[월:] 2016년 05월

USN-2960-1: Oxide vulnerabilities Ubuntu Security Notice USN-2960-1 18th May, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details An out of bounds write was discovered in Blink. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit this to cause a denial of service via renderer crash, or executearbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame which passes same-originchecks is local in some cases. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tocause a denial of service via renderer crash, or execute arbitrary code.(CVE-2016-1661) A use-after-free was discovered in [ more… ]

USN-2973-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-2973-1 18th May, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Christian Holler, Tyson Smith, and Phil Ringalda discovered multiplememory safety issues in Thunderbird. If a user were tricked in to openinga specially crafted message, an attacker could potentially exploit theseto cause a denial of service via application crash, or execute arbitrarycode. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSSproduce incorrect results in some circumstances, resulting incryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange inNSS. A remote attacker could potentially exploit this to cause a denial ofservice via application crash, or [ more… ]

USN-2936-3: Firefox regression Ubuntu Security Notice USN-2936-3 18th May, 2016 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2936-1 introduced a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issuewhere a device update POST request was sent every time about:preferences#syncwas shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of [ more… ]