[월:] 2018년 01월

USN-3527-1: Irssi vulnerabilities Ubuntu Security Notice USN-3527-1 10th January, 2018 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Irssi. Software description irssi – terminal based IRC client Details Joseph Bisch discovered that Irssi incorrectly handled incomplete escapecodes. If a user were tricked into using malformed commands or openingmalformed files, an attacker could use this issue to cause Irssi to crash,resulting in a denial of service. (CVE-2018-5205) Joseph Bisch discovered that Irssi incorrectly handled settings the channeltopic without specifying a sender. A malicious IRC server could use thisissue to cause Irssi to crash, resulting in a denial of service.(CVE-2018-5206) Joseph Bisch discovered that Irssi incorrectly handled incomplete variablearguments. If a user were tricked into using malformed commands or openingmalformed [ more… ]

USN-3525-1: Linux kernel vulnerability Ubuntu Security Notice USN-3525-1 10th January, 2018 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to expose sensitive information. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-132-generic-pae 3.2.0-132.178 linux-image-3.2.0-132-generic 3.2.0-132.178 linux-image-generic-pae 3.2.0.132.146 linux-image-generic 3.2.0.132.146 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the [ more… ]

USN-3524-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3524-2 9th January, 2018 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to expose sensitive information. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.13.0-139-generic-lpae 3.13.0-139.188~precise1 linux-image-generic-lpae-lts-trusty [ more… ]

USN-3522-2: Linux (Xenial HWE) vulnerability Ubuntu Security Notice USN-3522-2 9th January, 2018 linux-lts-xenial, linux-aws vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3523-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3523-1 9th January, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementationin the Linux kernel did not properly check the relationship between pointervalues and the BPF stack. A local attacker could use this to cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2017-17863) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementationin the Linux kernel improperly performed sign extension in [ more… ]