SECURITY

USN-3430-2: Dnsmasq vulnerabilities Ubuntu Security Notice USN-3430-2 3rd October, 2017 dnsmasq vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Dnsmasq. Software description dnsmasq – Small caching DNS proxy and DHCP/TFTP server Details USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of [ more… ]

USN-3435-1: Firefox vulnerabilities Ubuntu Security Notice USN-3435-1 2nd October, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, obtain sensitiveinformation, bypass phishing and malware protection, spoof the origin inmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denialof service via application crash, or execute arbitrary code.(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812,CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819,CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could potentially exploit this [ more… ]

USN-3434-1: Libidn vulnerability Ubuntu Security Notice USN-3434-1 2nd October, 2017 libidn vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libidn could be made to crash or run programs if it processed specially crafted input. Software description libidn – implementation of IETF IDN specifications Details It was discovered that Libidn incorrectly handled decoding certain digits.A remote attacker could use this issue to cause Libidn to crash, resultingin a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libidn11 1.33-1ubuntu0.1 Ubuntu 16.04 LTS: libidn11 1.32-3ubuntu1.2 Ubuntu 14.04 LTS: libidn11 1.28-1ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]