[월:] 2018년 01월

USN-3541-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3541-2 22nd January, 2018 linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were addressed in the Linux kernel. Software description linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors Details USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu17.10. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu16.04 LTS. Jann Horn discovered that microprocessors utilizing speculativeexecution and branch prediction may allow unauthorized memoryreads via sidechannel attacks. This flaw is known as Spectre. Alocal attacker could use this to expose sensitive information,including kernel memory. This update [ more… ]

USN-3542-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3542-2 22nd January, 2018 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were addressed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu14.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS forUbuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculativeexecution and branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Spectre. A local attackercould use this to expose sensitive information, including kernelmemory. This update provides mitigations for the i386 (CVE-2017-5753only) and amd64 architectures. Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3543-1: rsync vulnerabilities Ubuntu Security Notice USN-3543-1 23rd January, 2018 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync incorrectly handled certain data input.An attacker could possibly use this to cause a denial of service orexecute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attackercould possibly use this to bypass arguments and execute arbitrary code.(CVE-2018-5764) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: rsync 3.1.2-2ubuntu0.2 Ubuntu 16.04 LTS: rsync 3.1.1-3ubuntu1.2 Ubuntu 14.04 LTS: rsync 3.1.0-2ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3543-2: rsync vulnerabilities Ubuntu Security Notice USN-3543-2 23rd January, 2018 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details USN-3543-1 fixed vulnerabilities in rsync. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code. (CVE-2018-5764) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: rsync 3.0.9-1ubuntu1.3 To update your system, please follow [ more… ]