Articles by KENNETH

USN-3529-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3529-1 29th January, 2018 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that a From address encoded with a null character iscut off in the message header display. An attacker could potentiallyexploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feedsin some circumstances. If a user were tricked in to opening a speciallycrafted RSS feed, an attacker could potentially exploit this incombination with another vulnerability, in order to cause unspecifiedproblems. (CVE-2017-7846) It was discovered that the RSS feed can leak local path names. If a userwere tricked [ more… ]

USN-3549-1: Linux kernel (KVM) vulnerabilities Ubuntu Security Notice USN-3549-1 29th January, 2018 linux-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-kvm – Linux kernel for cloud environments Details Jann Horn discovered that microprocessors utilizing speculativeexecution and branch prediction may allow unauthorized memoryreads via sidechannel attacks. This flaw is known as Spectre. Alocal attacker could use this to expose sensitive information,including kernel memory. (CVE-2017-5715, CVE-2017-5753) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1017-kvm 4.4.0-1017.22 linux-image-kvm 4.4.0.1017.16 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)requires corresponding processor microcode/firmware updates or,in virtual environments, hypervisor updates. On i386 and amd64architectures, the IBRS [ more… ]