Ubuntu 6571 Published by

The following two updates are available for Ubuntu Linux:

USN-3426-2: Samba vulnerabilities
USN-3472-1: LibreOffice vulnerabilities



USN-3426-2: Samba vulnerabilities



==========================================================================
Ubuntu Security Notice USN-3426-2
November 02, 2017

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in XXX-APP-XXX.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3426-1 fixed several vulnerabilities in Samba. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Stefan Metzmacher discovered that Samba incorrectly enforced SMB
 signing in certain situations. A remote attacker could use this issue
 to perform a man in the middle attack. (CVE-2017-12150)

 Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled
 memory when SMB1 is being used. A remote attacker could possibly use
 this issue to obtain server memory contents. (CVE-2017-12163)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  samba 2:3.6.25-0ubuntu0.12.04.13

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3426-2
  https://www.ubuntu.com/usn/usn-3426-1
  CVE-2017-12150, CVE-2017-12163

USN-3472-1: LibreOffice vulnerabilities




==========================================================================
Ubuntu Security Notice USN-3472-1
November 02, 2017

libreoffice vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- libreoffice: Office productivity suite

Details:

Marcin Noga discovered that LibreOffice incorrectly handled PPT documents.
If a user were tricked into opening a specially crafted PPT document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12607)

Marcin Noga discovered that LibreOffice incorrectly handled Word documents.
If a user were tricked into opening a specially crafted Word document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12608)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libreoffice-core 1:4.2.8-0ubuntu5.2

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3472-1
CVE-2017-12607, CVE-2017-12608

Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5.2