[월:] 2017년 08월

USN-3375-1: LXC vulnerability Ubuntu Security Notice USN-3375-1 2nd August, 2017 lxc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary LXC would allow unintended access. Software description lxc – Linux Containers userspace tools Details It was discovered that LXC incorrectly handled the TIOCSTI ioctl. Anattacker could possibly use this issue to escape LXC containers. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: lxc 1.0.10-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LXC containers to makeall the necessary changes. References CVE-2016-10124 Source: USN-3375-1: LXC vulnerability

USN-3376-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3376-1 2nd August, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]