Ubuntu Update For Horizon USN-1439-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1439-1

Solution

Please Install the Updated Packages.

Insight

Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refrash mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. (CVE-2012-2094) Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. (CVE-2012-2144)

Affected

horizon on Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2012-2094, CVE-2012-2144

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for cups USN-2341-1
Ubuntu Update for dnsmasq vulnerability USN-627-1
Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for boost1.49 USN-1727-1
Ubuntu Update for apache2 USN-1765-1

Ubuntu Update for horizon USN-1439-1

Take action and discover your vulnerabilities