-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUIxwSAAoJEGEfvezVlG4PzKUH/jjyFb3OoyR3W9LrjAKQpdwP
0KQUVon0Ye0dkKbQtYpwgb0P2uQPs8jPpWxm+lMe8NJwQgOJvecS3YRAZE7Ez+lf
nPJBEmY2u4XidVRv6A+GpOWp67GEN+fFmlFp1LdIhfb5l8r33A4hz5gMzU2FIFwr
RxVj+MXHHWsxlR1cP/Pl6q4dVioIVWdIL2xd3SKOLGYmNYwvh7GcBI8rktiv2e8U
ywtS/+p05a0S57DOe0t2CG0MWDgeEF9D06iahU90hYk5E/TRVED1i8TM39LDsiKc
IxEhkQPDZrd0rh2oGTxas/mzT1yEKVc0l/xQAA54Xj2kk7wc+Cz51sS39y4o3Cc=
=GkKy
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2360-1
September 24, 2014
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
firefox 32.0.3+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 32.0.3+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2360-1
CVE-2014-1568
Package Information:
https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.12.04.1
No comments:
Post a Comment