SECURITY

USN-4353-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and [ more… ]

USN-4352-2: OpenLDAP vulnerability openldap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary OpenLDAP could be made to crash if it received specially crafted network traffic. Software Description openldap – Lightweight Directory Access Protocol Details USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM slapd – 2.4.31-1+nmu2ubuntu8.5+esm2 Ubuntu 12.04 ESM slapd – 2.4.28-1.1ubuntu4.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-4352-1: OpenLDAP vulnerability openldap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary OpenLDAP could be made to crash if it received specially crafted network traffic. Software Description openldap – Lightweight Directory Access Protocol Details It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS slapd – 2.4.49+dfsg-2ubuntu1.2 Ubuntu 19.10 slapd – 2.4.48+dfsg-1ubuntu1.1 Ubuntu 18.04 LTS slapd – 2.4.45+dfsg-1ubuntu1.5 Ubuntu 16.04 LTS slapd – 2.4.42+dfsg-2ubuntu3.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4351-1: Linux firmware vulnerability linux-firmware vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary The system could be made to expose sensitive information. Software Description linux-firmware – Firmware for Linux kernel drivers Details Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-firmware – 1.173.18 Ubuntu 16.04 LTS linux-firmware – 1.157.23 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-5383 Source: USN-4351-1: Linux firmware vulnerability

USN-4330-2: PHP vulnerabilities php7.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary Several security issues were fixed in PHP. Software Description php7.4 – server-side, HTML-embedded scripting language (metapackage) Details USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7066) Update instructions The problem can be corrected by updating your system to [ more… ]