USN-3586-1: DHCP vulnerabilities

isc-dhcp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in DHCP.

Software Description

  • isc-dhcp – DHCP server and client

Details

Konstantin Orekhov discovered that the DHCP server incorrectly handled a
large number of concurrent TCP sessions. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774)

It was discovered that the DHCP server incorrectly handled socket
descriptors. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-3144)

Felix Wilhelm discovered that the DHCP client incorrectly handled certain
malformed responses. A remote attacker could use this issue to cause the
DHCP client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated by
the dhclient AppArmor profile. (CVE-2018-5732)

Felix Wilhelm discovered that the DHCP server incorrectly handled reference
counting. A remote attacker could possibly use this issue to cause the DHCP
server to crash, resulting in a denial of service. (CVE-2018-5733)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
isc-dhcp-client4.3.5-3ubuntu2.2
isc-dhcp-relay4.3.5-3ubuntu2.2
isc-dhcp-server4.3.5-3ubuntu2.2
isc-dhcp-server-ldap4.3.5-3ubuntu2.2
Ubuntu 16.04 LTS
isc-dhcp-client4.3.3-5ubuntu12.9
isc-dhcp-relay4.3.3-5ubuntu12.9
isc-dhcp-server4.3.3-5ubuntu12.9
isc-dhcp-server-ldap4.3.3-5ubuntu12.9
Ubuntu 14.04 LTS
isc-dhcp-client4.2.4-7ubuntu12.12
isc-dhcp-relay4.2.4-7ubuntu12.12
isc-dhcp-server4.2.4-7ubuntu12.12
isc-dhcp-server-ldap4.2.4-7ubuntu12.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Read More

VirtualBox 5.2.8 Released with Support for Linux 4.15

virtualbox logoA new version of VirtualBox is available to now download. VirtualBox 5.2.8 supports the latest Linux kernel 4.15 in Linux guest machines, making it perfect for those looking to try the latest Bionic Beaver daily builds. The popular virtual machine software will soon work better on Linux hosts with the integration of VirtualBox guest additions in […]

This post, VirtualBox 5.2.8 Released with Support for Linux 4.15, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

Read More

RHSA-2018:0378-1: Important: ruby security update

Red Hat Enterprise Linux: An update for ruby is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17790

Read More

RHSA-2018:0377-1: Important: quagga security update

Red Hat Enterprise Linux: An update for quagga is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2018-5379

Read More

USN-3579-2: LibreOffice regression

Ubuntu Security Notice USN-3579-2

28th February, 2018

libreoffice regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.10

Summary

USN-3579-1 caused a regression in LibreOffice.

Software description

  • libreoffice
    – Office productivity suite

Details

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was
no longer possible for LibreOffice to open documents from certain
locations outside of the user’s home directory. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
libreoffice-common

1:5.4.5-0ubuntu0.17.10.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make
all the necessary changes.

References

LP: 1751005

Read More