[월:] 2019년 03월

USN-3918-3: Firefox regression firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3918-1 caused a regression in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, [ more… ]

USN-3925-1: FreeImage vulnerability freeimage vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary FreeImage could be made to crash or run programs as your login if it opened a specially crafted file. Software Description freeimage – Support library for graphics image formats (development files) Details It was discovered that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libfreeimage3 – 3.17.0+ds1-2ubuntu0.1 libfreeimageplus3 – 3.17.0+ds1-2ubuntu0.1 Ubuntu 14.04 LTS libfreeimage3 – 3.15.4-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-3924-1: mod_auth_mellon vulnerabilities libapache2-mod-auth-mellon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in mod_auth_mellon. Software Description libapache2-mod-auth-mellon – SAML 2.0 authentication module for Apache Details It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libapache2-mod-auth-mellon – 0.14.0-1ubuntu0.1 Ubuntu 18.04 LTS libapache2-mod-auth-mellon – 0.13.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3877 CVE-2019-3878 Source: USN-3924-1: mod_auth_mellon [ more… ]