Display Network Traffic in the Ubuntu Panel with NetSpeed

Want to keep an eye on your network traffic from the Ubuntu desktop? If you’re running Ubuntu 17.10 (or any distro that uses GNOME Shell) you can do so easily by installing a network monitor GNOME extension. A wealth of network monitor extensions are available for GNOME Shell (and by extension, excuse the pun, Ubuntu too) including […]

This post, Display Network Traffic in the Ubuntu Panel with NetSpeed, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

Read More

Cozy is a Promising New Audiobook Player for Linux Desktops

cozy audiobook playerA promising new audiobook player for Linux desktop has joined the shelves of open-source software. It’s called Cozy, uses GTK3, and is billed as providing a ‘modern’ front-end from which to browse your collection of talking books. Interest piqued, I fluffed my cushion, prepped a latte, and leaned back into my chair to give its first […]

This post, Cozy is a Promising New Audiobook Player for Linux Desktops, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

Read More

RHSA-2017:3002-1: Moderate: rh-nodejs4-nodejs security and bug fix update

Red Hat Enterprise Linux: An update for rh-nodejs4, rh-nodejs4-node-gyp, and rh-nodejs4-nodejs is now
available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-11499

Read More

RHSA-2017:2999-1: Critical: java-1.8.0-oracle security update

Red Hat Enterprise Linux: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat
Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388

Read More

USN-3457-1: curl vulnerability

Ubuntu Security Notice USN-3457-1

23rd October, 2017

curl vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

curl could be made to crash or run programs if it received specially
crafted network traffic.

Software description

  • curl
    – HTTP, HTTPS, and FTP client and client libraries

Details

Brian Carpenter discovered that curl incorrectly handled IMAP FETCH
response lines. A remote attacker could use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
libcurl3-nss

7.55.1-1ubuntu2.1
curl

7.55.1-1ubuntu2.1
libcurl3-gnutls

7.55.1-1ubuntu2.1
libcurl3

7.55.1-1ubuntu2.1
Ubuntu 17.04:
libcurl3-nss

7.52.1-4ubuntu1.3
curl

7.52.1-4ubuntu1.3
libcurl3-gnutls

7.52.1-4ubuntu1.3
libcurl3

7.52.1-4ubuntu1.3
Ubuntu 16.04 LTS:
libcurl3-nss

7.47.0-1ubuntu2.4
curl

7.47.0-1ubuntu2.4
libcurl3-gnutls

7.47.0-1ubuntu2.4
libcurl3

7.47.0-1ubuntu2.4
Ubuntu 14.04 LTS:
libcurl3-nss

7.35.0-1ubuntu2.12
curl

7.35.0-1ubuntu2.12
libcurl3-gnutls

7.35.0-1ubuntu2.12
libcurl3

7.35.0-1ubuntu2.12

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-1000257

Read More

USN-3459-1: MySQL vulnerabilities

Ubuntu Security Notice USN-3459-1

23rd October, 2017

mysql-5.5, mysql-5.7 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in MySQL.

Software description

  • mysql-5.5
    – MySQL database

  • mysql-5.7
    – MySQL database

Details

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,
Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
mysql-server-5.7

5.7.20-0ubuntu0.17.10.1
Ubuntu 17.04:
mysql-server-5.7

5.7.20-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7

5.7.20-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5

5.5.58-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-10155,

CVE-2017-10165,

CVE-2017-10167,

CVE-2017-10227,

CVE-2017-10268,

CVE-2017-10276,

CVE-2017-10283,

CVE-2017-10286,

CVE-2017-10294,

CVE-2017-10311,

CVE-2017-10313,

CVE-2017-10314,

CVE-2017-10320,

CVE-2017-10378,

CVE-2017-10379,

CVE-2017-10384

Read More

USN-3460-1: WebKitGTK+ vulnerabilities

Ubuntu Security Notice USN-3460-1

23rd October, 2017

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software description

  • webkit2gtk
    – Web content engine library for GTK+

Details

A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.04:
libwebkit2gtk-4.0-37

2.18.0-0ubuntu0.17.04.2
libjavascriptcoregtk-4.0-18

2.18.0-0ubuntu0.17.04.2
Ubuntu 16.04 LTS:
libwebkit2gtk-4.0-37

2.18.0-0ubuntu0.16.04.2
libjavascriptcoregtk-4.0-18

2.18.0-0ubuntu0.16.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References

CVE-2017-7087,

CVE-2017-7089,

CVE-2017-7090,

CVE-2017-7091,

CVE-2017-7092,

CVE-2017-7093,

CVE-2017-7095,

CVE-2017-7096,

CVE-2017-7098,

CVE-2017-7100,

CVE-2017-7102,

CVE-2017-7104,

CVE-2017-7107,

CVE-2017-7109,

CVE-2017-7111,

CVE-2017-7117,

CVE-2017-7120

Read More

USN-3461-1: NVIDIA graphics drivers vulnerabilities

Ubuntu Security Notice USN-3461-1

23rd October, 2017

nvidia-graphics-drivers-384 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

NVIDIA graphics drivers could be made to crash or run programs as an
administrator.

Software description

  • nvidia-graphics-drivers-384
    – Transitional package for libcuda1-384

Details

It was discovered that the NVIDIA graphics drivers contained flaws in the
kernel mode layer. A local attacker could use these issues to cause a
denial of service or potentially escalate their privileges on the system.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.04:
nvidia-384

384.90-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
nvidia-384

384.90-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
nvidia-384

384.90-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2017-6257,

CVE-2017-6259,

CVE-2017-6266,

CVE-2017-6267,

CVE-2017-6272

Read More