[USN-7190-1] Tinyproxy vulnerability
[USN-7191-1] Firefox vulnerabilities
[USN-7190-1] Tinyproxy vulnerability
==========================================================================
Ubuntu Security Notice USN-7190-1
January 08, 2025
tinyproxy vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Tinyproxy could be made to crash or run programs if it received specially
crafted input.
Software Description:
- tinyproxy: Lightweight, non-caching, optionally anonymizing HTTP proxy
Details:
It was discovered that Tinyproxy did not properly manage memory during the
parsing of HTTP connection headers. An attacker could use this issue to
cause a DoS or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
tinyproxy 1.11.1-3ubuntu0.1
tinyproxy-bin 1.11.1-3ubuntu0.1
Ubuntu 22.04 LTS
tinyproxy 1.11.0-1ubuntu0.1~esm2
Available with Ubuntu Pro
tinyproxy-bin 1.11.0-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
tinyproxy 1.10.0-4ubuntu0.2
tinyproxy-bin 1.10.0-4ubuntu0.2
Ubuntu 18.04 LTS
tinyproxy 1.8.4-5ubuntu0.1~esm3
Available with Ubuntu Pro
tinyproxy-bin 1.8.4-5ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
tinyproxy 1.8.3-3ubuntu16.04.1~esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
tinyproxy 1.8.3-3ubuntu14.04.1~esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7190-1
CVE-2023-49606
Package Information:
https://launchpad.net/ubuntu/+source/tinyproxy/1.11.1-3ubuntu0.1
https://launchpad.net/ubuntu/+source/tinyproxy/1.10.0-4ubuntu0.2
[USN-7191-1] Firefox vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7191-1
January 09, 2025
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2025-0237,
CVE-2025-0239, CVE-2025-0240, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247)
Irvan Kurniawan discovered that Firefox incorrectly handled memory when
breaking lines in text, leading to a use-after-free vulnerability. An
attacker could possibly use this issue to cause a denial of service or
possibly execute arbitrary code. (CVE-2025-0238)
Nils Bars discovered that Firefox incorrectly handled memory when using
JavaScript Text Segmentation. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-0241)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
firefox 134.0+build1-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-7191-1
CVE-2025-0237, CVE-2025-0238, CVE-2025-0239, CVE-2025-0240,
CVE-2025-0241, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247
Package Information:
https://launchpad.net/ubuntu/+source/firefox/134.0+build1-0ubuntu0.20.04.1
