[월:] 2017년 10월

USN-3451-1: OpenStack Swift vulnerabilities Ubuntu Security Notice USN-3451-1 11th October, 2017 swift vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Swift. Software description swift – OpenStack distributed virtual object store Details It was discovered that OpenStack Swift incorrectly handled tempurls. Aremote authenticated user in possession of a tempurl key authorized for PUTcould retrieve other objects in the same Swift account. (CVE-2015-5223) Romain Le Disez and Örjan Persson discovered that OpenStack Swiftincorrectly closed client connections. A remote attacker could possibly usethis issue to consume resources, resulting in a denial of service.(CVE-2016-0737, CVE-2016-0738) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: swift 1.13.1-0ubuntu1.5 python-swift 1.13.1-0ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]

USN-3452-1: Ceph vulnerabilities Ubuntu Security Notice USN-3452-1 11th October, 2017 ceph vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Ceph. Software description ceph – distributed storage and file system Details It was discovered that Ceph incorrectly handled the handle_commandfunction. A remote authenticated user could use this issue to cause Ceph tocrash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled theauthenticated-read ACL. A remote attacker could possibly use this issue tolist bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objectswith null conditions. A remote attacker could possibly use this issue tocuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Originheaders. A remote attacker [ more… ]

USN-3436-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3436-1 11th October, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing-likecontext, an attacker could potentially exploit these to read uninitializedmemory, bypass phishing and malware protection, conduct cross-sitescripting (XSS) attacks, cause a denial of service via application crash,or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814,CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could potentially exploit this to cause a denial ofservice via application crash, or execute arbitrary code. (CVE-2017-7805) Update instructions The problem can [ more… ]