam libclamav9 libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-milter clamav-docs clamav-freshclam libclamav9 libslp-dev openslp-doc slptool slpd libslp1 libzmq3 libzmq3-dev caca-utils libcaca-dev libcaca0 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass python-django-doc python-django exim4-dev eximon4 exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light 0: python-pip python-pip-whl python3-pip python-pybabel python-babel-localedata python-babel-doc python-babel python3-babel apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk python-apport python-problem-report apport-noui libx11-6 libx11-data libx11-xcb-dev libx11-xcb1 libx11-doc libx11-6-udeb libx11-dev nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light liblz4-tool liblz4-dev liblz4-1 isc-dhcp-dev isc-dhcp-client-noddns isc-dhcp-relay isc-dhcp-client isc-dhcp-common isc-dhcp-server isc-dhcp-client-udeb isc-dhcp-server-ldap libwebp5 webp libwebpdemux1 libwebp-dev libwebpmux1 0: intel-microcode rpcbind rpcbind python-libxml2 libxml2-utils libxml2 libxml2-udeb libxml2-doc libxml2-dev libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin 0: php5-recode php5-xmlrpc php5-enchant php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-curl php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed libavahi-compat-libdnssd-dev libavahi-ui-gtk3-0 libavahi-core7-udeb libavahi-qt4-1 libavahi-core7 libavahi-client3 libavahi-core-dev libavahi-client-dev avahi-ui-utils libavahi-gobject-dev avahi-dnsconfd libavahi-compat-libdnssd1 libavahi-common3 avahi-daemon avahi-discover libavahi-common-dev libavahi-common-data avahi-utils libavahi-ui0 libavahi-ui-gtk3-dev libavahi-glib-dev libavahi-ui-dev libavahi-qt4-dev libavahi-gobject0 avahi-autoipd python-avahi libavahi-glib1 libavahi-common3-udeb 0: 0: 0: 0: libaspell15 aspell-doc aspell libpspell-dev libaspell-dev libsndfile1 libsndfile1-dev sndfile-programs tor tor-geoipdb 0: 0: 0: libapreq2-doc libapache2-mod-apreq2 libapreq2-dev libapache2-request-perl libapreq2-3 0: libssl-dev openssl libssl-doc libssl1.0.0 libssl-dev openssl libssl-doc libssl1.0.0 libapache2-mod-uwsgi uwsgi-plugin-xslt uwsgi-plugin-jwsgi-openjdk-6 python-uwsgidecorators uwsgi-plugin-pyerl-python uwsgi-plugin-curl-cron uwsgi-infrastructure-plugins python3-uwsgidecorators uwsgi-plugin-php uwsgi-plugin-jwsgi-openjdk-7 uwsgi-plugin-greenlet-python uwsgi-plugin-v8 uwsgi-plugin-geoip uwsgi-app-integration-plugins uwsgi-plugin-alarm-curl uwsgi-plugin-lua5.1 uwsgi-plugin-lua5.2 uwsgi-plugin-python uwsgi uwsgi-plugin-emperor-pg uwsgi-plugin-graylog2 uwsgi-emperor uwsgi-plugin-pyerl-python3 uwsgi-plugin-fiber uwsgi-plugin-rbthreads libapache2-mod-proxy-uwsgi uwsgi-plugin-erlang libapache2-mod-ruwsgi uwsgi-plugin-python3 uwsgi-plugin-alarm-xmpp uwsgi-plugin-router-access uwsgi-core uwsgi-extra uwsgi-plugin-rack-ruby1.9.1 uwsgi-plugin-sqlite3 uwsgi-plugins-all uwsgi-plugin-psgi uwsgi-plugin-ldap uwsgi-plugin-jvm-openjdk-6 uwsgi-plugin-jvm-openjdk-7 libapr1 libapr1-dev ntfs-3g ntfs-3g-dev 0: 0: cpio libgd3 libgd2-xpm-dev libgd-tools libgd2-noxpm-dev libgd-dev 0: python-apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk apport python-problem-report apport-noui libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl python3.4-dev libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4 python3.4-doc idle-python3.4 libpython3.4-minimal libpython3.4 python3.4-examples libpython3.4-stdlib ca-certificates libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-bin apache2.2-bin vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox 0: mercurial mercurial-common libntlm0 libntlm0-dev nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light strongswan-plugin-xauth-pam strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-xauth-eap strongswan-plugin-xauth-noauth strongswan-plugin-error-notify strongswan-plugin-ipseckey strongswan-plugin-coupling strongswan-plugin-eap-aka strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-xauth-generic strongswan-plugin-eap-sim-file strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan-plugin-ntru strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-sshkey strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-plugin-mysql strongswan-ikev2 strongswan-plugin-systime-fix