SECURITY

Ubuntu Security Notice USN-2866-1 8th January, 2016 firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to expose sensitive information over the network. Software description firefox – Mozilla Open Source web browser Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: firefox 43.0.4+build3-0ubuntu0.15.10.1 Ubuntu 15.04: firefox 43.0.4+build3-0ubuntu0.15.04.1 Ubuntu 14.04 LTS: firefox 43.0.4+build3-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 43.0.4+build3-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox [ more… ]

Ubuntu Security Notice USN-2865-1 8th January, 2016 gnutls26, gnutls28 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GnuTLS could be made to expose sensitive information over the network. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.04: libgnutls-openssl27 3.3.8-3ubuntu3.2 libgnutls-deb0-28 3.3.8-3ubuntu3.2 libgnutlsxx28 3.3.8-3ubuntu3.2 Ubuntu 14.04 LTS: libgnutlsxx27 2.12.23-12ubuntu2.4 libgnutls-openssl27 2.12.23-12ubuntu2.4 libgnutls26 2.12.23-12ubuntu2.4 Ubuntu 12.04 LTS: libgnutlsxx27 2.12.14-5ubuntu3.11 libgnutls-openssl27 2.12.14-5ubuntu3.11 libgnutls26 2.12.14-5ubuntu3.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

Ubuntu Security Notice USN-2864-1 7th January, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to expose sensitive information over the network. Software description nss – Network Security Service library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.19.2.1-0ubuntu0.15.10.2 Ubuntu 15.04: libnss3 2:3.19.2.1-0ubuntu0.15.04.2 Ubuntu 14.04 LTS: libnss3 2:3.19.2.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.19.2.1-0ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications [ more… ]