Ubuntu

USN-4599-1: Firefox vulnerabilities

20 hours 31 minutes ago
firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description
  • firefox - Mozilla Open Source web browser
Details

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
firefox - 82.0+build2-0ubuntu0.20.10.1
Ubuntu 20.04 LTS
firefox - 82.0+build2-0ubuntu0.20.04.1
Ubuntu 18.04 LTS
firefox - 82.0+build2-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-4601-1: pip vulnerability

1 day 8 hours ago
python-pip vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

pip could be made to overwrite files as the administrator.

Software Description
  • python-pip - Python package installer
Details

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. (CVE-2019-20916)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
python-pip - 9.0.1-2.3~ubuntu1.18.04.4
python3-pip - 9.0.1-2.3~ubuntu1.18.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4600-1: Netty vulnerabilities

1 day 12 hours ago
netty-3.9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Netty could be made to expose sensitive information over the network.

Software Description
  • netty-3.9 - Asynchronous event-driven network application framework
Details

It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libnetty-3.9-java - 3.9.0.Final-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4593-2: FreeType vulnerability

1 day 16 hours ago
freetype vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

FreeType could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description
  • freetype - FreeType 2 is a font engine library
Details

USN-4593-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libfreetype6 - 2.5.2-1ubuntu2.8+esm2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References

USN-4598-1: LibEtPan vulnerability

1 day 17 hours ago
libetpan vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

LibEtPan could be made to expose sensitive information over the network.

Software Description
  • libetpan - Mail Framework for C Language
Details

It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. (CVE-2020-15953)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libetpan-dev - 1.6-1ubuntu0.1
libetpan17 - 1.6-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4597-1: mod_auth_mellon vulnerabilities

1 day 18 hours ago
libapache2-mod-auth-mellon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in mod_auth_mellon.

Software Description
  • libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Details

François Kooman discovered that mod_auth_mellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. (CVE-2017-6807)

It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877)

It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libapache2-mod-auth-mellon - 0.12.0-2+deb9u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4552-2: Pam-python vulnerability

2 days 11 hours ago
pam-python vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Pam-python could be made to crash or run programs as an administrator if certain environment variables are set.

Software Description
  • pam-python - Enables PAM modules to be written in Python
Details

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libpam-python - 1.0.4-1.1+deb8u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4596-1: Tomcat vulnerabilities

2 days 17 hours ago
tomcat9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
Summary

Several security issues were fixed in Tomcat.

Software Description
  • tomcat9 - Apache Tomcat 9 - Servlet and JSP engine
Details

It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. (CVE-2020-11996)

It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. (CVE-2020-13934)

It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-13935)

It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
libtomcat9-embed-java - 9.0.31-1ubuntu0.1
libtomcat9-java - 9.0.31-1ubuntu0.1
tomcat9 - 9.0.31-1ubuntu0.1
tomcat9-common - 9.0.31-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4595-1: Grunt vulnerability

3 days 10 hours ago
grunt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Grunt could be made to run programs if it received specially crafted input.

Software Description
  • grunt - JavaScript task runner/build system/maintainer tool
Details

It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. (CVE-2020-7729)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
grunt - 1.0.1-8ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4594-1: Quassel vulnerabilities

3 days 12 hours ago
quassel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Quassel could be made to crash or run programs if it received specially crafted network traffic.

Software Description
  • quassel - distributed IRC client - monolithic core+client
Details

It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000178)

It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000179)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
quassel - 1:0.12.4-3ubuntu1.18.04.3
quassel-core - 1:0.12.4-3ubuntu1.18.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4587-1: iTALC vulnerabilities

3 days 14 hours ago
italc vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in iTALC.

Software Description
  • italc - didact tool which allows teachers to view and control computer labs
Details

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn’t check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
italc-client - 1:2.0.2+dfsg1-4ubuntu0.1
italc-master - 1:2.0.2+dfsg1-4ubuntu0.1
libitalccore - 1:2.0.2+dfsg1-4ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4586-1: PHP ImageMagick vulnerability

3 days 17 hours ago
php-imagick vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

PHP ImageMagick could be made to crash if it received specially crafted input.

