ubuntu-usn

USN-3435-2: Firefox regression Ubuntu Security Notice USN-3435-2 4th October, 2017 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3435-1 caused a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flashplugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, [ more… ]

USN-3437-1: OCaml vulnerability Ubuntu Security Notice USN-3437-1 3rd October, 2017 ocaml vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary OCaml applications could be made to crash, expose sensitive information, or run programs. Software description ocaml – ML language implementation with a class-based object system Details Radek Micek discovered that OCaml incorrectly handled sign extensions. Aremote attacker could use this issue to cause applications using OCaml tocrash, to possibly obtain sensitive information, or to possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: ocaml 4.01.0-3ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8869 Source: USN-3437-1: OCaml vulnerability

USN-3430-2: Dnsmasq vulnerabilities Ubuntu Security Notice USN-3430-2 3rd October, 2017 dnsmasq vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Dnsmasq. Software description dnsmasq – Small caching DNS proxy and DHCP/TFTP server Details USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of [ more… ]

USN-3435-1: Firefox vulnerabilities Ubuntu Security Notice USN-3435-1 2nd October, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, obtain sensitiveinformation, bypass phishing and malware protection, spoof the origin inmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denialof service via application crash, or execute arbitrary code.(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812,CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819,CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could potentially exploit this [ more… ]

USN-3434-1: Libidn vulnerability Ubuntu Security Notice USN-3434-1 2nd October, 2017 libidn vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libidn could be made to crash or run programs if it processed specially crafted input. Software description libidn – implementation of IETF IDN specifications Details It was discovered that Libidn incorrectly handled decoding certain digits.A remote attacker could use this issue to cause Libidn to crash, resultingin a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libidn11 1.33-1ubuntu0.1 Ubuntu 16.04 LTS: libidn11 1.32-3ubuntu1.2 Ubuntu 14.04 LTS: libidn11 1.28-1ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]