ubuntu-security-announce Digest, Vol 115, Issue 13

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-2184-1] Unity vulnerabilities (Marc Deslauriers)
2. [USN-2185-1] Firefox vulnerabilities (Chris Coulson)


----------------------------------------------------------------------

Message: 1
Date: Tue, 29 Apr 2014 08:14:25 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com, Ubuntu Security
<security@ubuntu.com>
Subject: [USN-2184-1] Unity vulnerabilities
Message-ID: <535F97A1.50609@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-2184-1
April 29, 2014

unity vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The Unity lock screen could be bypassed.

Software Description:
- unity: Interface designed for efficiency of space and interaction.

Details:

Fr?d?ric Bardy discovered that Unity incorrectly filtered keyboard
shortcuts when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.

Giovanni Mellini discovered that Unity could display the Dash in certain
conditions when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
unity 7.2.0+14.04.20140423-0ubuntu1.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2184-1
https://launchpad.net/bugs/1308850, https://launchpad.net/bugs/1313885

Package Information:
https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu1.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140429/31b0f978/attachment-0001.pgp>

------------------------------

Message: 2
Date: Tue, 29 Apr 2014 20:44:31 +0100
From: Chris Coulson <chris.coulson@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-2185-1] Firefox vulnerabilities
Message-ID: <5360011F.1050403@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-2185-1
April 29, 2014

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij,
Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir
Vukicevic and Christian Holler discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519)

An out of bounds read was discovered in Web Audio. An attacker could
potentially exploit this cause a denial of service via application crash
or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-1522)

Abhishek Arya discovered an out of bounds read when decoding JPG images.
An attacker could potentially exploit this to cause a denial of service
via application crash. (CVE-2014-1523)

Abhishek Arya discovered a buffer overflow when a script uses a non-XBL
object as an XBL object. An attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1524)

Abhishek Arya discovered a use-after-free in the Text Track Manager when
processing HTML video. An attacker could potentially exploit this to cause
a denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2014-1525)

Jukka Jyl?nki discovered an out-of-bounds write in Cairo when working
with canvas in some circumstances. An attacker could potentially exploit
this to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1528)

Mariusz Mlynski discovered that sites with notification permissions can
run script in a privileged context in some circumstances. An attacker
could exploit this to execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1529)

It was discovered that browser history navigations could be used to load
a site with the addressbar displaying the wrong address. An attacker could
potentially exploit this to conduct cross-site scripting or phishing
attacks. (CVE-2014-1530)

A use-after-free was discovered when resizing images in some
circumstances. An attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2014-1531)

Christian Heimes discovered that NSS did not handle IDNA domain prefixes
correctly for wildcard certificates. An attacker could potentially exploit
this by using a specially crafted certificate to conduct a man-in-the-middle
attack. (CVE-2014-1492)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during
host resolution in some circumstances. An attacker could potentially
exploit this to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1532)

Boris Zbarsky discovered that the debugger bypassed XrayWrappers for some
objects. If a user were tricked in to opening a specially crafted website
whilst using the debugger, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1526)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
firefox 29.0+build1-0ubuntu0.14.04.2

Ubuntu 13.10:
firefox 29.0+build1-0ubuntu0.13.10.3

Ubuntu 12.10:
firefox 29.0+build1-0ubuntu0.12.10.3

Ubuntu 12.04 LTS:
firefox 29.0+build1-0ubuntu0.12.04.2

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2185-1
CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1522,
CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526,
CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531,
CVE-2014-1532, https://launchpad.net/bugs/1313464

Package Information:
https://launchpad.net/ubuntu/+source/firefox/29.0+build1-0ubuntu0.14.04.2
https://launchpad.net/ubuntu/+source/firefox/29.0+build1-0ubuntu0.13.10.3
https://launchpad.net/ubuntu/+source/firefox/29.0+build1-0ubuntu0.12.10.3
https://launchpad.net/ubuntu/+source/firefox/29.0+build1-0ubuntu0.12.04.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140429/202ced2f/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 115, Issue 13
*********************************************************