[월:] 2017년 04월

USN-3272-1: Ghostscript vulnerabilities Ubuntu Security Notice USN-3272-1 28th April, 2017 ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Ghostscript. Software description ghostscript – PostScript and PDF interpreter Details It was discovered that Ghostscript improperly handled parameters tothe rsdparams and eqproc commands. An attacker could use these tocraft a malicious document that could disable -dSAFER protections,thereby allowing the execution of arbitrary code, or cause a denialof service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in thecolor management module of Ghostscript. An attacker could use thisto cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scanconversion code in Ghostscript. An attacker could use this to causea denial of [ more… ]

USN-3271-1: Libxslt vulnerabilities Ubuntu Security Notice USN-3271-1 27th April, 2017 libxslt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Libxslt. Software description libxslt – XSLT processing library Details Holger Fuhrmannek discovered an integer overflow in thexsltAddTextString() function in Libxslt. An attacker could usethis to craft a malicious document that, when opened, could cause adenial of service (application crash) or possible execute arbitrarycode. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespacenodes. An attacker could use this to craft a malicious document that,when opened, could cause a denial of service (application crash)or possibly execute arbtrary code. This issue only affected Ubuntu16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in [ more… ]