지락문화예술공작단

USN-2995-1: Squid vulnerabilities Ubuntu Security Notice USN-2995-1 9th June, 2016 squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Squid. Software description squid3 – Web proxy cache server Details Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly causeSquid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectlyhandled certain crafted data. A remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-4051) It was discovered that Squid incorrectly handled certain Edge Side Includes(ESI) responses. A remote [ more… ]

USN-2993-1: Firefox vulnerabilities Ubuntu Security Notice USN-2993-1 9th June, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, ChristophDiehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawadiscovered multiple memory safety issues in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818) A buffer overflow was discovered when parsing HTML5 fragments in somecircumstances. If a [ more… ]