ubuntu-usn

Ubuntu security notices

No Image

USN-4421-1: Thunderbird vulnerabilities

2020-07-09 KENNETH 0

USN-4421-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420) It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. (CVE-2020-12398) It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399) It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This [ more… ]

No Image

USN-4420-1: Cinder and os-brick vulnerability

2020-07-07 KENNETH 0

USN-4420-1: Cinder and os-brick vulnerability David Hill and Eric Harney discovered that Cinder and os-brick incorrectly handled ScaleIO backend credentials. An attacker could possibly use this issue to expose sensitive information. Source: USN-4420-1: Cinder and os-brick vulnerability

No Image

USN-4417-2: NSS vulnerability

2020-07-07 KENNETH 0

USN-4417-2: NSS vulnerability USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Source: USN-4417-2: NSS vulnerability

No Image

USN-4418-1: OpenEXR vulnerabilities

2020-07-06 KENNETH 0

USN-4418-1: OpenEXR vulnerabilities It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Source: USN-4418-1: OpenEXR vulnerabilities

No Image

USN-4417-1: NSS vulnerability

2020-07-06 KENNETH 0

USN-4417-1: NSS vulnerability Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Source: USN-4417-1: NSS vulnerability