[월:] 2018년 01월

USN-3544-1: Firefox vulnerabilities Ubuntu Security Notice USN-3544-1 24th January, 2018 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, spoof the origin in audio capture prompts, trick the user in toproviding HTTP credentials for another origin, spoof the addressbarcontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101,CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114,CVE-2018-5115, CVE-2018-5117, CVE-2018-5122) Multiple security issues were discovered in WebExtensions. If a [ more… ]

USN-3546-1: gcab vulnerability Ubuntu Security Notice USN-3546-1 24th January, 2018 gcab vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Summary gcab could be made to crash or run programs if it opened a specially crafted file. Software description gcab – Microsoft Cabinet file manipulation tool Details Richard Hughes discovered that gcab incorrectly handled certain malformedcabinet files. If a user or automated system were tricked into opening aspecially crafted cabinet file, a remote attacker could use this issue tocause gcab to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libgcab-1.0-0 0.7-4ubuntu0.1 gcab 0.7-4ubuntu0.1 Ubuntu 16.04 LTS: libgcab-1.0-0 0.7-1ubuntu0.1 gcab 0.7-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]