[월:] 2018년 03월

USN-3591-1: Django vulnerabilities python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Django. Software Description python-django – High-level Python web development framework Details James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 python-django – 1:1.11.4-1ubuntu1.2 python3-django – 1:1.11.4-1ubuntu1.2 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.6 python3-django – 1.8.7-1ubuntu5.6 Ubuntu 14.04 LTS python-django – 1.6.11-0ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-7536 CVE-2018-7537 Source: USN-3591-1: Django vulnerabilities

USN-3590-1: Irssi vulnerabilities irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Irssi. Software Description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7050) It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. (CVE-2018-7051) It was discovered that Irssi incorrectly handled an increase in the number of windows. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7052) It was discovered that Irssi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary [ more… ]

USN-3589-1: PostgreSQL vulnerability postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary PostgreSQL could be made to execute arbitrary code. Software Description postgresql-9.6 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database postgresql-9.3 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 postgresql-9.6 – 9.6.8-0ubuntu0.17.10 Ubuntu 16.04 LTS postgresql-9.5 – 9.5.12-0ubuntu0.16.04 Ubuntu 14.04 LTS postgresql-9.3 – 9.3.22-0ubuntu0.14.04 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all [ more… ]

USN-3585-1: Twisted vulnerability Ubuntu Security Notice USN-3585-1 5th March, 2018 twisted vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Twisted could be made to run programs if it received specially crafted network traffic. Software description twisted – Event-based framework for internet applications Details It was discovered that Twisted incorrectly handled certain HTTP requests.An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: python3-twisted 16.0.0-1ubuntu0.2 python-twisted-web 16.0.0-1ubuntu0.2 python-twisted 16.0.0-1ubuntu0.2 python-twisted-bin 16.0.0-1ubuntu0.2 Ubuntu 14.04 LTS: python-twisted-web 13.2.0-1ubuntu1.2 python-twisted 13.2.0-1ubuntu1.2 python-twisted-bin 13.2.0-1ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1000111 Source: USN-3585-1: Twisted vulnerability