Ubuntu alert USN-4584-1 (htmlunit)

From:
               Paulo Flabiano Smorigo <pfsmorigo@canonical.com> 
To:
               ubuntu-security-announce@lists.ubuntu.com 
Subject:
               [USN-4584-1] HtmlUnit vulnerability 
Date:
               Thu, 15 Oct 2020 20:05:41 -0300
Message-ID:
               <20201015230541.fnpbexhabjamslje@morty>
==========================================================================
Ubuntu Security Notice USN-4584-1
October 15, 2020

htmlunit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

HtmlUnit could be made to crash or run programs as an administrator
if it opened a specially crafted file.

Software Description:
- htmlunit: headless web browser written in Java

Details:

It was discovered that HtmlUnit incorrectly initialized Rhino engine. An
attacker could possibly use this issue to execute arbitrary Java code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libhtmlunit-java                2.8-1ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4584-1
  CVE-2020-5529

Package Information:
  https://launchpad.net/ubuntu/+source/htmlunit/2.8-1ubuntu2.1
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...

From:		Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-4584-1] HtmlUnit vulnerability
Date:		Thu, 15 Oct 2020 20:05:41 -0300
Message-ID:		<20201015230541.fnpbexhabjamslje@morty>