[월:] 2016년 03월

USN-2918-1: pixman vulnerability Ubuntu Security Notice USN-2918-1 3rd March, 2016 pixman vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary pixman could be made to crash or run programs as your login if it processed specially crafted data. Software description pixman – pixel-manipulation library for X and cairo Details Vincent LE GARREC discovered an integer underflow in pixman. If a user weretricked into opening a specially crafted file, a remote attacker couldcause pixman to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libpixman-1-0 0.30.2-2ubuntu1.1 Ubuntu 12.04 LTS: libpixman-1-0 0.30.2-1ubuntu0.0.0.0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your [ more… ]

USN-2919-1: JasPer vulnerabilities Ubuntu Security Notice USN-2919-1 3rd March, 2016 jasper vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in JasPer. Software description jasper – Library for manipulating JPEG-2000 files Details Jacob Baines discovered that JasPer incorrectly handled ICC color profilesin JPEG-2000 image files. If a user were tricked into opening a speciallycrafted JPEG-2000 image file, a remote attacker could cause JasPer tocrash or possibly execute arbitrary code with user privileges.(CVE-2016-1577) Tyler Hicks discovered that JasPer incorrectly handled memory whenprocessing JPEG-2000 image files. If a user were tricked into opening aspecially crafted JPEG-2000 image file, a remote attacker could causeJasPer to consume memory, resulting in a denial of service.(CVE-2016-2116) Update instructions The problem can be corrected by updating your system to the [ more… ]