Software Description
  • php-imagick - PHP extension to create and modify images using the ImageMagick API
Details

It was discovered that PHP ImageMagick extension didn’t check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
php-imagick - 3.4.3~rc2-2ubuntu4.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4593-1: FreeType vulnerability

3 days 19 hours ago
freetype vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

FreeType could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description
  • freetype - FreeType 2 is a font engine library
Details

Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
libfreetype6 - 2.10.1-2ubuntu0.1
Ubuntu 18.04 LTS
libfreetype6 - 2.8.1-2ubuntu2.1
Ubuntu 16.04 LTS
libfreetype6 - 2.6.1-0.1ubuntu2.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References

USN-4592-1: Linux kernel vulnerabilities

4 days 7 hours ago
linux-oem-osp1, linux-raspi2-5.3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux-oem-osp1 - Linux kernel for OEM systems
  • linux-raspi2-5.3 - Linux kernel for Raspberry Pi (V8) systems
Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
linux-image-5.0.0-1070-oem-osp1 - 5.0.0-1070.76
linux-image-5.3.0-1036-raspi2 - 5.3.0-1036.38
linux-image-oem-osp1 - 5.0.0.1070.68
linux-image-raspi2-hwe-18.04 - 5.3.0.1036.25

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4591-1: Linux kernel vulnerabilities

4 days 7 hours ago
linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
  • linux-raspi - Linux kernel for Raspberry Pi (V8) systems
  • linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
  • linux-oem - Linux kernel for OEM systems
  • linux-raspi-5.4 - Linux kernel for Raspberry Pi (V8) systems
  • linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors
  • linux-hwe - Linux hardware enablement (HWE) kernel
Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1022-raspi - 5.4.0-1022.25
linux-image-5.4.0-52-generic - 5.4.0-52.57
linux-image-5.4.0-52-generic-lpae - 5.4.0-52.57
linux-image-5.4.0-52-lowlatency - 5.4.0-52.57
linux-image-generic - 5.4.0.52.55
linux-image-generic-hwe-18.04 - 5.4.0.52.55
linux-image-generic-hwe-18.04-edge - 5.4.0.52.55
linux-image-generic-hwe-20.04 - 5.4.0.52.55
linux-image-generic-lpae - 5.4.0.52.55
linux-image-generic-lpae-hwe-18.04 - 5.4.0.52.55
linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.52.55
linux-image-generic-lpae-hwe-20.04 - 5.4.0.52.55
linux-image-lowlatency - 5.4.0.52.55
linux-image-lowlatency-hwe-18.04 - 5.4.0.52.55
linux-image-lowlatency-hwe-18.04-edge - 5.4.0.52.55
linux-image-lowlatency-hwe-20.04 - 5.4.0.52.55
linux-image-oem - 5.4.0.52.55
linux-image-oem-osp1 - 5.4.0.52.55
linux-image-raspi - 5.4.0.1022.57
linux-image-raspi-hwe-18.04 - 5.4.0.1022.57
linux-image-raspi-hwe-18.04-edge - 5.4.0.1022.57
linux-image-raspi2 - 5.4.0.1022.57
linux-image-raspi2-hwe-18.04 - 5.4.0.1022.57
linux-image-raspi2-hwe-18.04-edge - 5.4.0.1022.57
linux-image-virtual - 5.4.0.52.55
linux-image-virtual-hwe-18.04 - 5.4.0.52.55
linux-image-virtual-hwe-18.04-edge - 5.4.0.52.55
linux-image-virtual-hwe-20.04 - 5.4.0.52.55
Ubuntu 18.04 LTS
linux-image-4.15.0-1090-snapdragon - 4.15.0-1090.99
linux-image-4.15.0-1100-oem - 4.15.0-1100.110
linux-image-4.15.0-122-generic - 4.15.0-122.124
linux-image-4.15.0-122-generic-lpae - 4.15.0-122.124
linux-image-4.15.0-122-lowlatency - 4.15.0-122.124
linux-image-5.4.0-1022-raspi - 5.4.0-1022.25~18.04.1
linux-image-5.4.0-52-generic - 5.4.0-52.57~18.04.1
linux-image-5.4.0-52-generic-lpae - 5.4.0-52.57~18.04.1
linux-image-5.4.0-52-lowlatency - 5.4.0-52.57~18.04.1
linux-image-generic - 4.15.0.122.109
linux-image-generic-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-generic-lpae - 4.15.0.122.109
linux-image-generic-lpae-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-lowlatency - 4.15.0.122.109
linux-image-lowlatency-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-oem - 4.15.0.1100.104
linux-image-powerpc-e500mc - 4.15.0.122.109
linux-image-powerpc-smp - 4.15.0.122.109
linux-image-powerpc64-emb - 4.15.0.122.109
linux-image-powerpc64-smp - 4.15.0.122.109
linux-image-raspi-hwe-18.04 - 5.4.0.1022.26
linux-image-snapdragon - 4.15.0.1090.93
linux-image-snapdragon-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-virtual - 4.15.0.122.109
linux-image-virtual-hwe-18.04 - 5.4.0.52.57~18.04.46
Ubuntu 16.04 LTS
linux-image-4.15.0-122-generic - 4.15.0-122.124~16.04.1
linux-image-4.15.0-122-generic-lpae - 4.15.0-122.124~16.04.1
linux-image-4.15.0-122-lowlatency - 4.15.0-122.124~16.04.1
linux-image-generic-hwe-16.04 - 4.15.0.122.122
linux-image-generic-hwe-16.04-edge - 4.15.0.122.122
linux-image-generic-lpae-hwe-16.04 - 4.15.0.122.122
linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.122.122
linux-image-lowlatency-hwe-16.04 - 4.15.0.122.122
linux-image-lowlatency-hwe-16.04-edge - 4.15.0.122.122
linux-image-oem - 4.15.0.122.122
linux-image-virtual-hwe-16.04 - 4.15.0.122.122
linux-image-virtual-hwe-16.04-edge - 4.15.0.122.122

