[월:] 2020년 01월

USN-4234-2: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4234-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-4234-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – 72.0.2+build1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS firefox [ more… ]

USN-4262-1: OpenStack Keystone vulnerability keystone vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Summary OpenStack Keystone could be made to expose sensitive information over the network. Software Description keystone – OpenStack identity service Details Daniel Preussker discovered that OpenStack Keystone incorrectly handled the list credentials API. A user with a role on the project could use this issue to view any other user’s credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 keystone – 2:16.0.0-0ubuntu1.1 python3-keystone – 2:16.0.0-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-19687 Source: USN-4262-1: OpenStack Keystone vulnerability