[월:] 2018년 02월

USN-3580-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3580-1 21st February, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-133-generic-pae 3.2.0-133.179 linux-image-generic 3.2.0.133.148 linux-image-generic-pae 3.2.0.133.148 linux-image-3.2.0-133-generic 3.2.0-133.179 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)requires corresponding processor microcode/firmware updates or,in virtual environments, hypervisor updates. On i386 and amd64architectures, the IBRS and [ more… ]

USN-3579-1: LibreOffice vulnerability Ubuntu Security Notice USN-3579-1 21st February, 2018 libreoffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibreOffice would allow unintended access to files over the network. Software description libreoffice – Office productivity suite Details It was discovered that =WEBSERVICE calls in a document could be used toread arbitrary files. If a user were tricked in to opening a speciallycrafted document, a remote attacker could exploit this to obtain sensitiveinformation. (CVE-2018-6871) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libreoffice-core 1:5.4.5-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial3 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice to makeall the necessary changes. [ more… ]