[월:] 2018년 01월

No Image

USN-3534-1: GNU C Library vulnerabilities

2018-01-17 KENNETH 0

USN-3534-1: GNU C Library vulnerabilities Ubuntu Security Notice USN-3534-1 17th January, 2018 eglibc, glibc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the GNU C library. Software description eglibc – GNU C Library glibc – GNU C Library Details It was discovered that the GNU C library did not properly handle all ofthe possible return values from the kernel getcwd(2) syscall. A localattacker could potentially exploit this to execute arbitrary code in setuidprograms and gain administrative privileges. (CVE-2018-1000001) A memory leak was discovered in the _dl_init_paths() function in the GNUC library dynamic loader. A local attacker could potentially exploit thiswith a specially crafted value in the LD_HWCAP_MASK environment variable,in combination with CVE-2017-1000409 and another vulnerability on a systemwith hardlink protections disabled, [ more… ]

Surface Book 2 coming to all Surface markets

2018-01-17 KENNETH 0

Surface Book 2 coming to all Surface markets Surface Book 2 is the most powerful Surface we’ve ever built, and customers love that they can run their most demanding applications from anywhere. For those of you who have been waiting for Surface Book 2 to come to your market, the wait is over. Surface Book 2 is coming to all current Surface markets in both 13” and 15” sizes, and pre-order for Surface Book 2 15” begins today in 17 markets. Surface Book 2 is a portable powerhouse with up to 17 hours of battery life. Since the product first launched in November, we have been hearing from customers and fans about what sets Surface Book 2 apart. They love that it delivers the processing and graphics power required to run demanding applications, but gives them the freedom to work away [ more… ]

No Image

WordPress 4.9.2 Security and Maintenance Release

2018-01-17 KENNETH 0

WordPress 4.9.2 Security and Maintenance Release WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress. MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository. Thank you to the reporters of this issue for practicing responsible security disclosure: Enguerran Gillier and Widiz. 21 other bugs were fixed in WordPress 4.9.2. Particularly of note were: JavaScript errors that prevented saving posts in Firefox have been fixed. The previous taxonomy-agnostic behavior of get_category_link() [ more… ]

No Image

USN-3533-1: Transmission vulnerability

2018-01-17 KENNETH 0

USN-3533-1: Transmission vulnerability Ubuntu Security Notice USN-3533-1 16th January, 2018 transmission vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Transmission could be made to run arbitraty code. Software description transmission – lightweight BitTorrent client Details It was discovered that Transmission incorrectly handled certain POST requests tothe RPC server and allowed DNS rebinding attack. An attacker could possibly use thisissue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: transmission 2.92-2ubuntu3.1 Ubuntu 16.04 LTS: transmission 2.84-3ubuntu3.1 Ubuntu 14.04 LTS: transmission 2.82-1.1ubuntu3.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-5702 Source: USN-3533-1: Transmission vulnerability

No Image

RHSA-2018:0094-1: Important: linux-firmware security update

2018-01-17 KENNETH 0

RHSA-2018:0094-1: Important: linux-firmware security update Red Hat Enterprise Linux: An update for linux-firmware is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Source: RHSA-2018:0094-1: Important: linux-firmware security update