Ubuntu Linux 17.10 will reach it's end of life on July 19 2018
The following updates has been released for Ubuntu Linux:
USN-3690-2: AMD Microcode regression
USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 (aka Spectre). Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS.
USN-3705-1: Firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website.
USN-3690-2: AMD Microcode regression
USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 (aka Spectre). Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS.
USN-3705-1: Firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website.
The PHP 7.2 packages for Ubuntu Linux 18.04 LTS has been updated with a security patch for the exif module
The following updates has been released for Ubuntu Linux:
LSN-0040-1: Linux kernel vulnerability
USN-3702-1: PHP vulnerability
USN-3703-1: Archive Zip
USN-3703-2: Archive Zip vulnerability
LSN-0040-1: Linux kernel vulnerability
USN-3702-1: PHP vulnerability
USN-3703-1: Archive Zip
USN-3703-2: Archive Zip vulnerability
The following updates has been released for Ubuntu Linux:
USN-3699-1: zziplib vulnerabilities
zziplib could be made to crash or run programs as your login if it opened aspecially crafted file.
USN-3700-1: Exiv2 vulnerabilities
Several security issues were fixed in Exiv2.
USN-3701-1: libsoup vulnerability
libsoup could be made to crash if it received a specially crafted input.
USN-3699-1: zziplib vulnerabilities
zziplib could be made to crash or run programs as your login if it opened aspecially crafted file.
USN-3700-1: Exiv2 vulnerabilities
Several security issues were fixed in Exiv2.
USN-3701-1: libsoup vulnerability
libsoup could be made to crash if it received a specially crafted input.
The following kernel updates has been released for Ubuntu Linux:
USN-3695-1: Linux kernel vulnerabilities
USN-3695-2: Linux kernel (HWE) vulnerabilities
USN-3696-1: Linux kernel vulnerabilities
USN-3696-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3697-1: Linux kernel vulnerabilities
USN-3697-2: Linux kernel (OEM) vulnerabilities
USN-3698-1: Linux kernel vulnerabilities
USN-3698-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3695-1: Linux kernel vulnerabilities
USN-3695-2: Linux kernel (HWE) vulnerabilities
USN-3696-1: Linux kernel vulnerabilities
USN-3696-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3697-1: Linux kernel vulnerabilities
USN-3697-2: Linux kernel (OEM) vulnerabilities
USN-3698-1: Linux kernel vulnerabilities
USN-3698-2: Linux kernel (Trusty HWE) vulnerabilities
The following updates has been released for Ubuntu Linux:
Ubuntu Linux 12.04 ESM:
USN-3686-2: file vulnerabilities
Several security issues were fixed in file.
Ubuntu Linux 14.04 LTS:
USN-3694-1: NASM vulnerabilities
NASM could be made to crash or run programs if it opened a specially crafted file.
Ubuntu Linux 12.04 ESM:
USN-3686-2: file vulnerabilities
Several security issues were fixed in file.
Ubuntu Linux 14.04 LTS:
USN-3694-1: NASM vulnerabilities
NASM could be made to crash or run programs if it opened a specially crafted file.
