[월:] 2017년 08월

No Image

USN-3404-2: Linux kernel (HWE) vulnerability

2017-08-29 KENNETH 0

USN-3404-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3404-2 28th August, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocolstack. A local attacker could exploit this flaw to cause a denial ofservice or possibly other unspecified problems. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.10.0-33-generic 4.10.0-33.37~16.04.1 linux-image-4.10.0-33-lowlatency 4.10.0-33.37~16.04.1 linux-image-generic-hwe-16.04 4.10.0.33.35 linux-image-lowlatency-hwe-16.04 4.10.0.33.35 linux-image-4.10.0-33-generic-lpae 4.10.0-33.37~16.04.1 linux-image-generic-lpae-hwe-16.04 4.10.0.33.35 To update [ more… ]

No Image

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities

2017-08-29 KENNETH 0

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3405-2 28th August, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIXmessage queue implementation in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-11176) Huang Weller discovered that the ext4 filesystem implementation in theLinux kernel mishandled a needs-flushing-before-commit list. A localattacker could use this to expose sensitive information. [ more… ]

No Image

RHSA-2017:2538-1: Low: rh-nginx110-nginx security update

2017-08-29 KENNETH 0

RHSA-2017:2538-1: Low: rh-nginx110-nginx security update Red Hat Enterprise Linux: An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7529 Source: RHSA-2017:2538-1: Low: rh-nginx110-nginx security update

New WinDbg available in preview!

2017-08-29 KENNETH 0

New WinDbg available in preview! We are excited to announce a preview version of a brand new WinDbg. We’ve update WinDbg to have more modern visuals, faster windows, a full-fledged scripting experience, built with the easily extensible debugger data model front and center. I’ll start this by saying that WinDbg Preview is using the same underlying engine as WinDbg today, so all the commands extensions and workflows you’re used to will still work just as they did before. Getting started I know a lot of you are going to want to dive right in and try it out, so here are the things you should know before doing so. Installation – You can install the WinDbg Preview from the Store if you have Windows 10 Anniversary Update or newer at https://www.microsoft.com/en-us/store/p/windbg/9pgjgd53tn86 – WinDbg Preview uses some features from the Windows 10 [ more… ]

No Image

USN-3403-1: Ghostscript vulnerabilities

2017-08-29 KENNETH 0

USN-3403-1: Ghostscript vulnerabilities Ubuntu Security Notice USN-3403-1 28th August, 2017 ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Ghostscript. Software description ghostscript – PostScript and PDF interpreter Details Kamil Frankowicz discovered that Ghostscript mishandles references.A remote attacker could use this to cause a denial of service.(CVE-2017-11714) Kim Gwan Yeong discovered that Ghostscript could allow a heap-based bufferover-read and application crash. A remote attacker could use a crafteddocument to cause a denial of service. (CVE-2017-9611, CVE-2017-9726,CVE-2017-9727, CVE-2017-9739) Kim Gwan Yeong discovered an use-after-free vulnerability in Ghostscript.A remote attacker could use a crafted file to cause a denial of service.(CVE-2017-9612) Kim Gwan Yeong discovered a lack of integer overflow check in Ghostscript.A remote attacker could use crafted PostScript document to cause a [ more… ]