지락문화예술공작단

USN-4045-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. (CVE-2019-11707) It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. (CVE-2019-11708) Update instructions The problem can be corrected by updating your system to the following package versions: [ more… ]

USN-4044-1: ZNC vulnerability znc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary znc could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description znc – advanced modular IRC bouncer Details Fix vulnerability where an authenticated non-admin users could load a module with a crafted name, then escalate privileges and run arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 znc – 1.7.2-2ubuntu0.1 Ubuntu 18.10 znc – 1.7.1-2ubuntu0.2 Ubuntu 18.04 LTS znc – 1.6.6-1ubuntu0.2 Ubuntu 16.04 LTS znc – 1.6.3-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart znc to make all the necessary changes. [ more… ]