Updated Jasper packages has been released for Ubuntu Linux 14.04 LTS and 16.04 LTS
Updated OpenSSL packages are available for Ubuntu 18.04 LTS, Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 ESM:
USN-3692-1: OpenSSL vulnerabilities
USN-3692-2: OpenSSL vulnerabilities
USN-3692-1: OpenSSL vulnerabilities
USN-3692-2: OpenSSL vulnerabilities
Updated OpenJDK 7 packages has been released for Ubuntu Linux 14.04 LTS
Updated processor microcode firmware for AMD CPUs has been released for Ubuntu Linux
The following updates has been released for Ubuntu Linux:
USN-3688-1: Spidermonkey vulnerabilities
Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Available for Ubuntu 18.04 LTS and 17-10
USN-3689-1: Libgcrypt vulnerability
USN-3689-2: Libgcrypt vulnerability
Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Available for Ubuntu 18.04 LTS, 16.04 LTS, 17.10, 14.04 LTS, and 12.04 ESM
USN-3688-1: Spidermonkey vulnerabilities
Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Available for Ubuntu 18.04 LTS and 17-10
USN-3689-1: Libgcrypt vulnerability
USN-3689-2: Libgcrypt vulnerability
Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Available for Ubuntu 18.04 LTS, 16.04 LTS, 17.10, 14.04 LTS, and 12.04 ESM
The following updates has been released for Ubuntu Linux:
USN-3675-3: GnuPG vulnerability
GnuPG could be made to incorrectly interpret the status of the cryptographic operation if it received specially crafted file. Available for Ubuntu 12.04 ESM
USN-3687-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Available for Ubuntu 16.04 LTS, 17.10, and 18.04 LTS
USN-3675-3: GnuPG vulnerability
GnuPG could be made to incorrectly interpret the status of the cryptographic operation if it received specially crafted file. Available for Ubuntu 12.04 ESM
USN-3687-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Available for Ubuntu 16.04 LTS, 17.10, and 18.04 LTS
The following updates has been released for Ubuntu Linux:
USN-3675-2: GnuPG 2 vulnerability
USN-3678-4: Linux kernel (Raspberry Pi 2) vulnerabilities
USN-3685-1: Ruby vulnerabilities
USN-3686-1: file vulnerabilities
USN-3675-2: GnuPG 2 vulnerability
USN-3678-4: Linux kernel (Raspberry Pi 2) vulnerabilities
USN-3685-1: Ruby vulnerabilities
USN-3686-1: file vulnerabilities
Updated perl packages has been released for Ubuntu Linux 18.04 LTS, 17.10, 16.04 LTS, 14.04 LTS, and 12.04 ESM
USN-3684-1: Perl vulnerability
USN-3684-2: Perl vulnerability
USN-3684-1: Perl vulnerability
USN-3684-2: Perl vulnerability
Updated bind9 packages has been released for Ubuntu Linux 18.04 LTS
The following updates has been released for Ubuntu Linux:
USN-3678-3: Linux kernel (Azure) vulnerabilities
This update addresses 3 security issues in the Linux kernel for Microsoft Azure Cloud systems. Available for Ubuntu Linux 18.04 LTS
USN-3679-1: QEMU update
Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. Available for Ubuntu Linux 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3680-1: libvirt vulnerability and update
This update adds Side channel execution mitigations to libvirt. Available for Ubuntu 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3681-1: ImageMagick vulnerabilities
This update fixes several security issues in ImageMagick. Available for Ubuntu 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3682-1: Firefox vulnerability
This update addresses an issue where Firefox could or run programs as your login if it opened a malicious website. Available for Ubuntu 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3678-3: Linux kernel (Azure) vulnerabilities
This update addresses 3 security issues in the Linux kernel for Microsoft Azure Cloud systems. Available for Ubuntu Linux 18.04 LTS
USN-3679-1: QEMU update
Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. Available for Ubuntu Linux 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3680-1: libvirt vulnerability and update
This update adds Side channel execution mitigations to libvirt. Available for Ubuntu 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3681-1: ImageMagick vulnerabilities
This update fixes several security issues in ImageMagick. Available for Ubuntu 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
USN-3682-1: Firefox vulnerability
This update addresses an issue where Firefox could or run programs as your login if it opened a malicious website. Available for Ubuntu 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS
Two additional Kernel updates has been released for Ubuntu:
USN-3678-1: Linux kernel vulnerabilities
USN-3678-2: Linux kernel (Azure) vulnerabilities
USN-3678-1: Linux kernel vulnerabilities
USN-3678-2: Linux kernel (Azure) vulnerabilities
The following updates has been released for Ubuntu Linux:
USN-3674-1: Linux kernel vulnerabilities
USN-3674-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3675-1: GnuPG vulnerabilities
USN-3676-1: Linux kernel vulnerabilities
USN-3676-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3677-1: Linux kernel vulnerabilities
USN-3677-2: Linux kernel (HWE) vulnerabilities
USN-3674-1: Linux kernel vulnerabilities
USN-3674-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3675-1: GnuPG vulnerabilities
USN-3676-1: Linux kernel vulnerabilities
USN-3676-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3677-1: Linux kernel vulnerabilities
USN-3677-2: Linux kernel (HWE) vulnerabilities
Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick Unbound into accepting a NODATA proof. Updated unbound packages now available for Ubuntu 18.04 LTS, 17.10, 16.04 LTS, and 14.04 LTS
