SECURITY

USN-4203-2: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary NSS could be made to crash or run programs if it received specially crafted input. Software Description nss – Network Security Service library Details USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libnss3 – 2:3.28.4-0ubuntu0.14.04.5+esm2 Ubuntu 12.04 ESM libnss3 – 2:3.28.4-0ubuntu0.12.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4203-1: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary NSS could be made to crash or run programs if it received specially crafted input. Software Description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libnss3 – 2:3.45-1ubuntu2.1 Ubuntu 19.04 libnss3 – 2:3.42-1ubuntu2.3 Ubuntu 18.04 LTS libnss3 – 2:3.35-2ubuntu2.5 Ubuntu 16.04 LTS libnss3 – 2:3.28.4-0ubuntu0.16.04.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]

USN-4202-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, [ more… ]

USN-4201-1: Ruby vulnerabilities ruby2.3, ruby2.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Ruby. Software Description ruby2.5 – Interpreter of object-oriented scripting language Ruby ruby2.3 – Object-oriented scripting language Details It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. (CVE-2019-15845) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. (CVE-2019-16201) It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16254) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue [ more… ]

USN-4200-1: Redmine vulnerabilities redmine vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in redmine. Software Description redmine – flexible project management web application Details It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 redmine – 4.0.1-2ubuntu0.1 redmine-mysql – 4.0.1-2ubuntu0.1 redmine-pgsql – 4.0.1-2ubuntu0.1 redmine-sqlite – 4.0.1-2ubuntu0.1 Ubuntu 18.04 LTS redmine – 3.4.4-1ubuntu0.1 redmine-mysql – 3.4.4-1ubuntu0.1 redmine-pgsql – 3.4.4-1ubuntu0.1 redmine-sqlite – 3.4.4-1ubuntu0.1 Ubuntu 16.04 LTS redmine – [ more… ]