strongswan-plugin-sql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-tnc-client strongswan-plugin-gcrypt strongswan-plugin-led strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-plugin-kernel-libipsec strongswan-plugin-load-tester strongswan-plugin-unity strongswan strongswan-plugin-pkcs11 strongswan-tnc-ifmap libstrongswan 0: caca-utils libcaca-dev libcaca0 apport python3-problem-report apport-kde apport-retrace apport-valgrind python3-apport dh-apport apport-gtk python-apport python-problem-report apport-noui php5-recode php5-xmlrpc php5-enchant php5-intl php5-snmp php5-mysql php5-odbc php5-xsl php5-gd libapache2-mod-php5 php5-tidy php5-dev php5-pgsql php5-curl php5-readline php5-gmp php5-fpm php5-cgi php5-sqlite php5-ldap php5-mysqlnd php5 php5-cli php-pear php5-sybase libapache2-mod-php5filter php5-pspell php5-common libphp5-embed dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host libisccfg90 libisc95 bind9-host bind9 lwresd 0: icu-devtools libicu52 libicu-dev icu-doc 0: vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libhivex-bin libhivex-ocaml-dev libhivex-dev libhivex0 python3-hivex libwin-hivex-perl libhivex-ocaml python-hivex ruby-hivex imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev mc-data mc 0: libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools lrzip liburiparser-dev liburiparser1 libmodbus-dev libmodbus5 inetutils-tools inetutils-ftpd inetutils-talkd inetutils-traceroute inetutils-talk inetutils-telnetd inetutils-inetd inetutils-ping inetutils-syslogd inetutils-ftp inetutils-telnet libmatio2-dbgsym libmatio-dev-dbgsym libmatio-dev libmatio2 libmatio-doc libmatio2-dbg libglib2.0-0 libglib2.0-0-refdbg libglib2.0-data libglib2.0-tests libglib2.0-doc libglib2.0-bin libglib2.0-dev libgraphicsmagick++3 libgraphics-magick-perl libgraphicsmagick1-dev libgraphicsmagick3 graphicsmagick graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat libgraphicsmagick++1-dev xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xdmx-tools xserver-xephyr xserver-common 0: 0: 0: 0: libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-bin apache2.2-bin redis-server redis-tools python3-lxml python-lxml python-lxml-doc python3-imaging-tk python3-pil.imagetk python-imaging-compat python-imaging python-imaging-doc python-pil-doc python3-pil python-sane python-pil.imagetk python3-imaging python3-sane python-pil python-imaging-tk python-imaging-sane python3-imaging-sane fail2ban libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-milter clamav-docs clamav-freshclam libclamav9 python-mediainfodll libmediainfo-dev python3-mediainfodll libmediainfo0 libmediainfo-doc libhttpmime-java libhttpclient-java aide-dynamic aide-common aide-xen aide strongswan-plugin-xauth-pam strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-xauth-eap strongswan-plugin-xauth-noauth strongswan-plugin-error-notify strongswan-plugin-ipseckey strongswan-plugin-coupling strongswan-plugin-eap-aka strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-eap-sim-pcsc strongswan-plugin-xauth-generic strongswan-plugin-eap-sim-file strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan-plugin-ntru strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan-plugin-sshkey strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-soup strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-plugin-mysql strongswan-ikev2 strongswan-plugin-systime-fix strongswan-plugin-sql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-eap-mschapv2 strongswan-nm strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-eap-sim strongswan-tnc-client strongswan-plugin-gcrypt strongswan-plugin-led strongswan-plugin-dhcp strongswan-plugin-dnskey strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-pgp strongswan-plugin-kernel-libipsec strongswan-plugin-load-tester strongswan-plugin-unity strongswan strongswan-plugin-pkcs11 strongswan-tnc-ifmap libstrongswan gegl libgegl-0.2-0 libgegl-doc libgegl-dev libpolkit-backend-1-0 policykit-1-doc libpolkit-agent-1-0 libpolkit-gobject-1-dev libpolkit-gobject-1-0 policykit-1 gir1.2-polkit-1.0 libpolkit-backend-1-dev libpolkit-agent-1-dev librack-ruby librack-ruby1.8 librack-ruby1.9.1 ruby-rack passwd login uidmap liburiparser-dev liburiparser1 libnss-winbind libpam-winbind