[월:] 2017년 04월

USN-3263-1: FreeType vulnerability Ubuntu Security Notice USN-3263-1 20th April, 2017 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary FreeType could be made to crash or run programs if it opened a specially crafted font file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that a heap-based buffer overflow existed in theFreeType library. If a user were tricked into using a speciallycrafted font file, a remote attacker could cause FreeType to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libfreetype6 2.6.3-3ubuntu2.1 Ubuntu 16.10: libfreetype6 2.6.3-3ubuntu1.2 Ubuntu 16.04 LTS: libfreetype6 2.6.1-0.1ubuntu2.2 Ubuntu 14.04 LTS: libfreetype6 [ more… ]

USN-3262-1: curl vulnerability Ubuntu Security Notice USN-3262-1 20th April, 2017 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Applications using curl could allow unintended access over the network. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details It was discovered that curl incorrectly handled client certificates whenresuming a TLS session. A remote attacker could use this to hijack apreviously authenticated connection. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libcurl3-nss 7.52.1-4ubuntu1.1 curl 7.52.1-4ubuntu1.1 libcurl3-gnutls 7.52.1-4ubuntu1.1 libcurl3 7.52.1-4ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-7468 Source: USN-3262-1: curl vulnerability