The following two updates are available for Ubuntu Linux:
USN-3426-2: Samba vulnerabilities
USN-3472-1: LibreOffice vulnerabilities
USN-3426-2: Samba vulnerabilities
USN-3472-1: LibreOffice vulnerabilities
USN-3426-2: Samba vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3426-2
November 02, 2017
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in XXX-APP-XXX.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-3426-1 fixed several vulnerabilities in Samba. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Stefan Metzmacher discovered that Samba incorrectly enforced SMB
signing in certain situations. A remote attacker could use this issue
to perform a man in the middle attack. (CVE-2017-12150)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled
memory when SMB1 is being used. A remote attacker could possibly use
this issue to obtain server memory contents. (CVE-2017-12163)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
samba 2:3.6.25-0ubuntu0.12.04.13
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3426-2
https://www.ubuntu.com/usn/usn-3426-1
CVE-2017-12150, CVE-2017-12163
USN-3472-1: LibreOffice vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3472-1
November 02, 2017
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libreoffice: Office productivity suite
Details:
Marcin Noga discovered that LibreOffice incorrectly handled PPT documents.
If a user were tricked into opening a specially crafted PPT document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12607)
Marcin Noga discovered that LibreOffice incorrectly handled Word documents.
If a user were tricked into opening a specially crafted Word document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12608)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libreoffice-core 1:4.2.8-0ubuntu5.2
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3472-1
CVE-2017-12607, CVE-2017-12608
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5.2