[월:] 2017년 03월

USN-3221-1: Linux kernel vulnerability Ubuntu Security Notice USN-3221-1 7th March, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Alexander Popov discovered that the N_HDLC line discipline implementationin the Linux kernel contained a double-free vulnerability. A local attackercould use this to cause a denial of service (system crash) or possibly gainadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.41.52 linux-image-powerpc-e500mc 4.8.0.41.52 linux-image-4.8.0-41-generic 4.8.0-41.44 linux-image-generic 4.8.0.41.52 linux-image-generic-lpae 4.8.0.41.52 linux-image-4.8.0-1028-raspi2 4.8.0-1028.31 linux-image-4.8.0-41-powerpc-e500mc 4.8.0-41.44 linux-image-powerpc64-emb 4.8.0.41.52 linux-image-4.8.0-41-generic-lpae 4.8.0-41.44 linux-image-4.8.0-41-powerpc64-emb 4.8.0-41.44 linux-image-4.8.0-41-powerpc-smp 4.8.0-41.44 linux-image-lowlatency 4.8.0.41.52 linux-image-raspi2 4.8.0.1028.31 linux-image-4.8.0-41-lowlatency 4.8.0-41.44 To update your system, please [ more… ]

USN-3221-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3221-2 7th March, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel for Ubuntu 16.04 LTS Details USN-3221-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that the N_HDLC line discipline implementationin the Linux kernel contained a double-free vulnerability. A local attackercould use this to cause a denial of service (system crash) or possibly gainadministrative privileges. (CVE-2017-2636) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-41-generic 4.8.0-41.44~16.04.1 linux-image-4.8.0-41-powerpc-e500mc [ more… ]

USN-3216-1: Firefox vulnerabilities Ubuntu Security Notice USN-3216-1 7th March, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to bypass same origin restrictions, obtainsensitive information, spoof the addressbar, spoof the print dialog,cause a denial of service via application crash or hang, or executearbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400,CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405,CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412,CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417,CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422,CVE-2017-5426, CVE-2017-5427) Update instructions The problem can be corrected by [ more… ]

USN-3217-1: network-manager-applet vulnerability Ubuntu Security Notice USN-3217-1 7th March, 2017 network-manager-applet vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary The system could be made to expose sensitive information. Software description network-manager-applet – GNOME frontend for NetworkManager Details It was discovered that network-manager-applet incorrectly checkedpermissions when connecting to certain wireless networks. A local attackercould use this issue at the login screen to access local files. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: network-manager-gnome 1.2.6-0ubuntu1.1 Ubuntu 16.04 LTS: network-manager-gnome 1.2.6-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: network-manager-gnome 0.9.8.8-0ubuntu4.5 Ubuntu 12.04 LTS: network-manager-gnome 0.9.4.1-0ubuntu2.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. [ more… ]