ubuntu-usn

USN-2973-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-2973-1 18th May, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Christian Holler, Tyson Smith, and Phil Ringalda discovered multiplememory safety issues in Thunderbird. If a user were tricked in to openinga specially crafted message, an attacker could potentially exploit theseto cause a denial of service via application crash, or execute arbitrarycode. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSSproduce incorrect results in some circumstances, resulting incryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange inNSS. A remote attacker could potentially exploit this to cause a denial ofservice via application crash, or [ more… ]

USN-2960-1: Oxide vulnerabilities Ubuntu Security Notice USN-2960-1 18th May, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details An out of bounds write was discovered in Blink. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit this to cause a denial of service via renderer crash, or executearbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame which passes same-originchecks is local in some cases. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tocause a denial of service via renderer crash, or execute arbitrary code.(CVE-2016-1661) A use-after-free was discovered in [ more… ]

USN-2936-3: Firefox regression Ubuntu Security Notice USN-2936-3 18th May, 2016 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2936-1 introduced a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issuewhere a device update POST request was sent every time about:preferences#syncwas shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of [ more… ]

USN-2950-4: Samba regressions Ubuntu Security Notice USN-2950-4 18th May, 2016 samba regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-2950-1 introduced regressions in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introducedin Ubuntu 12.04 LTS caused interoperability issues. This update fixescompatibility with certain NAS devices, and allows connecting to Samba 3.6servers by relaxing the "client ipc signing" parameter to "auto". We apologize for the inconvenience. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws [ more… ]

USN-2983-1: Expat vulnerability Ubuntu Security Notice USN-2983-1 18th May, 2016 expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Expat could be made to crash or run programs as your login if it opened a specially crafted file. Software description expat – XML parsing C library Details Gustavo Grieco discovered that Expat incorrectly handled malformed XMLdata. If a user or application linked against Expat were tricked intoopening a crafted XML file, an attacker could cause a denial of service, orpossibly execute arbitrary code. (CVE-2016-0718) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libexpat1 2.1.0-7ubuntu0.16.04.1 lib64expat1 2.1.0-7ubuntu0.16.04.1 Ubuntu 15.10: libexpat1 2.1.0-7ubuntu0.15.10.1 lib64expat1 2.1.0-7ubuntu0.15.10.1 Ubuntu 14.04 LTS: libexpat1 2.1.0-4ubuntu1.2 lib64expat1 2.1.0-4ubuntu1.2 Ubuntu 12.04 LTS: libexpat1 [ more… ]