Articles by KENNETH

USN-3851-1: Django vulnerability python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Django could be made to expose spoofed information over the network. Software Description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 python-django – 1:1.11.15-1ubuntu1.1 python3-django – 1:1.11.15-1ubuntu1.1 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.2 python3-django – 1:1.11.11-1ubuntu1.2 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.7 python3-django – 1.8.7-1ubuntu5.7 Ubuntu 14.04 LTS python-django – 1.6.11-0ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

USN-3850-1: NSS vulnerabilities nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in NSS. Software Description nss – Network Security Service library Details Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404) Update instructions The problem can be corrected by updating your system to the following package [ more… ]