ubuntu-usn

USN-3180-1: Oxide vulnerabilities Ubuntu Security Notice USN-3180-1 8th February, 2017 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple vulnerabilities were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,read uninitialized memory, obtain sensitive information, spoof thewebview URL or other UI components, bypass same origin restrictions orother security restrictions, cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2017-5006, CVE-2017-5007,CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012,CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023,CVE-2017-5024, CVE-2017-5025, CVE-2017-5026) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: liboxideqtcore0 [ more… ]

USN-3175-2: Firefox regression Ubuntu Security Notice USN-3175-2 6th February, 2017 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3175-1 introduced a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3175-1 fixed vulnerabilities in Firefox. The update caused aregression on systems where the AppArmor profile for Firefox is set toenforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If [ more… ]

USN-3192-1: Squid vulnerabilities Ubuntu Security Notice USN-3192-1 6th February, 2017 squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Squid could be made to expose sensitive information over the network. Software description squid3 – Web proxy cache server Details Saulius Lapinskas discovered that Squid incorrectly handled processingHTTP conditional requests. A remote attacker could possibly use this issueto obtain sensitive information related to other clients' browsingsessions. (CVE-2016-10002) Felix Hassert discovered that Squid incorrectly handled certain HTTPRequest headers when using the Collapsed Forwarding feature. A remoteattacker could possibly use this issue to obtain sensitive informationrelated to other clients' browsing sessions. This issue only applied toUbuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-3191-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3191-1 6th February, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libwebkit2gtk-4.0-37 2.14.3-0ubuntu0.16.10.1 libjavascriptcoregtk-4.0-18 2.14.3-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.14.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.14.3-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3193-1: Nettle vulnerability Ubuntu Security Notice USN-3193-1 6th February, 2017 nettle vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Nettle could be made to expose sensitive information over the network. Software description nettle – low level cryptographic library (public-key cryptos) Details It was discovered that Nettle incorrectly mitigated certain timingside-channel attacks. A remote attacker could possibly use this flaw torecover private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libnettle6 3.2-1ubuntu0.16.10.1 Ubuntu 16.04 LTS: libnettle6 3.2-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: libnettle4 2.7.1-1ubuntu0.2 Ubuntu 12.04 LTS: libnettle4 2.4-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-6489 Source: USN-3193-1: Nettle vulnerability