SECURITY

USN-3801-2: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3801-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a [ more… ]

USN-3825-2: mod_perl vulnerability libapache2-mod-perl2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary mod_perl could be made to run programs contrary to expectations. Software Description libapache2-mod-perl2 – Integration of perl with the Apache2 web server Details USN-3825-1 fixed a vulnerability in mod_perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libapache2-mod-perl2 – 2.0.5-5ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3825-1 [ more… ]

USN-3825-1: mod_perl vulnerability libapache2-mod-perl2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary mod_perl could be made to run programs contrary to expectations. Software Description libapache2-mod-perl2 – Integration of perl with the Apache2 web server Details Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libapache2-mod-perl2 – 2.0.10-2ubuntu3.18.10.1 Ubuntu 18.04 LTS libapache2-mod-perl2 – 2.0.10-2ubuntu3.18.04.1 Ubuntu 16.04 LTS libapache2-mod-perl2 – 2.0.9-4ubuntu1.2 Ubuntu 14.04 LTS libapache2-mod-perl2 – 2.0.8+httpd24-r1449661-6ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]