[월:] 2017년 03월

USN-3211-2: PHP regression Ubuntu Security Notice USN-3211-2 2nd March, 2017 php7.0 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary USN-3211-1 introduced a regression in PHP. Software description php7.0 – HTML-embedded scripting language interpreter Details USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15upstream release. PHP 7.0.15 introduced a regression when using MySQL withlarge blobs. This update fixes the problem with a backported fix. Original advisory details: It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, [ more… ]

USN-3214-1: w3m vulnerabilities Ubuntu Security Notice USN-3214-1 2nd March, 2017 w3m vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in w3m. Software description w3m – WWW browsable pager with excellent tables/frames support Details A large number of security issues were discovered in the w3m browser. If auser were tricked into viewing a malicious website, a remote attacker couldexploit a variety of issues related to web browser security, includingcross-site scripting attacks, denial of service attacks, and arbitrary codeexecution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: w3m 0.5.3-15ubuntu0.1 Ubuntu 12.04 LTS: w3m 0.5.3-5ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3215-1: Munin vulnerability Ubuntu Security Notice USN-3215-1 2nd March, 2017 munin vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Munin could be made to overwrite files. Software description munin – Network-wide graphing framework Details It was discovered that Munin incorrectly handled CGI graphs. A remoteattacker could use this issue to overwrite arbitrary files as the www-datauser. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: munin 2.0.19-3ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-6188 Source: USN-3215-1: Munin vulnerability