SECURITY

USN-3550-1: ClamAV vulnerabilities Ubuntu Security Notice USN-3550-1 30th January, 2018 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled parsing certain mailmessages. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain PDFfiles. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12376) It was discovered that ClamAV incorrectly handled parsing certain mewpacket files. A remote attacker could use this issue to cause ClamAV tocrash, resulting in a [ more… ]

USN-3529-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3529-1 29th January, 2018 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that a From address encoded with a null character iscut off in the message header display. An attacker could potentiallyexploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feedsin some circumstances. If a user were tricked in to opening a speciallycrafted RSS feed, an attacker could potentially exploit this incombination with another vulnerability, in order to cause unspecifiedproblems. (CVE-2017-7846) It was discovered that the RSS feed can leak local path names. If a userwere tricked [ more… ]