ubuntu-usn

USN-3898-2: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary NSS could be made to crash if it received specially crafted network traffic. Software Description nss – Network Security Service library Details USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libnss3 – 2:3.28.4-0ubuntu0.12.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications that use NSS, such as [ more… ]

USN-3899-1: OpenSSL vulnerability openssl, openssl1.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary OpenSSL could be made to expose sensitive information over the network. Software Description openssl1.0 – Secure Socket Layer (SSL) cryptographic library and tools openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libssl1.0.0 – 1.0.2n-1ubuntu6.2 Ubuntu 18.04 LTS libssl1.0.0 – 1.0.2n-1ubuntu5.3 Ubuntu 16.04 LTS libssl1.0.0 – 1.0.2g-1ubuntu4.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]

USN-3898-1: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary NSS could be made to crash if it received specially crafted network traffic. Software Description nss – Network Security Service library Details Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libnss3 – 2:3.36.1-1ubuntu1.2 Ubuntu 18.04 LTS libnss3 – 2:3.35-2ubuntu2.2 Ubuntu 16.04 LTS libnss3 – 2:3.28.4-0ubuntu0.16.04.5 Ubuntu 14.04 LTS libnss3 – 2:3.28.4-0ubuntu0.14.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any [ more… ]

USN-3897-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing [ more… ]

USN-3896-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 firefox – 65.0.1+build2-0ubuntu0.18.10.1 Ubuntu 18.04 LTS firefox – 65.0.1+build2-0ubuntu0.18.04.1 Ubuntu 16.04 LTS firefox – 65.0.1+build2-0ubuntu0.16.04.1 Ubuntu 14.04 LTS firefox – 65.0.1+build2-0ubuntu0.14.04.1 To update your system, please follow [ more… ]