libwbclient0 samba-common samba-libs libsmbsharemodes0 samba-testsuite samba libsmbclient samba-common-bin libsmbsharemodes-dev python-samba winbind smbclient samba-vfs-modules libwbclient-dev samba-dsdb-modules samba-dev libsmbclient-dev libparse-pidl-perl registry-tools samba-doc libpam-smbpass 0: python-django-doc python-django libhdf5-doc libhdf5-mpich2-7 hdf5-helpers libhdf5-7 libhdf5-dev libhdf5-openmpi-dev libhdf5-mpich2-dev libhdf5-mpi-dev libhdf5-serial-dev libhdf5-openmpi-7 hdf5-tools lib64expat1 lib64expat1-dev expat libexpat1-dev libexpat1 ubuntu-core-snapd-units ubuntu-core-launcher snap-confine ubuntu-snappy-cli golang-github-snapcore-snapd-dev snapd-xdg-open snapd golang-github-ubuntu-core-snappy-dev ubuntu-snappy ubuntu-core-snapd-units ubuntu-core-launcher snap-confine ubuntu-snappy-cli golang-github-snapcore-snapd-dev snapd-xdg-open snapd golang-github-ubuntu-core-snappy-dev ubuntu-snappy 0: 0: 0: libsasl2-2 libsasl2-modules-gssapi-heimdal sasl2-bin libsasl2-modules-db libsasl2-modules-gssapi-mit libsasl2-dev libsasl2-modules-sql libsasl2-modules libsasl2-modules-otp libsasl2-modules-ldap cyrus-sasl2-doc 0: 0: 0: lib64expat1-dev expat libexpat1-dev libexpat1 lib64expat1 libssl-dev openssl libssl-doc libssl1.0.0 tar-scripts tar dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host libisccfg90 libisc95 bind9-host bind9 lwresd libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin 0: python3.4-dev libpython3.4-testsuite libpython3.4-dev python3.4-minimal python3.4-venv python3.4 python3.4-doc idle-python3.4 libpython3.4-minimal libpython3.4 python3.4-examples libpython3.4-stdlib libpython2.7-minimal libpython2.7 python2.7 python2.7-minimal libpython2.7-testsuite libpython2.7-dev idle-python2.7 python2.7-doc python2.7-dev python2.7-examples libpython2.7-stdlib 0: 0: twisted-doc python-twisted-news python-twisted-lore python-twisted-names python-twisted-words python-twisted-runner python-twisted-core python-twisted-web python-twisted python-twisted-mail python-twisted-bin python-twisted-conch libx32z1-dev lib64z1 libx32z1 zlib-bin lib64z1-dev lib32z1 zlib1g lib32z1-dev zlib1g-dev 0: 0: 0: python-django-doc python-django liblzma5 liblzma-doc liblzma-dev xz-utils xzdec gzip klibc-utils libklibc libklibc-dev bash-builtins bash-doc bash bash-static 0: libsdl1.2debian libsdl1.2-dev dnsmasq dnsmasq-utils dnsmasq-base 0: 0: libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc libxml2 libxml2-dev python-libxml2 libxml2-doc libxml2-utils libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-docs clamav-milter clamav-freshclam libclamav9 ldap-utils libldap2-dev libldap-2.4-2 slapd-smbk5pwd slapd pcregrep libpcre3-dev libpcre3 libpcrecpp0 htmldoc htmldoc-common 0: libx32ncurses5 lib32tinfo-dev ncurses-examples lib32ncurses5-dev lib32ncursesw5 libtinfo-dev libncursesw5 libtinfo5 lib32ncurses5 lib64tinfo5 ncurses-bin lib64ncurses5 lib64ncurses5-dev libncurses5 libncurses5-dev libx32ncurses5-dev lib32tinfo5 ncurses-base lib32ncursesw5-dev ncurses-doc libx32ncursesw5 libx32ncursesw5-dev libx32tinfo-dev libx32tinfo5 libncursesw5-dev ncurses-term ntfs-3g ntfs-3g-dev imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev ntfs-3g ntfs-3g-dev libss2 e2fslibs-dev e2fsprogs e2fsck-static e2fslibs libcomerr2 ss-dev comerr-dev 0: 0: 0: libx32ncurses5 lib32tinfo-dev ncurses-examples lib32ncurses5-dev lib32ncursesw5 libtinfo-dev libncursesw5 libtinfo5 lib32ncurses5 lib64tinfo5 ncurses-bin lib64ncurses5 lib64ncurses5-dev libncurses5 libncurses5-dev libx32ncurses5-dev lib32tinfo5 ncurses-base lib32ncursesw5-dev ncurses-doc libx32ncursesw5 libx32ncursesw5-dev libx32tinfo-dev libx32tinfo5 libncursesw5-dev ncurses-term 0: 0: libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2.2-bin apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-itk apache2-mpm-event apache2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-data apache2-utils apache2-dev apache2-suexec-pristine apache2-suexec-custom apache2-suexec apache2 apache2-mpm-worker apache2-doc apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-bin apache2.2-bin libjpeg62 libjpeg62-dev libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl gnupg-curl gpgv gnupg 0: 0: 0: python2.7-dev python2.7-doc libpython2.7-stdlib libpython2.7-minimal