SECURITY

USN-4017-2: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary The system could be made to crash if it received specially crafted network traffic. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. [ more… ]

USN-3991-3: Firefox regression firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-3991-2 caused a regression in Firefox Software Description firefox – Mozilla Open Source web browser Details USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or [ more… ]

USN-4015-2: DBus vulnerability dbus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary DBus could allow unintended access to services. Software Description dbus – simple interprocess messaging system Details USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM dbus – 1.6.18-0ubuntu4.5+esm1 libdbus-1-3 – 1.6.18-0ubuntu4.5+esm1 Ubuntu 12.04 ESM dbus – 1.4.18-1ubuntu1.9 libdbus-1-3 – 1.4.18-1ubuntu1.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]