ubuntu-usn

USN-3116-1: DBus vulnerabilities Ubuntu Security Notice USN-3116-1 1st November, 2016 dbus vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in DBus. Software description dbus – simple interprocess messaging system Details It was discovered that DBus incorrectly validated the source ofActivationFailure signals. A local attacker could use this issue to cause adenial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu14.04 LTS. (CVE-2015-0245) It was discovered that DBus incorrectly handled certain format strings. Alocal attacker could use this issue to cause a denial of service, orpossibly execute arbitrary code. This issue is only exposed to unprivilegedusers when the fix for CVE-2015-0245 is not applied, hence this issue isonly likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 [ more… ]

USN-3115-1: Django vulnerabilities Ubuntu Security Notice USN-3115-1 1st November, 2016 python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Django. Software description python-django – High-level Python web development framework Details Marti Raudsepp discovered that Django incorrectly used a hardcoded passwordwhen running tests on an Oracle database. A remote attacker could possiblyconnect to the database while the tests are running and prevent the testuser with the hardcoded password from being removed. (CVE-2016-9013) Aymeric Augustin discovered that Django incorrectly validated hosts whenbeing run with the debug setting enabled. A remote attacker could possiblyuse this issue to perform DNS rebinding attacks. (CVE-2016-9014) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python3-django [ more… ]

USN-3112-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3112-1 27th October, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Catalin Dumitru discovered that URLs of resources loaded after anavigation start could be leaked to the following page via the ResourceTiming API. If a user were tricked in to opening a specially craftedwebsite in a browsing context, an attacker could potentially exploit thisto obtain sensitive information. (CVE-2016-5250) Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard,Steve Fink, Tyson Smith, and Carsten Book discovered multiple memorysafety issues in Thunderbird. If a user were tricked in to opening aspecially crafted message, an attacker could potentially exploit these [ more… ]

USN-3111-1: Firefox vulnerabilities Ubuntu Security Notice USN-3111-1 27th October, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Firefox. Software description firefox – Mozilla Open Source web browser Details A use-after-free was discovered in service workers. If a user were trickedin to opening a specially crafted website, an attacker could potentiallyexploit this to cause a denial of service via program crash, or executearbitrary code. (CVE-2016-5287) It was discovered that web content could access information in the HTTPcache in some circumstances. An attacker could potentially exploit thisto obtain sensitive information. (CVE-2016-5288) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: firefox 49.0.2+build2-0ubuntu0.16.10.2 Ubuntu 16.04 LTS: firefox 49.0.2+build2-0ubuntu0.16.04.2 Ubuntu 14.04 [ more… ]

USN-3114-2: nginx regression Ubuntu Security Notice USN-3114-2 27th October, 2016 nginx regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3114-1 introduced a regression in nginx packaging. Software description nginx – small, powerful, scalable web/proxy server Details USN-3114-1 fixed a vulnerability in nginx. A packaging issue preventednginx from being reinstalled or upgraded to a subsequent release. Thisupdate fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: nginx-extras 1.10.1-0ubuntu1.2 nginx-full 1.10.1-0ubuntu1.2 nginx-common 1.10.1-0ubuntu1.2 nginx-light 1.10.1-0ubuntu1.2 nginx-core 1.10.1-0ubuntu1.2 Ubuntu 16.04 LTS: nginx-extras 1.10.0-0ubuntu0.16.04.4 nginx-full 1.10.0-0ubuntu0.16.04.4 nginx-common [ more… ]