SECURITY

USN-3480-3: Apport regression Ubuntu Security Notice USN-3480-3 3rd January, 2018 apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary USN-3480-2 introduced regressions in Apport. Software description apport – automatically generate crash reports for debugging Details USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource [ more… ]

USN-3514-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3514-1 3rd January, 2018 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.10.1 Ubuntu 17.04: libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3477-4: Firefox regression Ubuntu Security Notice USN-3477-4 3rd January, 2018 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3477-1 caused a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3477-1 fixed vulnerabilities in Firefox. The update introduced acrash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. [ more… ]