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4588-1: FlightGear vulnerability

4 days 10 hours ago
flightgear vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

FlightGear could be made to crash if it received specially crafted input.

Software Description
  • flightgear - Flight Gear Flight Simulator
Details

It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
flightgear - 3.4.0-3ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4590-1: Collabtive vulnerability

4 days 14 hours ago
collabtive vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Collabtive could be made to run programs if it received specially crafted network traffic from an authenticated user.

Software Description
  • collabtive - Web-based project management software
Details

It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. (CVE-2015-0258)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
collabtive - 2.0+dfsg-6ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4585-1: Newsbeuter vulnerabilities

1 week 1 day ago
newsbeuter vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Newsbeuter could be made to crash or run programs as your login if it opened a malicious file.

Software Description
  • newsbeuter - open-source RSS/Atom feed reader for text terminals
Details

It was discovered that Newsbeuter didn’t handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. (CVE-2017-12904)

It was discovered that Newsbeuter didn’t handle metacharacters in its filename properly. An remote attacker could use it to ran remote code by crafting a special filename. (CVE-2017-14500)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
newsbeuter - 2.9-3ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4546-2: Firefox regressions

1 week 1 day ago
firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

USN-4546-1 caused some minor regressions in Firefox.

Software Description
  • firefox - Mozilla Open Source web browser
Details

USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, spoof the site displayed in the download dialog, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
firefox - 81.0.2+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS
firefox - 81.0.2+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 81.0.2+build1-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-4584-1: HtmlUnit vulnerability

1 week 1 day ago
htmlunit vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

HtmlUnit could be made to crash or run programs as an administrator if it opened a specially crafted file.

Software Description
  • htmlunit - headless web browser written in Java
Details

It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libhtmlunit-java - 2.8-1ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
Checked
3 hours ago
Recent content on Ubuntu security notices
Subscribe to Ubuntu feed
Categrory