Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorydenial of servicecritical issueUbuntu 15.04: USN-2743-3 Critical: Unity Firefox Integration Issues
This update provides compatible packages for Firefox 41. =========================================================================Ubuntu Security Notice USN-2743-3 September 24, 2015 unity-firefox-extension, webapps-greasemonkey, webaccounts-browser-extension update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS Summary: This update provides compatible packages for Firefox 41 Software Description: - unity-firefox-extension: Unity Integration for Firefox - webaccounts-browser-extension: Ubuntu Online Accounts extension for chromium - webapps-greasemonkey: Firefox extension: Website Integration Details: USN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be signed and unity-firefox-extension, webapps-greasemonkey and webaccounts-browser-extension will not go through the signing process. Because these addons currently break search engine installations (LP: #1069793), this update permanently disables the addons by removing them from the system. We apologize for any inconvenience. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) André Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Gröbert discovered an out-of-bounds read in the QCMS color management library insome circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: xul-ext-unity 3.0.0+14.04.20140416-0ubuntu1.15.04.1 xul-ext-webaccounts 0.5-0ubuntu4.15.04.1 xul-ext-websites-integration 2.3.6+14.10.20140701-0ubuntu1.15.04.1 Ubuntu 14.04 LTS: xul-ext-unity 3.0.0+14.04.20140416-0ubuntu1.14.04.1 xul-ext-webaccounts 0.5-0ubuntu2.14.04.1 xul-ext-websites-integration 2.3.6+13.10.20130920.1-0ubuntu1.2 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2743-3 https://ubuntu.com/security/notices/USN-2743-1 https://bugs.launchpad.net/ubuntu/+source/unity-firefox-extension/+bug/1069793, https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1498681 Package Information: https://launchpad.net/ubuntu/+source/unity-firefox-extension/3.0.0+14.04.20140416-0ubuntu1.15.04.1 https://launchpad.net/ubuntu/+source/webaccounts-browser-extension/0.5-0ubuntu4.15.04.1 https://launchpad.net/ubuntu/+source/webapps-greasemonkey/2.3.6+14.10.20140701-0ubuntu1.15.04.1 https://launchpad.net/ubuntu/+source/unity-firefox-extension/3.0.0+14.04.20140416-0ubuntu1.14.04.1 https://launchpad.net/ubuntu/+source/webaccounts-browser-extension/0.5-0ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/webapps-greasemonkey/2.3.6+13.10.20130920.1-0ubuntu1.2 . =========================================================================Ubuntu Security Notice USN-. update, provides, compatible, packages, firefox, ============================================. . Severity: Critical. LinuxSecurity.com Team
Sep 24, 2015
•Critical
Ubuntu
172
security advisorymoderatelocal accessUbuntu 14.04 LTS: USN-2303-1 Moderate: Unity Lock Screen Bypass
The Unity lock screen could possibly be bypassed in certain circumstances.. =========================================================================Ubuntu Security Notice USN-2303-1 July 31, 2014 unity vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: The Unity lock screen could possibly be bypassed in certain circumstances. Software Description: - unity: Interface designed for efficiency of space and interaction. Details: It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: unity 7.2.2+14.04.20140714-0ubuntu1.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2303-1 https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1349128 Package Information: https://launchpad.net/ubuntu/+source/unity/7.2.2+14.04.20140714-0ubuntu1.1 . A security flaw in the Unity lock screen on Ubuntu 14.04 LTS permits local users to circumvent protective mechanisms.. Ubuntu Security Notice, Unity Lock Screen Bypass, Local Access Threat. . LinuxSecurity.com Team
Jul 31, 2014
Ubuntu
172
security advisorycriticalsoftware updateUbuntu 14.04 LTS USN-2184-2 Critical: Unity Lock Screen Bypass Threat
The Unity lock screen could be bypassed.. =========================================================================Ubuntu Security Notice USN-2184-2 April 30, 2014 unity vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: The Unity lock screen could be bypassed. Software Description: - unity: Interface designed for efficiency of space and interaction. Details: USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. We apologize for the inconvenience. Original advisory details: Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: unity 7.2.0+14.04.20140423-0ubuntu1.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2184-2 https://ubuntu.com/security/notices/USN-2184-1 https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1314247 Package Information: https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu1.2 . Critical issues with Unity's lock screen in Ubuntu 14.04 LTS necessitate immediate action and updates to safeguard the system's integrity.. Unity Vulnerabilities, Ubuntu 14.04, Software Update, Lock Screen Bypass, Local AttackRisk. . Severity: Critical. LinuxSecurity.com Team
Apr 30, 2014
•Critical
Ubuntu
172
security advisoryUbuntumoderate severityUbuntu: USN-2184-1 Moderate: Unity Lock Screen Bypass Security Advisory
The Unity lock screen could be bypassed.. =========================================================================Ubuntu Security Notice USN-2184-1 April 29, 2014 unity vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: The Unity lock screen could be bypassed. Software Description: - unity: Interface designed for efficiency of space and interaction. Details: Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: unity 7.2.0+14.04.20140423-0ubuntu1.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2184-1 https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308850, https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885 Package Information: https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu1.1 . The security flaw in the Unity lock screen can be exploited by unauthorized users to gain access to locked sessions. Ensure you update your Ubuntu 14.04 LTS to mitigate this risk.. Ubuntu Security Advisory, Unity Lock Screen, Local Attack Prevention. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2014
•Important
Ubuntu
172
security advisorymoderatesystem updateUbuntu 12.04 LTS: USN-1463-2 Moderate: Unity 2D Firefox Menu Issue
Popup menus were not working in Firefox under Unity 2D.. =========================================================================Ubuntu Security Notice USN-1463-2 June 15, 2012 unity-2d update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 Summary: Popup menus were not working in Firefox under Unity 2D. Software Description: - unity-2d: Unity interface for non-accelerated graphics cards Details: USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: unity-2d-panel 5.12.0-0ubuntu1.1 Ubuntu 11.10: unity-2d-panel 4.12.0-0ubuntu1.2 Ubuntu 11.04: unity-2d-panel 3.8.4.1-0ubuntu1.1 After a standard system update you need to restart your Unity 2D session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1463-2 https://ubuntu.com/security/notices/USN-1463-1 https://bugs.launchpad.net/ubuntu/+source/unity-2d/+bug/1010466 Package Information: https://launchpad.net/ubuntu/+source/unity-2d/5.12.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/unity-2d/4.12.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/unity-2d/3.8.4.1-0ubuntu1.1 . Unity 2D upgrade fixes contextual menu glitch in Firefox across multiple Ubuntu iterations effortlessly.. Unity2D Fix, Firefox Bug, Ubuntu Update, Security Notice. . Severity: Important. LinuxSecurity.com Team
Jun 15, 2012
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!