ubuntu-usn

USN-3609-1: Firefox vulnerability firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 firefox – 59.0.2+build1-0ubuntu0.17.10.1 Ubuntu 16.04 LTS firefox – 59.0.2+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS firefox – 59.0.2+build1-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to [ more… ]

USN-3608-1: Zsh vulnerabilities zsh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Zsh. Software Description zsh – shell with lots of features Details Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-1071) It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1083) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 zsh – 5.2-5ubuntu1.2 Ubuntu 16.04 LTS zsh – 5.1.1-1ubuntu2.2 Ubuntu 14.04 LTS zsh – 5.0.2-3ubuntu6.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Zsh to make all [ more… ]

USN-3607-1: Screen Resolution Extra vulnerability screen-resolution-extra vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations. Software Description screen-resolution-extra – Extension for the GNOME screen resolution applet Details It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 screen-resolution-extra – 0.17.1.1 Ubuntu 16.04 LTS screen-resolution-extra – 0.17.1.1~16.04.1 Ubuntu 14.04 LTS screen-resolution-extra – 0.17.1.1~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-8885 Source: USN-3607-1: Screen Resolution Extra vulnerability

USN-3606-1: LibTIFF vulnerabilities tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libtiff-tools – 4.0.8-5ubuntu0.1 libtiff5 – 4.0.8-5ubuntu0.1 Ubuntu 16.04 LTS libtiff-tools – 4.0.6-1ubuntu0.4 libtiff5 – 4.0.6-1ubuntu0.4 Ubuntu 14.04 LTS libtiff-tools – 4.0.3-7ubuntu0.9 libtiff5 [ more… ]

USN-3595-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Samba could be made to crash if it received specially crafted input. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM samba – 2:3.6.25-0ubuntu0.12.04.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]