[월:] 2019년 01월

USN-3875-1: OpenJDK vulnerability openjdk-8, openjdk-lts vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 16.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-lts – Open Source Java implementation openjdk-8 – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 openjdk-11-jdk – 11.0.1+13-3ubuntu3.18.10.1 openjdk-11-jre – 11.0.1+13-3ubuntu3.18.10.1 openjdk-11-jre-headless – 11.0.1+13-3ubuntu3.18.10.1 Ubuntu 16.04 LTS openjdk-8-jdk – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-headless – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-jamvm – 8u191-b12-2ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional [ more… ]

USN-3874-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505) It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks [ more… ]