[월:] 2017년 03월

USN-3226-1: icoutils vulnerabilities Ubuntu Security Notice USN-3226-1 13th March, 2017 icoutils vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary icoutils could be made to crash or run programs as your login if it opened a specially crafted file. Software description icoutils – Create and extract MS Windows icons and cursors Details Jerzy Kramarz discovered that icoutils incorrectly handled memory whenprocessing certain files. If a user or automated system were tricked intoopening a specially crafted file, an attacker could cause icoutils tocrash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: icoutils 0.29.1-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-3227-1: ICU vulnerabilities Ubuntu Security Notice USN-3227-1 13th March, 2017 icu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ICU. Software description icu – International Components for Unicode library Details It was discovered that ICU incorrectly handled certain memory operationswhen processing data. If an application using ICU processed crafted data,a remote attacker could possibly cause it to crash or potentially executearbitrary code with the privileges of the user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libicu57 57.1-4ubuntu0.1 Ubuntu 16.04 LTS: libicu55 55.1-7ubuntu0.1 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.5 Ubuntu 12.04 LTS: libicu48 4.8.1.1-3ubuntu0.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3228-1: libevent vulnerabilities Ubuntu Security Notice USN-3228-1 13th March, 2017 libevent vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libevent. Software description libevent – Asynchronous event notification library Details Guido Vranken discovered that libevent incorrectly handled memory whenprocessing certain data. A remote attacker could possibly use this issuewith an application that uses libevent to cause a denial of service, orpossibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libevent-2.0-5 2.0.21-stable-2ubuntu0.16.10.1 Ubuntu 16.04 LTS: libevent-2.0-5 2.0.21-stable-2ubuntu0.16.04.1 Ubuntu 14.04 LTS: libevent-2.0-5 2.0.21-stable-1ubuntu1.14.04.2 Ubuntu 12.04 LTS: libevent-2.0-5 2.0.16-stable-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]

USN-3229-1: Python Imaging Library vulnerabilities Ubuntu Security Notice USN-3229-1 13th March, 2017 python-imaging vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Python Imaging Library. Software description python-imaging – Python Imaging Library Details It was discovered that the Python Imaging Library incorrectly handledcertain compressed text chunks in PNG images. A remote attacker couldpossibly use this issue to cause the Python Imaging Library to crash,resulting in a denial of service. (CVE-2014-9601) Cris Neckar discovered that the Python Imaging Library incorrectly handledcertain malformed images. A remote attacker could use this issue to causethe Python Imaging Library to crash, resulting in a denial of service, orpossibly obtain sensitive information. (CVE-2016-9189) Cris Neckar discovered that the Python Imaging Library incorrectly handledcertain malformed images. A remote attacker could use this issue [ more… ]

USN-3230-1: Pillow vulnerabilities Ubuntu Security Notice USN-3230-1 13th March, 2017 pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Pillow. Software description pillow – Python Imaging Library Details It was discovered that Pillow incorrectly handled certain compressed textchunks in PNG images. A remote attacker could possibly use this issue tocause Pillow to crash, resulting in a denial of service. This issue onlyaffected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar discovered that Pillow incorrectly handled certain malformedimages. A remote attacker could use this issue to cause Pillow to crash,resulting in a denial of service, or possibly obtain sensitive information.(CVE-2016-9189) Cris Neckar discovered that Pillow incorrectly handled certain malformedimages. A remote attacker could use this issue to cause Pillow to crash,resulting in a denial [ more… ]