[월:] 2017년 03월

USN-3237-1: FreeType vulnerability Ubuntu Security Notice USN-3237-1 20th March, 2017 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary FreeType could be made to crash or run programs if it opened a specially crafted font file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType did not correctly handle certain malformedfont files. If a user were tricked into using a specially crafted fontfile, a remote attacker could cause FreeType to crash, resulting in adenial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libfreetype6 2.6.3-3ubuntu1.1 Ubuntu 16.04 LTS: libfreetype6 2.6.1-0.1ubuntu2.1 Ubuntu 14.04 LTS: libfreetype6 2.5.2-1ubuntu2.6 Ubuntu 12.04 LTS: libfreetype6 2.4.8-1ubuntu2.4 [ more… ]

USN-3183-2: GnuTLS vulnerability Ubuntu Security Notice USN-3183-2 20th March, 2017 gnutls26 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GnuTLS could be made to hang if it received specially crafted network traffic. Software description gnutls26 – GNU TLS library Details USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu16.10. This update provides the corresponding update for Ubuntu 12.04 LTSand Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a [ more… ]