SECURITY

USN-2924-1: NSS vulnerability Ubuntu Security Notice USN-2924-1 9th March, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to crash or run programs if it received specially crafted input. Software description nss – Network Security Service library Details Francis Gabriel discovered that NSS incorrectly handled decoding certainASN.1 data. An remote attacker could use this issue to cause NSS to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.21-0ubuntu0.15.10.2 Ubuntu 14.04 LTS: libnss3 2:3.21-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 2:3.21-0ubuntu0.12.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications thatuse NSS, [ more… ]

USN-2917-1: Firefox vulnerabilities Ubuntu Security Notice USN-2917-1 9th March, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, DanielHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiplememory safety issues in Firefox. If a user were [ more… ]