ubuntu-usn

USN-4278-2: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS firefox – 73.0.1+build1-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-4292-1: rsync vulnerabilities rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in rsync. Software Description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that rsync incorrectly handled vectors involving big-endian CRC calculation in zlib. An attacker could use this issue to cause rsync to [ more… ]

USN-4291-1: mod-auth-mellon vulnerability libapache2-mod-auth-mellon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary libapache2-mod-auth-mellon could be made to redirect users to malicious sites. Software Description libapache2-mod-auth-mellon – SAML 2.0 authentication module for Apache Details It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libapache2-mod-auth-mellon – 0.14.2-1ubuntu1.19.10.1 Ubuntu 18.04 LTS libapache2-mod-auth-mellon – 0.13.1-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13038 Source: USN-4291-1: mod-auth-mellon vulnerability

USN-4290-1: libpam-radius-auth vulnerability libpam-radius-auth vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libpam-radius-auth could be made to crash if it received specially crafted network traffic. Software Description libpam-radius-auth – The PAM RADIUS authentication module Details It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libpam-radius-auth – 1.3.17-0ubuntu5.19.10.1 Ubuntu 18.04 LTS libpam-radius-auth – 1.3.17-0ubuntu5.18.04.1 Ubuntu 16.04 LTS libpam-radius-auth – 1.3.17-0ubuntu4.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-9542 Source: USN-4290-1: libpam-radius-auth vulnerability

USN-4289-1: Squid vulnerabilities squid, squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Squid. Software Description squid – Web proxy cache server squid3 – Web proxy cache server Details Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server reources prohibited by earlier security filters. (CVE-2020-8449) Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, [ more… ]