[월:] 2018년 02월

USN-3565-1: Exim vulnerability Ubuntu Security Notice USN-3565-1 12th February, 2018 exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Exim could be made to crash or run programs if it received specially crafted network traffic. Software description exim4 – Exim is a mail transport agent Details Meh Chang discovered that Exim incorrectly handled memory in certaindecoding operations. A remote attacker could use this issue to cause Eximto crash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: exim4-daemon-heavy 4.89-5ubuntu1.3 exim4-daemon-light 4.89-5ubuntu1.3 Ubuntu 16.04 LTS: exim4-daemon-heavy 4.86.2-2ubuntu2.3 exim4-daemon-light 4.86.2-2ubuntu2.3 Ubuntu 14.04 LTS: exim4-daemon-heavy 4.82-3ubuntu2.4 exim4-daemon-light 4.82-3ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3566-1: PHP vulnerabilities Ubuntu Security Notice USN-3566-1 12th February, 2018 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled the PHAR 404 error page. Aremote attacker could possibly use this issue to conduct cross-sitescripting (XSS) attacks. (CVE-2018-5712) It was discovered that PHP incorrectly handled memory when unserializingcertain data. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12933) It was discovered that PHP incorrectly handled 'front of' and 'back of'date directives. A remote attacker could possibly use this issue to obtainsensitive information. (CVE-2017-16642) Update instructions The problem can be corrected by updating your system to the following [ more… ]

USN-3567-1: Puppet vulnerability Ubuntu Security Notice USN-3567-1 12th February, 2018 puppet vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Puppet could be made to crash or run programs. Software description puppet – Centralized configuration management Details It was discovered that Puppet incorrectly handled permissions whenunpacking certain tarballs. A local user could possibly use this issue toexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: puppet-common 3.4.3-1ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-10689 Source: USN-3567-1: Puppet vulnerability