[월:] 2018년 02월

USN-3544-2: Firefox regressions Ubuntu Security Notice USN-3544-2 12th February, 2018 firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3544-1 caused some regressions in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3544-1 fixed vulnerabilities in Firefox. The update caused a webcompatibility regression and a tab crash during printing in somecircumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. [ more… ]

USN-3568-1: WavPack vulnerabilities Ubuntu Security Notice USN-3568-1 12th February, 2018 wavpack vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary WavPack could be made to crash if it opened a specially crafted file. Software description wavpack – audio codec (lossy and lossless) – encoder and decoder Details Hanno Böck discovered that WavPack incorrectly handled certainWV files. An attacker could possibly use this to cause a denialof service. This issue only affected Ubuntu 14.04 LTS and Ubuntu16.04 LTS. (CVE-2016-10169) Joonun Jang discovered that WavPack incorrectly handled certainRF64 files. An attacker could possibly use this to cause a denialof service. This issue only affected Ubuntu 17.10. (CVE-2018-6767) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwavpack1 5.1.0-2ubuntu0.1 wavpack 5.1.0-2ubuntu0.1 Ubuntu [ more… ]