SECURITY

USN-2936-2: Oxygen-GTK3 update Ubuntu Security Notice USN-2936-2 2nd May, 2016 oxygen-gtk3 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme Software description oxygen-gtk3 – Oxygen widget theme for GTK3-based applications Details USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox tocrash on startup with the Oxygen GTK theme due to a pre-existing bug inthe Oxygen-GTK3 theme engine. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to [ more… ]

USN-2957-2: Libtasn1 vulnerability Ubuntu Security Notice USN-2957-2 2nd May, 2016 libtasn1-6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Libtasn1 could be made to hang if it processed specially crafted data. Software description libtasn1-6 – Library to manage ASN.1 structures Details USN-2957-1 fixed a vulnerability in Libtasn1. This update provides thecorresponding update for Ubuntu 16.04 LTS. Original advisory details: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libtasn1-6 4.7-3ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]