[월:] 2017년 11월

USN-3498-1: curl vulnerabilities Ubuntu Security Notice USN-3498-1 29th November, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Alex Nichols discovered that curl incorrectly handled NTLM authenticationcredentials. A remote attacker could use this issue to cause curl to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.(CVE-2017-8816) It was discovered that curl incorrectly handled FTP wildcard matching. Aremote attacker could use this issue to cause curl to crash, resulting in adenial of service, or possibly obtain sensitive information.(CVE-2017-8817) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3497-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-3497-1 29th November, 2017 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details It was discovered that the Smart Card IO subsystem in OpenJDK did notproperly maintain state. An attacker could use this to specially constructan untrusted Java application or applet to gain access to a smart card,bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK didnot properly limit the amount of memory allocated when performingdeserializations. An attacker could use this to cause a denial of service(memory exhaustion). (CVE-2017-10281) It was discovered that the Remote Method Invocation (RMI) component inOpenJDK did not properly handle unreferenced objects. An attacker could usethis to specially construct an [ more… ]