libpython2.7 libpython2.7-testsuite python2.7 idle-python2.7 python2.7-examples libpython2.7-dev python2.7-minimal python3.4-examples libpython3.4-testsuite python3.4-minimal python3.4-venv python3.4-doc libpython3.4-stdlib python3.4-dev idle-python3.4 libpython3.4-dev python3.4 libpython3.4-minimal libpython3.4 libhttp-daemon-perl libtiff-opengl libtiff-tools libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiffxx5 libtiff-doc python3-bottle python-bottle python-bottle-doc 0: 0: libjpeg-turbo8 libjpeg-turbo-test libjpeg-turbo8-dev libturbojpeg libjpeg-turbo-progs 0: 0: libcdio-paranoia1 libcdio-cdda-dev libcdio-paranoia-dev libcdio-cdda1 libcdio-utils libcdio13 libudf-dev libiso9660-dev libiso9660-8 libcdio-dev libudf0 0: libx32z1-dev lib64z1 libx32z1 zlib-bin lib64z1-dev lib32z1 zlib1g lib32z1-dev zlib1g-dev 0: exim4-dev eximon4 exim4 exim4-daemon-light exim4-config exim4-daemon-heavy exim4-base python-libxslt1 libxslt1-dev libxslt1.1 xsltproc 0: libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl 0: 0: libtiff-opengl libtiff-tools libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiffxx5 libtiff-doc vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host lwresd libisccfg90 libisc95 bind9 bind9-host sosreport libvpx-dev libvpx1 libvpx-doc vpx-tools lib64expat1 lib64expat1-dev expat libexpat1-dev libexpat1 0: 0: strongswan-plugin-xauth-pam strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-unbound strongswan-plugin-farp strongswan-ikev1 strongswan-plugin-gcrypt strongswan-plugin-xauth-noauth strongswan-plugin-error-notify strongswan-plugin-ipseckey strongswan-plugin-sql strongswan-tnc-ifmap strongswan-plugin-coupling strongswan-plugin-xauth-generic strongswan-plugin-lookip strongswan-plugin-eap-ttls strongswan-plugin-af-alg strongswan-plugin-eap-aka-3gpp2 strongswan-ike strongswan-plugin-dnskey strongswan-plugin-eap-aka strongswan-plugin-eap-sim-file strongswan-plugin-eap-simaka-sql strongswan-plugin-sqlite strongswan-plugin-duplicheck strongswan-plugin-ntru strongswan-tnc-server strongswan-plugin-attr-sql strongswan-tnc-base strongswan strongswan-plugin-eap-peap strongswan-starter strongswan-plugin-curl strongswan-plugin-radattr strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-tls strongswan-nm strongswan-plugin-eap-tnc strongswan-plugin-eap-radius strongswan-ikev2 strongswan-plugin-mysql strongswan-plugin-eap-simaka-reauth strongswan-plugin-openssl strongswan-plugin-dnscert strongswan-plugin-pubkey strongswan-plugin-eap-md5 strongswan-plugin-whitelist strongswan-plugin-fips-prf strongswan-pt-tls-client strongswan-plugin-soup strongswan-plugin-sshkey strongswan-plugin-ldap strongswan-plugin-certexpire strongswan-tnc-pdp strongswan-plugin-unity strongswan-plugin-eap-sim strongswan-tnc-client strongswan-plugin-xauth-eap strongswan-plugin-dhcp strongswan-plugin-eap-sim-pcsc strongswan-plugin-gmp strongswan-plugin-agent strongswan-plugin-kernel-libipsec strongswan-plugin-load-tester strongswan-plugin-pgp strongswan-plugin-led strongswan-plugin-pkcs11 strongswan-plugin-systime-fix libstrongswan 0: isc-dhcp-dev isc-dhcp-client-noddns isc-dhcp-relay isc-dhcp-client isc-dhcp-common isc-dhcp-server isc-dhcp-server-ldap libonig2 libonig-dev libgmp10-doc libgmpxx4ldbl libgmp3-dev libgmp10 libgmp-dev unzip heimdal-servers-x libhcrypto4-heimdal libwind0-heimdal libroken18-heimdal libgssapi3-heimdal heimdal-kcm libhdb9-heimdal libasn1-8-heimdal libsl0-heimdal libkadm5clnt7-heimdal heimdal-kdc libkdc2-heimdal heimdal-servers heimdal-clients-x libheimntlm0-heimdal heimdal-docs libheimbase1-heimdal libkrb5-26-heimdal libotp0-heimdal heimdal-dev libkafs0-heimdal libhx509-5-heimdal heimdal-multidev libkadm5srv8-heimdal heimdal-clients 0: libksba8 libksba-dev libperl-dev perl-doc libperl5.18 perl-base perl-modules libcgi-fast-perl perl perl-debug libxdmcp-dev libxdmcp6 libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl dbus dbus-x11 libdbus-1-3 libdbus-1-dev dbus-1-doc ntfs-3g ntfs-3g-dev libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc lemon sqlite3-doc libsqlite3-0 libsqlite3-tcl sqlite3 libsqlite3-dev libpixman-1-0 libpixman-1-dev nginx-extras nginx-core nginx-common nginx-full nginx nginx-doc nginx-naxsi nginx-naxsi-ui nginx-light libflac-doc libflac-dev libflac++-dev