[월:] 2016년 02월

Ubuntu Security Notice USN-2896-1 15th February, 2016 libgcrypt11, libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt11 – LGPL Crypto library libgcrypt20 – LGPL Crypto library Details Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discoveredthat Libgcrypt was susceptible to an attack via physical side channels. Alocal attacker could use this attack to possibly recover private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgcrypt20 1.6.3-2ubuntu1.1 Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.3 Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-7511 Source: ubuntu-usn

Ubuntu Security Notice USN-2897-1 15th February, 2016 nettle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Nettle. Software description nettle – low level cryptographic library (public-key cryptos) Details Hanno Böck discovered that Nettle incorrectly handled carry propagation inthe NIST P-256 elliptic curve. (CVE-2015-8803) Hanno Böck discovered that Nettle incorrectly handled carry propagation inthe NIST P-384 elliptic curve. (CVE-2015-8804) Niels Moeller discovered that Nettle incorrectly handled carry propagationin the NIST P-256 elliptic curve. (CVE-2015-8805) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnettle6 3.1.1-4ubuntu0.1 Ubuntu 14.04 LTS: libnettle4 2.7.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8803, CVE-2015-8804, CVE-2015-8805 Source: [ more… ]

Ubuntu Security Notice USN-2898-1 15th February, 2016 gtk+2.0, gtk+3.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GTK+ could be made to crash or run programs as your login if it processed a specially crafted image. Software description gtk+2.0 – GTK+ graphical user interface library gtk+3.0 – GTK+ graphical user interface library Details It was discovered that GTK+ incorrectly handled certain large images. Aremote attacker could use this issue to cause GTK+ applications to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgtk2.0-0 2.24.28-1ubuntu1.1 Ubuntu 14.04 LTS: libgtk2.0-0 2.24.23-0ubuntu1.4 Ubuntu 12.04 LTS: libgtk2.0-0 2.24.10-0ubuntu6.3 libgtk-3-0 3.4.2-0ubuntu0.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After [ more… ]

Ubuntu Security Notice USN-2898-2 15th February, 2016 eog vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. Software description eog – Eye of GNOME graphics viewer program Details It was discovered that Eye of GNOME incorrectly handled certain largeimages. If a user were tricked into opening a specially-crafted image, aremote attacker could use this issue to cause Eye of GNOME to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: eog 3.16.3-1ubuntu2.1 Ubuntu 14.04 LTS: eog 3.10.2-0ubuntu5.1 Ubuntu 12.04 LTS: eog 3.4.2-0ubuntu1.2 To update your system, please [ more… ]