SECURITY

USN-3482-1: ipsec-tools vulnerability Ubuntu Security Notice USN-3482-1 16th November, 2017 ipsec-tools vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary ipsec-tools could be made to crash if it received specially crafted network traffic. Software description ipsec-tools – IPsec tools for Linux Details It was discovered that racoon, the ipsec-tools IKE daemon, incorrectlyhandled certain ISAKMP fragments. A remote attacker could use this issue tocause racoon to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: racoon 1:0.8.0-9ubuntu1.2 ipsec-tools 1:0.8.0-9ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-10396 Source: USN-3482-1: ipsec-tools vulnerability

USN-3477-1: Firefox vulnerabilities Ubuntu Security Notice USN-3477-1 16th November, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, read uninitializedmemory, obtain sensitive information, bypass same-origin restrictions,bypass CSP protections, bypass mixed content blocking, spoof theaddressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827,CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833,CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbarwould be executed instead of being blocked in some [ more… ]

USN-3481-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3481-1 16th November, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1 Ubuntu 17.04: libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]