[월:] 2018년 02월

USN-3570-1: AdvanceCOMP vulnerability Ubuntu Security Notice USN-3570-1 14th February, 2018 advancecomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. Software description advancecomp – collection of recompression utilities Details Joonun Jang discovered that AdvanceCOMP incorrectly handled certainmalformed zip files. If a user or automated system were tricked intoprocessing a specially crafted zip file, a remote attacker could causeAdvanceCOMP to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: advancecomp 2.0-1ubuntu0.1 Ubuntu 16.04 LTS: advancecomp 1.20-1ubuntu0.1 Ubuntu 14.04 LTS: advancecomp 1.18-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3571-1: Erlang vulnerabilities Ubuntu Security Notice USN-3571-1 14th February, 2018 erlang vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Erlang. Software description erlang – Concurrent, real-time, distributed functional language Details It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or [ more… ]

USN-3569-1: libvorbis vulnerabilities Ubuntu Security Notice USN-3569-1 13th February, 2018 libvorbis vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libvorbis. Software description libvorbis – The Vorbis General Audio Compression Codec Details It was discovered that libvorbis incorrectly handled certain sound files.An attacker could possibly use this to execute arbitrary code.(CVE-2017-14632) It was discovered that libvorbis incorrectly handled certain sound files.An attacker could use this to cause a denial of service.(CVE-2017-14633) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libvorbis0a 1.3.5-4ubuntu0.1 Ubuntu 16.04 LTS: libvorbis0a 1.3.5-3ubuntu0.1 Ubuntu 14.04 LTS: libvorbis0a 1.3.2-1.3ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system upgrade you need to restart any applications thatuse [ more… ]