[월:] 2017년 09월

USN-3428-1: Emacs vulnerability Ubuntu Security Notice USN-3428-1 21st September, 2017 emacs25 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Emacs could be made to run programs as your login if it opened a specially crafted file. Software description emacs25 – GNU Emacs editor Details Charles A. Roelli discovered that Emacs incorrectly handled certainfiles. If a user were tricked into opening a specially crafted file, anattacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: emacs25 25.1+1-3ubuntu4.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14482 Source: USN-3428-1: Emacs vulnerability

USN-3427-1: Emacs vulnerability Ubuntu Security Notice USN-3427-1 21st September, 2017 emacs24 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Emacs could be made to run programs as your login if it opened a specially crafted file. Software description emacs24 – GNU Emacs editor Details Charles A. Roelli discovered that Emacs incorrectly handled certainfiles. If a user were tricked into opening a specially crafted file, anattacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: emacs24 24.5+1-6ubuntu1.1 Ubuntu 14.04 LTS: emacs24 24.3+1-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14482 Source: USN-3427-1: Emacs vulnerability

USN-3426-1: Samba vulnerabilities Ubuntu Security Notice USN-3426-1 21st September, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing incertain situations. A remote attacker could use this issue to perform a manin the middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryptionacross DFS redirects. A remote attacker could use this issue to perform aman in the middle attack. (CVE-2017-12151) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memorywhen SMB1 is being used. A remote attacker could possibly use this issue toobtain server memory contents. (CVE-2017-12163) Update instructions The problem can [ more… ]