flac libflac++6 libflac8 imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev libaprutil1-dbd-odbc libaprutil1 libaprutil1-dbd-mysql libaprutil1-ldap libaprutil1-dbd-sqlite3 libaprutil1-dbd-pgsql libaprutil1-dev xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xdmx-tools jbigkit-bin libjbig-dev libjbig0 passwd login uidmap passwd login uidmap dnsutils libbind-dev libbind9-90 liblwres90 bind9utils libdns100 bind9-doc libisccc90 host libisccfg90 libisc95 bind9-host bind9 lwresd 0: 0: libxml2 libxml2-utils python-libxml2 libxml2-doc libxml2-dev ca-certificates heimdal-servers-x libhcrypto4-heimdal libwind0-heimdal libroken18-heimdal libgssapi3-heimdal heimdal-kcm libhdb9-heimdal libasn1-8-heimdal libsl0-heimdal libkadm5clnt7-heimdal heimdal-kdc libkdc2-heimdal heimdal-servers heimdal-clients-x libheimntlm0-heimdal heimdal-docs libheimbase1-heimdal libkrb5-26-heimdal libotp0-heimdal heimdal-dev libkafs0-heimdal libhx509-5-heimdal heimdal-multidev libkadm5srv8-heimdal heimdal-clients libpython2.7-minimal libpython2.7 python2.7 python2.7-minimal libpython2.7-testsuite libpython2.7-dev idle-python2.7 python2.7-doc python2.7-dev python2.7-examples libpython2.7-stdlib qemu-system-common qemu-user-static qemu-system-misc qemu qemu-kvm qemu-user qemu-keymaps qemu-guest-agent qemu-system qemu-utils qemu-system-aarch64 qemu-system-x86 qemu-common qemu-system-sparc qemu-system-arm qemu-system-ppc qemu-system-mips 0: xserver-xorg-core xorg-server-source xdmx xserver-xorg-xmir xserver-xorg-dev xvfb xnest xserver-common xserver-xephyr xdmx-tools libusbredirparser-dev libusbredirhost-dev usbredirserver libusbredirhost1 libusbredirparser1 libksba8 libksba-dev 0: libsnmp-perl libsnmp-dev libsnmp-base snmp libsnmp30 tkmib snmpd python-netsnmp w3m-img w3m heimdal-servers-x libhcrypto4-heimdal libwind0-heimdal libroken18-heimdal libgssapi3-heimdal heimdal-kcm libhdb9-heimdal libasn1-8-heimdal libsl0-heimdal libkadm5clnt7-heimdal heimdal-kdc libkdc2-heimdal heimdal-servers heimdal-clients-x libheimntlm0-heimdal heimdal-docs libheimbase1-heimdal libkrb5-26-heimdal libotp0-heimdal heimdal-dev libkafs0-heimdal libhx509-5-heimdal heimdal-multidev libkadm5srv8-heimdal heimdal-clients 0: 0: 0: libxpm-dev libxpm4 xpmutils git gitweb git-all git-daemon-sysvinit git-arch git-bzr git-el gitk git-gui git-mediawiki git-daemon-run git-man git-doc git-svn git-cvs git-core git-email sudo-ldap sudo python-setuptools python-setuptools-doc python3-pkg-resources python-setuptools-whl python-pkg-resources python3-setuptools python-wheel python-wheel-common python3-wheel python-pip python-pip-whl python3-pip python-pip python-pip-whl python3-pip libpam-runtime libpam0g-dev libpam-modules libpam-modules-bin libpam-doc libpam-cracklib libpam0g libpam-runtime libpam0g-dev libpam-modules libpam-modules-bin libpam-doc libpam-cracklib libpam0g libkadm5srv-mit9 libkadm5srv-mit8 libk5crypto3 krb5-user libgssrpc4 libkrb5support0 krb5-doc libkrb5-dev krb5-pkinit libkrb5-3 krb5-kdc-ldap krb5-otp libkadm5clnt-mit9 krb5-gss-samples krb5-multidev krb5-locales libgssapi-krb5-2 krb5-kdc libkrad-dev libkrad0 libkdb5-7 krb5-admin-server vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox lrzip libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc tmux libssl-dev openssl libssl-doc libssl1.0.0 heimdal-servers-x libhcrypto4-heimdal libwind0-heimdal libroken18-heimdal libgssapi3-heimdal heimdal-kcm libhdb9-heimdal libasn1-8-heimdal libsl0-heimdal libkadm5clnt7-heimdal heimdal-kdc libkdc2-heimdal heimdal-servers heimdal-clients-x libheimntlm0-heimdal heimdal-docs libheimbase1-heimdal libkrb5-26-heimdal libotp0-heimdal heimdal-dev libkafs0-heimdal libhx509-5-heimdal heimdal-multidev libkadm5srv8-heimdal heimdal-clients imagemagick-common libmagickcore5 imagemagick imagemagick-doc libmagickwand5 libmagickcore5-extra libmagickwand-dev libmagick++-dev libmagick++5 perlmagick libmagickcore-dev libaprutil1-dbd-odbc libaprutil1 libaprutil1-dbd-mysql libaprutil1-ldap libaprutil1-dbd-sqlite3 libaprutil1-dbd-pgsql libaprutil1-dev libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libclamav-dev clamav-testfiles clamav-base clamav clamav-daemon clamav-milter clamav-docs clamav-freshclam libclamav9 libnss3-nssdb libnss3-dev libnss3 libnss3-1d libnss3-tools libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl tar-scripts tar libsox-fmt-mp3 libsox-fmt-pulse libsox-fmt-ao sox libsox2 libsox-fmt-base libsox-fmt-all libsox-dev libsox-fmt-alsa libsox-fmt-oss libsox-fmt-mp3 libsox-fmt-pulse libsox-fmt-ao sox libsox2 libsox-fmt-base libsox-fmt-all libsox-dev libsox-fmt-alsa libsox-fmt-oss librack-ruby librack-ruby1.8 librack-ruby1.9.1 ruby-rack 0: libtiff-opengl libtiffxx5 libtiff5-dev libtiff4-dev libtiff5-alt-dev libtiff5 libtiff-tools libtiff-doc 0: 0: 0: 0: libgudev-1.0-dev gir1.2-gudev-1.0 libgudev-1.0-0 libsystemd-id128-dev systemd python-systemd libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libudev1 systemd-services libpam-systemd libsystemd-daemon0 libsystemd-login-dev udev libsystemd-daemon-dev libudev-dev libsystemd-login0 libyaml-snake-java libyaml-snake-java-doc libprotoc-dev libprotoc8 python-protobuf libprotobuf8 libprotobuf-dev libprotobuf-lite8 libprotobuf-java protobuf-compiler libxstream-java ipython3-notebook ipython3 ipython-notebook-common ipython-doc ipython ipython3-qtconsole ipython-notebook ipython-qtconsole libpython2.7-minimal libpython2.7 python2.7 python2.7-minimal libpython2.7-testsuite libpython2.7-dev idle-python2.7 python2.7-doc python2.7-dev python2.7-examples libpython2.7-stdlib vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libcurl4-gnutls-dev libcurl4-openssl-dev libcurl3-gnutls libcurl4-doc libcurl3-nss libcurl4-nss-dev libcurl3 curl amanda-client amanda-common amanda-server amanda-client amanda-common amanda-server python-git libgv-perl libcgraph6 libgv-tcl libgv-guile libxdot4 libgvc6-plugins-gtk libcdt5 graphviz libgv-php5 libgv-python libgv-lua libpathplan4 graphviz-doc libgvpr2 libgraphviz-dev graphviz-dev libgvc6 libgv-ruby libgraphicsmagick++3 libgraphics-magick-perl libgraphicsmagick1-dev libgraphicsmagick3 graphicsmagick graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat libgraphicsmagick++1-dev musl-dev musl-tools musl vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libexo-common libexo-1-dev libexo-1-0 libexo-helpers exo-utils 0: 0: vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libxml2 libxml2-dev python-libxml2 libxml2-doc libxml2-utils 0: dnsmasq dnsmasq-utils dnsmasq-base libssl-dev openssl libssl-doc libssl1.0.0 0: 0: 0: libzen-dev libzen-doc libzen0 python-django-doc python-django 0: jhead libx32ncurses5 lib32tinfo-dev ncurses-examples ncurses-bin lib32ncurses5-dev lib32ncursesw5 libtinfo-dev lib32ncursesw5-dev lib32tinfo5 libtinfo5 lib32ncurses5 lib64tinfo5 libncurses5-dev lib64ncurses5 lib64ncurses5-dev libncurses5 libx32ncurses5-dev libncursesw5 ncurses-base libx32tinfo-dev ncurses-doc libx32ncursesw5 libx32ncursesw5-dev libx32tinfo5 libncursesw5-dev ncurses-term libhtml-stripscripts-perl binutils-dev binutils-multiarch-dev binutils-static binutils-doc binutils-multiarch binutils binutils-source ca-certificates jhead jhead libperl-dev perl-doc libcgi-fast-perl perl perl-base perl-modules perl-debug libperl5.18 jhead libbatik-java avahi-autoipd avahi-daemon avahi-discover avahi-dnsconfd avahi-ui-utils avahi-utils libavahi-client-dev libavahi-client3 libavahi-common-data libavahi-common-dev libavahi-common3 libavahi-compat-libdnssd-dev libavahi-compat-libdnssd1 libavahi-core-dev libavahi-core7 libavahi-glib-dev libavahi-glib1 libavahi-gobject-dev libavahi-gobject0 libavahi-qt4-1 libavahi-qt4-dev libavahi-ui-dev libavahi-ui-gtk3-0 libavahi-ui-gtk3-dev libavahi-ui0 python-avahi 0: libpython2.7-minimal libpython2.7 python2.7 python2.7-dev libpython2.7-testsuite libpython2.7-dev python2.7-minimal idle-python2.7 python2.7-doc python2.7-examples libpython2.7-stdlib isag sysstat netatalk 0: 0: vim-common vim-gnome vim-lesstif vim-athena vim-gtk vim-gui-common vim vim-doc vim-tiny vim-runtime vim-nox libpano13-dev libpano13-bin libpano13-2 libglib2.0-0 libglib2.0-0-refdbg libglib2.0-bin libglib2.0-data libglib2.0-dev libglib2.0-doc libglib2.0-tests libcap2 libcap2-bin libpam-cap libcap-dev qemu-system-common qemu-system-sparc qemu-system-misc qemu-system-arm qemu-kvm qemu-user qemu-keymaps qemu-system qemu-utils qemu-user-static qemu-system-aarch64 qemu-system-x86 qemu-common qemu-guest-agent qemu qemu-system-ppc qemu-system-mips libx11-6 libx11-data libx11-dev libx11-doc libx11-xcb-dev