Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Ubuntu 16.04 LTS USN-3028-1 Critical: NSPR Denial Of Service

Calendar Jul 11, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu memory allocation NSPR
NSPR could be made to crash or run programs if it received specially crafted input. 
=========================================================================Ubuntu Security Notice USN-3028-1
July 11, 2016

nspr vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

NSPR could be made to crash or run programs if it received specially
crafted input.

Software Description:
- nspr: NetScape Portable Runtime Library

Details:

It was discovered that NSPR incorrectly handled memory allocation. A remote
attacker could use this issue to cause NSPR to crash, resulting in a denial
of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libnspr4                        2:4.12-0ubuntu0.16.04.1

Ubuntu 15.10:
  libnspr4                        2:4.12-0ubuntu0.15.10.1

Ubuntu 14.04 LTS:
  libnspr4                        2:4.12-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  libnspr4                        4.12-0ubuntu0.12.04.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3028-1
  CVE-2016-1951

Package Information:
  https://launchpad.net/ubuntu/+source/nspr/2:4.12-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/nspr/2:4.12-0ubuntu0.15.10.1
  https://launchpad.net/ubuntu/+source/nspr/2:4.12-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/nspr/4.12-0ubuntu0.12.04.1

Ubuntu 16.04 LTS USN-3028-1 Critical: NSPR Denial Of Service

ubuntu
Calendar Grey July 11, 2016
Dist Ubuntu Esm H88
Critical NSPR flaw in Ubuntu may lead to system instability or unauthorized command execution with specific input. Ensure you update immediately for protection!
NSPR could be made to crash or run programs if it received specially crafted input.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu memory allocation NSPR

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libnspr4 2:4.12-0ubuntu0.16.04.1 Ubuntu 15.10: libnspr4 2:4.12-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libnspr4 2:4.12-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: libnspr4 4.12-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3028-1

CVE-2016-1951

Severity
critical
Lowest
Low
Medium
High
Critical

July 11, 2016

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu memory allocation NSPR

Package Information

https://launchpad.net/ubuntu/+source/nspr/2:4.12-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/nspr/2:4.12-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/nspr/2:4.12-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nspr/4.12-0ubuntu0.12.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here