SECURITY

Ubuntu Security Notice USN-2882-1 27th January, 2016 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary curl would incorrectly re-use credentials. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Isaac Boukris discovered that curl could incorrectly re-use NTLM proxycredentials when subsequently connecting to the same host. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libcurl3-nss 7.43.0-1ubuntu2.1 libcurl3-gnutls 7.43.0-1ubuntu2.1 libcurl3 7.43.0-1ubuntu2.1 Ubuntu 15.04: libcurl3-nss 7.38.0-3ubuntu2.3 libcurl3-gnutls 7.38.0-3ubuntu2.3 libcurl3 7.38.0-3ubuntu2.3 Ubuntu 14.04 LTS: libcurl3-nss 7.35.0-1ubuntu2.6 libcurl3-gnutls 7.35.0-1ubuntu2.6 libcurl3 7.35.0-1ubuntu2.6 Ubuntu 12.04 LTS: libcurl3-nss 7.22.0-3ubuntu4.15 libcurl3-gnutls 7.22.0-3ubuntu4.15 libcurl3 7.22.0-3ubuntu4.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-0755 Source: [ more… ]

Ubuntu Security Notice USN-2877-1 27th January, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A bad cast was discovered in V8. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tocause a denial of service via renderer crash or execute arbitrary codewith the privileges of the sandboxed render process. (CVE-2016-1612) An issue was discovered when initializing the UnacceleratedImageBufferSurfaceclass in Blink. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to obtain sensitiveinformation. (CVE-2016-1614) An issue was discovered with the CSP implementation in Blink. If a userwere tricked in to opening [ more… ]

Ubuntu Security Notice USN-2880-1 27th January, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith,and Gabor Krizsanits discovered multiple memory safety issues in Firefox.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit these to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1930, CVE-2016-1931) Gustavo Grieco discovered an out-of-memory crash when loading GIF imagesin some circumstances. If a user were [ more… ]