what you don't know can hurt you

Ubuntu Security Notice USN-3337-1

Ubuntu Security Notice USN-3337-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
SHA-256 | e6c74709da754ef4d68aa49426add68eaab64a9d7bccbf2cec70f93a55f14b37

Ubuntu Security Notice USN-3337-1

Change Mirror Download

===========================================================================
Ubuntu Security Notice USN-3337-1
June 21, 2017

valgrind vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Valgrind could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- valgrind: instrumentation framework for building dynamic analysis tools

Details:

It was discovered that Valgrind incorrectly handled certain string
operations. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04
LTS and Ubuntu 16.10. (CVE-2016-2226)

It was discovered that Valgrind incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
Valgrind to crash, resulting in a denial of service. (CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492,
CVE-2016-4493, CVE-2016-6131)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
valgrind 1:3.12.0-1ubuntu1.1

Ubuntu 16.10:
valgrind 1:3.12.0~svn20160714-1ubuntu2.1

Ubuntu 16.04 LTS:
valgrind 1:3.11.0-1ubuntu4.2

Ubuntu 14.04 LTS:
valgrind 1:3.10.1-1ubuntu3~14.5

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3337-1
CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131

Package Information:
https://launchpad.net/ubuntu/+source/valgrind/1:3.12.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/valgrind/1:3.12.0~svn20160714-1ubuntu2.1
https://launchpad.net/ubuntu/+source/valgrind/1:3.11.0-1ubuntu4.2
https://launchpad.net/ubuntu/+source/valgrind/1:3.10.1-1ubuntu3~14.5



--jlNCsasRCsNoPPpGa0vTP5iNF74i17KNn--

Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close