[월:] 2016년 07월

USN-3024-1: Tomcat vulnerabilities Ubuntu Security Notice USN-3024-1 5th July, 2016 tomcat6, tomcat7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Tomcat. Software description tomcat6 – Servlet and JSP engine tomcat7 – Servlet and JSP engine Details It was discovered that Tomcat incorrectly handled pathnames used by webapplications in a getResource, getResourceAsStream, or getResourcePathscall. A remote attacker could use this issue to possibly list a parentdirectory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS andUbuntu 15.10. (CVE-2015-5174) It was discovered that the Tomcat mapper component incorrectly handledredirects. A remote attacker could use this issue to determine theexistence of a directory. This issue only affected Ubuntu 12.04 LTS,Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345) It was discovered [ more… ]

USN-3025-1: GIMP vulnerability Ubuntu Security Notice USN-3025-1 5th July, 2016 gimp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GIMP could be made to crash or run programs as your login if it opened a specially crafted file. Software description gimp – The GNU Image Manipulation Program Details It was discovered that GIMP incorrectly handled malformed XCF files. If auser were tricked into opening a specially crafted XCF file, an attackercould cause GIMP to crash, or possibly execute arbitrary code with theuser's privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: gimp 2.8.14-1ubuntu2.1 Ubuntu 14.04 LTS: gimp 2.8.10-0ubuntu1.1 Ubuntu 12.04 LTS: gimp 2.6.12-1ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3026-1: libimobiledevice vulnerability Ubuntu Security Notice USN-3026-1 5th July, 2016 libimobiledevice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary libimobiledevice would allow unintended access to devices over the network. Software description libimobiledevice – Library for communicating with iPhone and iPod Touch devices Details It was discovered that libimobiledevice incorrectly handled socketpermissions. A remote attacker could use this issue to access services oniOS devices, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libimobiledevice6 1.2.0+dfsg-3~ubuntu0.2 Ubuntu 15.10: libimobiledevice4 1.1.6+dfsg-3.1ubuntu0.1 Ubuntu 14.04 LTS: libimobiledevice4 1.1.5+git20140313.bafe6a9e-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-5104 Source: USN-3026-1: libimobiledevice vulnerability

USN-3026-2: libusbmuxd vulnerability Ubuntu Security Notice USN-3026-2 5th July, 2016 libusbmuxd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Summary libusbmuxd would allow unintended access to devices over the network. Software description libusbmuxd – USB multiplexor daemon for iPhone and iPod Touch devices Details It was discovered that libusbmuxd incorrectly handled socket permissions.A remote attacker could use this issue to access services on iOS devices,contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libusbmuxd4 1.0.10-2ubuntu0.1 Ubuntu 15.10: libusbmuxd2 1.0.9-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-5104 Source: USN-3026-2: libusbmuxd vulnerability