[월:] 2016년 07월

USN-3028-1: NSPR vulnerability Ubuntu Security Notice USN-3028-1 11th July, 2016 nspr vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSPR could be made to crash or run programs if it received specially crafted input. Software description nspr – NetScape Portable Runtime Library Details It was discovered that NSPR incorrectly handled memory allocation. A remoteattacker could use this issue to cause NSPR to crash, resulting in a denialof service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libnspr4 2:4.12-0ubuntu0.16.04.1 Ubuntu 15.10: libnspr4 2:4.12-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libnspr4 2:4.12-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: libnspr4 4.12-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-3029-1: NSS vulnerability Ubuntu Security Notice USN-3029-1 11th July, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to crash or run programs if it processed specially crafted network traffic. Software description nss – Network Security Service library Details Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. Aremote attacker could use this issue to cause NSS to crash, resulting in adenial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includesthe latest CA certificate bundle. As a security improvement, this updatealso modifies NSS behaviour to reject DH key sizes below 1024 bits,preventing a possible downgrade attack. Update instructions The problem can be corrected by updating your system to [ more… ]

USN-3030-1: GD library vulnerabilities Ubuntu Security Notice USN-3030-1 11th July, 2016 libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD library incorrectly handled memory when usinggdImageScaleTwoPass(). A remote attacker could possibly use this issue tocause a denial of service. This issue only affected Ubuntu 14.04 LTS.(CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformedXBM images. If a user or automated system were tricked into processing aspecially crafted XBM image, an attacker could cause a denial of service.This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04LTS. [ more… ]