==========================================================================
Ubuntu Security Notice USN-4584-1
October 15, 2020
htmlunit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
HtmlUnit could be made to crash or run programs as an administrator
if it opened a specially crafted file.
Software Description:
– htmlunit: headless web browser written in Java
Details:
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An
attacker could possibly use this issue to execute arbitrary Java code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libhtmlunit-java 2.8-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4584-1
CVE-2020-5529
Package Information:
https://launchpad.net/ubuntu/+source/htmlunit/2.8-1ubuntu2.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+I1b0ACgkQbUp5kL3i
zGZo3w/+MT7mbFyVcRlgW4G/MWLfxrz4XvJCknwOWBC7eqsq+xTTf6bSB9Xzyo/j
rEMu2d2LXMswcRZQSC9RA+e6W+/KdV/dCyzSVu7kvZoYwMtQA5FZFsCYNac+E9NA
nqJjsz3bD+DKsIhhx2vL/nc0EFFzyh7PPFNQGcdVjV97S05r8IyMwoR3N4BvQFnL
0MNdoJQGp53gMLgUYhw05Bw/Vrl5HCaTp0AOSmP+DFrBV6jsVa5An4V76ywuzhwN
HgXEelJhgBmdb6W33SA+e+5DQrQ0oBDgX1xhe4w4GtpwVGeS+kEUAORJD+T6oeNF
fXvv+iVpNqnAE8uQpkK/b+bLHc2N8vVa7zmbQGVUf6UYMJx9lTMG/v84JyLXERNO
T57QHQzyWv7XVHdiIvy72ioJSu4BmIky8/I2zDD2MdHC/pxhdYYh+5jurJSmGbJ8
rTZ70EIRwVeqBxWTLAU6Sl/h2ERQiHPp4A2QmnSfmJb/esYT6TgeaoAXHWZXgAKJ
/TQz8k9SV9MydIDRSNvK2qdD+Sd5ZZnjLUsZV1h3uVJRATRq4/ObQC8RdYTwqdJx
cAp7b3d+KvZTcQ3hRIeIVONTVdCdYRrIBzJ/r1SG8N1GP/oLMr+a2P3bnKewe3zb
cLcA1EfhSg9u9uWt4Qt8qBClRkaADQwLxgvSiYatlP1hBGjmeIA=
=wiL6
—–END PGP SIGNATURE—–
—