[월:] 2017년 11월

USN-3486-1: Samba vulnerabilities Ubuntu Security Notice USN-3486-1 21st November, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memorywhen processing certain SMB1 requests. A remote attacker could possibly usethis issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory whenreturning data to a client. A remote attacker could possibly use this issueto obtain sensitive information. (CVE-2017-15275) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: samba 2:4.6.7+dfsg-1ubuntu3.1 Ubuntu 17.04: samba 2:4.5.8+dfsg-0ubuntu0.17.04.8 Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.12 Ubuntu 14.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.14.04.13 [ more… ]

USN-3483-2: procmail vulnerability Ubuntu Security Notice USN-3483-2 21st November, 2017 procmail vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary formail could be made to crash or run programs if it processed specially crafted mail. Software description procmail – Versatile e-mail processor Details USN-3483-1 fixed a vulnerability in procmail. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: procmail 3.22-19ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3484-1: Linux kernel vulnerability Ubuntu Security Notice USN-3484-1 20th November, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: linux-image-4.10.0-40-generic 4.10.0-40.44 linux-image-4.10.0-40-lowlatency 4.10.0-40.44 linux-image-generic 4.10.0.40.40 linux-image-4.10.0-40-generic-lpae 4.10.0-40.44 linux-image-generic-lpae 4.10.0.40.40 linux-image-lowlatency 4.10.0.40.40 linux-image-raspi2 4.10.0.1021.22 linux-image-4.10.0-1021-raspi2 4.10.0-1021.24 To update [ more… ]

USN-3485-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3485-1 20th November, 2017 linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a race condition existed in the ALSA subsystem ofthe Linux kernel when creating and deleting a port via ioctl(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem [ more… ]