Ubuntu Update For Horizon USN-1439-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1439-1

Solution

Please Install the Updated Packages.

Insight

Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refrash mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. (CVE-2012-2094) Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. (CVE-2012-2144)

Affected

horizon on Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2012-2094, CVE-2012-2144
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for apache2 USN-1765-1
Ubuntu Update for dbus USN-1576-1
Ubuntu Update for clamav USN-1482-1
Ubuntu Update for acpi-support USN-2297-1
Ubuntu Update for commons-daemon USN-1298-1

Ubuntu Update for horizon USN-1439-1

Take action and discover your vulnerabilities