libx11-xcb1 libgsasl7 libgsasl7-dev gsasl bind9 bind9-doc bind9-host bind9utils dnsutils host libbind-dev libbind9-90 libdns100 libisc95 libisccc90 libisccfg90 liblwres90 lwresd libssl-dev libssl-doc libssl1.0.0 openssl accountsservice gir1.2-accountsservice-1.0 libaccountsservice-dev libaccountsservice-doc libaccountsservice0 libpam-pin ldap-utils libldap-2.4-2 libldap2-dev slapd slapd-smbk5pwd screen gerbv 0: 0: 0: libtiff-doc libtiff-opengl libtiff-tools libtiff4-dev libtiff5 libtiff5-alt-dev libtiff5-dev libtiffxx5 wkhtmltopdf libyajl-dev libyajl-doc libyajl2 yajl-tools curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome ssh-krb5 graphite-web 0: 0: 0: libwireshark-data libwireshark-dev libwireshark11 libwiretap-dev libwiretap8 libwscodecs2 libwsutil-dev libwsutil9 tshark wireshark wireshark-common wireshark-dev wireshark-doc wireshark-gtk wireshark-qt vim vim-athena vim-common vim-doc vim-gnome vim-gtk vim-gui-common vim-lesstif vim-nox vim-runtime vim-tiny libodbc1 odbcinst odbcinst1debian2 unixodbc unixodbc-dev openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome ssh-krb5 libtiff-doc libtiff-opengl libtiff-tools libtiff4-dev libtiff5 libtiff5-alt-dev libtiff5-dev libtiffxx5 vim vim-athena vim-common vim-doc vim-gnome vim-gtk vim-gui-common vim-lesstif vim-nox vim-runtime vim-tiny clamav clamav-base clamav-daemon clamav-docs clamav-freshclam clamav-milter clamav-testfiles libclamav-dev libclamav9 0: 0: faad libfaad-dev libfaad2 elfutils libasm-dev libasm1 libdw-dev libdw1 libelf-dev libelf1 python-git busybox busybox-initramfs busybox-static busybox-syslogd udhcpc udhcpd 0: 0: libsox-dev libsox-fmt-all libsox-fmt-alsa libsox-fmt-ao libsox-fmt-base libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox2 sox idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal flac libflac++-dev libflac++6 libflac-dev libflac-doc libflac8 libapache2-mod-security2 libapache2-modsecurity libssh2-1 libssh2-1-dev gawk binutils binutils-dev binutils-doc binutils-multiarch binutils-multiarch-dev binutils-source binutils-static 0: 0: imagemagick imagemagick-common imagemagick-doc libmagick++-dev libmagick++5 libmagickcore-dev libmagickcore5 libmagickcore5-extra libmagickwand-dev libmagickwand5 perlmagick idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal 0: libx11-6 libx11-data libx11-dev libx11-doc libx11-xcb-dev libx11-xcb1 libxpm-dev libxpm4 xpmutils exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 binutils binutils-dev binutils-doc binutils-multiarch binutils-multiarch-dev binutils-source binutils-static libjs-jquery-ui libjs-jquery-ui-docs vim vim-athena vim-common vim-doc vim-gnome vim-gtk vim-gui-common vim-lesstif vim-nox vim-runtime vim-tiny bind9 bind9-doc bind9-host bind9utils dnsutils host libbind-dev libbind9-90 libdns100 libisc95 libisccc90 libisccfg90 liblwres90 lwresd libtiff-doc libtiff-opengl libtiff-tools libtiff4-dev libtiff5 libtiff5-alt-dev libtiff5-dev libtiffxx5 curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev 0: 0: 0: lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib32tinfo-dev lib32tinfo5 lib64ncurses5 lib64ncurses5-dev lib64tinfo5 libncurses5 libncurses5-dev libncursesw5 libncursesw5-dev libtinfo-dev libtinfo5 libx32ncurses5 libx32ncurses5-dev libx32ncursesw5 libx32ncursesw5-dev libx32tinfo-dev libx32tinfo5 ncurses-base ncurses-bin ncurses-doc ncurses-examples ncurses-term vim vim-athena vim-common vim-doc vim-gnome vim-gtk vim-gui-common vim-lesstif vim-nox vim-runtime vim-tiny xdmx xdmx-tools xnest xorg-server-source xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-dev xserver-xorg-xmir xvfb exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 0: krb5-admin-server krb5-doc krb5-gss-samples krb5-kdc krb5-kdc-ldap krb5-locales krb5-multidev krb5-otp krb5-pkinit krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit9 libkadm5srv-mit8 libkadm5srv-mit9 libkdb5-7 libkrad-dev libkrad0 libkrb5-3 libkrb5-dev libkrb5support0 xrdp libsndfile1 libsndfile1-dev sndfile-programs xrdp traceroute avahi-autoipd avahi-daemon avahi-discover avahi-dnsconfd avahi-ui-utils avahi-utils libavahi-client-dev libavahi-client3 libavahi-common-data libavahi-common-dev libavahi-common3 libavahi-compat-libdnssd-dev libavahi-compat-libdnssd1 libavahi-core-dev