The following security updates has been released for Ubuntu Linux:
USN-3602-1: LibTIFF vulnerabilities
USN-3603-1: Paramiko vulnerability
USN-3603-2: Paramiko vulnerability
USN-3602-1: LibTIFF vulnerabilities
USN-3603-1: Paramiko vulnerability
USN-3603-2: Paramiko vulnerability
USN-3602-1: LibTIFF vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3602-1
March 20, 2018
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.3
libtiff5 4.0.6-1ubuntu0.3
Ubuntu 14.04 LTS:
libtiff-tools 4.0.3-7ubuntu0.8
libtiff5 4.0.3-7ubuntu0.8
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3602-1
CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269,
CVE-2016-10371, CVE-2017-10688, CVE-2017-11335, CVE-2017-12944,
CVE-2017-13726, CVE-2017-13727, CVE-2017-18013, CVE-2017-7592,
CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600,
CVE-2017-7601, CVE-2017-7602, CVE-2017-9403, CVE-2017-9404,
CVE-2017-9815, CVE-2017-9936, CVE-2018-5784
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.8
USN-3603-1: Paramiko vulnerability
=========================================================================
Ubuntu Security Notice USN-3603-1
March 20, 2018
paramiko vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Paramiko could be made to run programs if it received specially
crafted network traffic.
Software Description:
- paramiko: Python SSH2 library
Details:
Matthijs Kooijman discovered that Paramiko's SSH server implementation
did not properly require authentication before processing requests. An
unauthenticated remote attacker could possibly use this to execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
python-paramiko 2.0.0-1ubuntu0.1
python3-paramiko 2.0.0-1ubuntu0.1
Ubuntu 16.04 LTS:
python-paramiko 1.16.0-1ubuntu0.1
python3-paramiko 1.16.0-1ubuntu0.1
Ubuntu 14.04 LTS:
python-paramiko 1.10.1-1git1ubuntu0.1
After a standard system update you need to restart any applications
using Paramiko's server implementation to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3603-1
CVE-2018-7750
Package Information:
https://launchpad.net/ubuntu/+source/paramiko/2.0.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/paramiko/1.16.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/paramiko/1.10.1-1git1ubuntu0.1
USN-3603-2: Paramiko vulnerability
=========================================================================
Ubuntu Security Notice USN-3603-2
March 20, 2018
paramiko vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Paramiko could be made to run programs if it received specially
crafted network traffic.
Software Description:
- paramiko: Make ssh v2 connections with Python
Details:
USN-3603-1 fixed a vulnerability in Paramiko. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Matthijs Kooijman discovered that Paramiko's SSH server implementation
did not properly require authentication before processing requests. An
unauthenticated remote attacker could possibly use this to execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
python-paramiko 1.7.7.1-2ubuntu1.1
After a standard system update you need to restart any applications
using Paramiko's server implementation to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3603-2
https://usn.ubuntu.com/usn/usn-3603-1
CVE-2018-7750