지락문화예술공작단

USN-2936-1: Firefox vulnerabilities Ubuntu Security Notice USN-2936-1 27th April, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,Andrew McCreight, and Steve Fink discovered multiple memory safety issuesin Firefox. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit these to cause a denial ofservice via application crash, or execute arbitrary code with theprivileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,CVE-2016-2807) An invalid write was discovered when using the JavaScript .watch() [ more… ]

USN-2952-2: PHP regression Ubuntu Security Notice USN-2952-2 27th April, 2016 php5 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary USN-2952-1 caused a regression in PHP. Software description php5 – HTML-embedded scripting language interpreter Details USN-2952-1 fixed vulnerabilities in PHP. One of the backported patchescaused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8835, CVE-2016-3185) It was discovered [ more… ]