Articles by KENNETH

USN-3612-1: librelp vulnerability librelp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary librelp could be made to crash or run programs if it received specially crafted network traffic. Software Description librelp – Reliable Event Logging Protocol (RELP) library Details Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS librelp0 – 1.2.2-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart rsyslog to make all the necessary changes. References CVE-2018-1000140 Source: USN-3612-1: librelp vulnerability

USN-3611-1: OpenSSL vulnerability openssl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary OpenSSL could be made to crash if it received specially crafted network traffic. Software Description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libssl1.0.0 – 1.0.2g-1ubuntu13.4 Ubuntu 16.04 LTS libssl1.0.0 – 1.0.2g-1ubuntu4.11 Ubuntu 14.04 LTS libssl1.0.0 – 1.0.1f-1ubuntu2.24 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-0739 Source: USN-3611-1: OpenSSL vulnerability

USN-3610-1: ICU vulnerability icu vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary ICU could be made to crash if it received specially crafted input. Software Description icu – International Components for Unicode library Details It was discovered that ICU incorrectly handled certain calendars. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libicu57 – 57.1-6ubuntu0.3 Ubuntu 16.04 LTS libicu55 – 55.1-7ubuntu0.4 Ubuntu 14.04 LTS libicu52 – 52.1-3ubuntu0.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-15422 Source: USN-3610-1: ICU vulnerability

USN-3609-1: Firefox vulnerability firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 firefox – 59.0.2+build1-0ubuntu0.17.10.1 Ubuntu 16.04 LTS firefox – 59.0.2+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS firefox – 59.0.2+build1-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to [ more… ]