SECURITY

USN-3155-1: Firefox vulnerabilities Ubuntu Security Notice USN-3155-1 13th December, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security vulnerabilities were discovered in Firefox. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,obtain sensitive information, cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893,CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898,CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903,CVE-2016-9904) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: firefox 50.1.0+build2-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: firefox 50.1.0+build2-0ubuntu0.16.04.1 [ more… ]

USN-3156-1: APT vulnerability Ubuntu Security Notice USN-3156-1 13th December, 2016 apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary An attacker could trick APT into installing altered packages. Software description apt – Advanced front-end for dpkg Details Jann Horn discovered that APT incorrectly handled InRelease files.If a remote attacker were able to perform a man-in-the-middle attack, thisflaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: apt 1.3.2ubuntu0.1 Ubuntu 16.04 LTS: apt 1.2.15ubuntu0.2 Ubuntu 14.04 LTS: apt 1.0.1ubuntu2.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1252 Source: USN-3156-1: APT vulnerability