libavahi-core7 libavahi-glib-dev libavahi-glib1 libavahi-gobject-dev libavahi-gobject0 libavahi-qt4-1 libavahi-qt4-dev libavahi-ui-dev libavahi-ui-gtk3-0 libavahi-ui-gtk3-dev libavahi-ui0 python-avahi 0: libapache2-mod-macro libapache2-mod-proxy-html apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-mpm-event apache2-mpm-itk apache2-mpm-prefork apache2-mpm-worker apache2-suexec apache2-suexec-custom apache2-suexec-pristine apache2-utils apache2.2-bin libtiff-doc libtiff-opengl libtiff-tools libtiff4-dev libtiff5 libtiff5-alt-dev libtiff5-dev libtiffxx5 idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal redis-server redis-tools 0: 0: tar tar-scripts binutils binutils-dev binutils-doc binutils-multiarch binutils-multiarch-dev binutils-source binutils-static vim vim-athena vim-common vim-doc vim-gnome vim-gtk vim-gui-common vim-lesstif vim-nox vim-runtime vim-tiny audiofile-tools libaudiofile-dev libaudiofile1 libzookeeper-java libzookeeper-java-doc libzookeeper-mt-dev libzookeeper-mt2 libzookeeper-st-dev libzookeeper-st2 libzookeeper2 python-zookeeper zookeeper zookeeper-bin zookeeperd monit libxerces-c-dev libxerces-c-doc libxerces-c-samples libxerces-c3.1 w3m w3m-img libfreeimage-dev libfreeimage3 xdmx xdmx-tools xnest xorg-server-source xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-dev xserver-xorg-xmir xvfb libpam-cracklib libpam-doc libpam-modules libpam-modules-bin libpam-runtime libpam0g libpam0g-dev libxerces-c-dev libxerces-c-doc libxerces-c-samples libxerces-c3.1 postfix postfix-cdb postfix-dev postfix-doc postfix-ldap postfix-mysql postfix-pcre postfix-pgsql postfix postfix-cdb postfix-dev postfix-doc postfix-ldap postfix-mysql postfix-pcre postfix-pgsql python-jinja2 python-jinja2-doc python3-jinja2 0: 0: 0: 0: ceph ceph-common ceph-fs-common ceph-fuse ceph-mds ceph-test libcephfs-dev libcephfs-jni libcephfs1 librados-dev librados2 librbd-dev librbd1 python-ceph radosgw rbd-fuse rest-bench imagemagick imagemagick-common imagemagick-doc libmagick++-dev libmagick++5 libmagickcore-dev libmagickcore5 libmagickcore5-extra libmagickwand-dev libmagickwand5 perlmagick login passwd uidmap libtiff-doc libtiff-opengl libtiff-tools libtiff4-dev libtiff5 libtiff5-alt-dev libtiff5-dev libtiffxx5 0: 0: 0: 0: libxml2 libxml2-dev libxml2-doc libxml2-utils python-libxml2 lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib32tinfo-dev lib32tinfo5 lib64ncurses5 lib64ncurses5-dev lib64tinfo5 libncurses5 libncurses5-dev libncursesw5 libncursesw5-dev libtinfo-dev libtinfo5 libx32ncurses5 libx32ncurses5-dev libx32ncursesw5 libx32ncursesw5-dev libx32tinfo-dev libx32tinfo5 ncurses-base ncurses-bin ncurses-doc ncurses-examples ncurses-term vim vim-athena vim-common vim-doc vim-gnome vim-gtk vim-gui-common vim-lesstif vim-nox vim-runtime vim-tiny 0: 0: 0: 0: graphviz graphviz-dev graphviz-doc libcdt5 libcgraph6 libgraphviz-dev libgv-guile libgv-lua libgv-perl libgv-php5 libgv-python libgv-ruby libgv-tcl libgvc6 libgvc6-plugins-gtk libgvpr2 libpathplan4 libxdot4 xdmx xdmx-tools xnest xorg-server-source xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-dev xserver-xorg-xmir xvfb xdmx xdmx-tools xnest xorg-server-source xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-dev xserver-xorg-xmir xvfb python-django python-django-doc bind9 bind9-doc bind9-host bind9utils dnsutils host libbind-dev libbind9-90 libdns100 libisc95 libisccc90 libisccfg90 liblwres90 lwresd libmaven-shared-utils-java libmaven-shared-utils-java-doc nodejs nodejs-dev nodejs-legacy klibc-utils libklibc libklibc-dev 0: 0: 0: python-imaging python-imaging-compat python-imaging-doc python-imaging-sane python-imaging-tk python-pil python-pil-doc python-pil.imagetk python-sane python3-imaging python3-imaging-sane python3-imaging-tk python3-pil python3-pil.imagetk python3-sane zabbix-agent zabbix-frontend-php zabbix-java-gateway zabbix-proxy-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql less gerbv eglibc-source glibc-doc libc-bin libc-dev-bin libc6 libc6-amd64 libc6-armel libc6-dev libc6-dev-amd64 libc6-dev-armel libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-pic libc6-prof libc6-x32 multiarch-support nscd lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_generic_(\d+) lkp_Ubuntu_4_4_0[_|\d]+_lowlatency_(\d+)