[월:] 2019년 10월

USN-4152-1: libsoup vulnerability libsoup2.4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary libsoup could be made to crash if it received specially crafted network traffic. Software Description libsoup2.4 – HTTP client/server library for GNOME Details It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libsoup2.4-1 – 2.66.1-1ubuntu0.1 Ubuntu 18.04 LTS libsoup2.4-1 – 2.62.1-1ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-17266 Source: USN-4152-1: libsoup vulnerability

USN-4151-1: Python vulnerabilities python2.7, python3.5, python3.6, python3.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.7 – An interactive high-level object-oriented language python3.6 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-4150-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to obtain sensitive information, conduct cross-site scripting (XSS) attack, scause a denial of service, or [ more… ]

USN-4122-2: Firefox regression firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4122-1 caused a regression in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, [ more… ]