No Image

USN-2917-1: Firefox vulnerabilities

2016-03-10 KENNETH 0

USN-2917-1: Firefox vulnerabilities Ubuntu Security Notice USN-2917-1 9th March, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, DanielHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiplememory safety issues in Firefox. If a user were [ more… ]

No Image

USN-2923-1: BeanShell vulnerability

2016-03-08 KENNETH 0

USN-2923-1: BeanShell vulnerability Ubuntu Security Notice USN-2923-1 8th March, 2016 bsh vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary BeanShell could be made to run programs if it processed specially crafted input. Software description bsh – Java scripting environment Details Alvaro Muñoz and Christian Schneider discovered that BeanShell incorrectlyhandled deserialization. A remote attacker could possibly use this issueto execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libbsh-java 2.0b4-15ubuntu0.15.10.1 bsh 2.0b4-15ubuntu0.15.10.1 Ubuntu 14.04 LTS: libbsh-java 2.0b4-15ubuntu0.14.04.1 bsh 2.0b4-15ubuntu0.14.04.1 Ubuntu 12.04 LTS: bsh 2.0b4-12ubuntu0.1 bsh-gcj 2.0b4-12ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-2510 Source: USN-2923-1: BeanShell vulnerability

No Image

USN-2922-1: Samba vulnerabilities

2016-03-08 KENNETH 0

USN-2922-1: Samba vulnerabilities Ubuntu Security Notice USN-2922-1 8th March, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Jeremy Allison discovered that Samba incorrectly handled ACLs on symlinkpaths. A remote attacker could use this issue to overwrite the ownership ofACLs using symlinks. (CVE-2015-7560) Garming Sam and Douglas Bagnall discovered that the Samba internal DNSserver incorrectly handled certain DNS TXT records. A remote attacker coulduse this issue to cause Samba to crash, resulting in a denial of service,or possibly obtain uninitialized memory contents. This issue only appliedto Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771) It was discovered that the Samba Web Administration Tool (SWAT) wasvulnerable to clickjacking [ more… ]

No Image

USN-2904-1: Thunderbird vulnerabilities

2016-03-08 KENNETH 0

USN-2904-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-2904-1 8th March, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain malformedfonts. If a user were tricked into opening a specially crafted website in abrowsing context, an attacker could potentially exploit this to cause adenial of service via application crash, or execute arbitary code with theprivileges of the user invoking Thunderbird. (CVE-2016-1523) Bob Clary, Christian Holler, [ more… ]

No Image

USN-2915-3: Django regression

2016-03-08 KENNETH 0

USN-2915-3: Django regression Ubuntu Security Notice USN-2915-3 7th March, 2016 python-django regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary USN-2915-1 introduced a regression in Django. Software description python-django – High-level Python web development framework Details USN-2915-1 fixed vulnerabilities in Django. The upstream fix forCVE-2016-2512 introduced a regression for certain applications. This updatefixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. (CVE-2016-2513) Update instructions The problem can be [ more… ]