[월:] 2017년 02월

USN-3191-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3191-1 6th February, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libwebkit2gtk-4.0-37 2.14.3-0ubuntu0.16.10.1 libjavascriptcoregtk-4.0-18 2.14.3-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.14.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.14.3-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3192-1: Squid vulnerabilities Ubuntu Security Notice USN-3192-1 6th February, 2017 squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Squid could be made to expose sensitive information over the network. Software description squid3 – Web proxy cache server Details Saulius Lapinskas discovered that Squid incorrectly handled processingHTTP conditional requests. A remote attacker could possibly use this issueto obtain sensitive information related to other clients' browsingsessions. (CVE-2016-10002) Felix Hassert discovered that Squid incorrectly handled certain HTTPRequest headers when using the Collapsed Forwarding feature. A remoteattacker could possibly use this issue to obtain sensitive informationrelated to other clients' browsing sessions. This issue only applied toUbuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-3193-1: Nettle vulnerability Ubuntu Security Notice USN-3193-1 6th February, 2017 nettle vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Nettle could be made to expose sensitive information over the network. Software description nettle – low level cryptographic library (public-key cryptos) Details It was discovered that Nettle incorrectly mitigated certain timingside-channel attacks. A remote attacker could possibly use this flaw torecover private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libnettle6 3.2-1ubuntu0.16.10.1 Ubuntu 16.04 LTS: libnettle6 3.2-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: libnettle4 2.7.1-1ubuntu0.2 Ubuntu 12.04 LTS: libnettle4 2.4-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-6489 Source: USN-3193-1: Nettle vulnerability