[월:] 2019년 04월

USN-3942-1: OpenJDK 7 vulnerability openjdk-7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-7 – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS icedtea-7-jre-jamvm – 7u211-2.6.17-0ubuntu0.1 openjdk-7-jdk – 7u211-2.6.17-0ubuntu0.1 openjdk-7-jre – 7u211-2.6.17-0ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References [ more… ]

USN-3943-1: Wget vulnerabilities wget vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Wget. Software Description wget – retrieves files from the web Details It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 wget – 1.19.5-1ubuntu1.1 Ubuntu 18.04 LTS wget – 1.19.4-1ubuntu2.2 Ubuntu 16.04 LTS wget – 1.17.1-1ubuntu1.5 Ubuntu 14.04 LTS wget – 1.15-1ubuntu1.14.04.5 To update your system, [ more… ]

USN-3938-1: systemd vulnerability systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The systemd PAM module could be used to gain additional PolicyKit privileges. Software Description systemd – system and service manager Details Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpam-systemd – 239-7ubuntu10.12 Ubuntu 18.04 LTS libpam-systemd – 237-3ubuntu10.19 Ubuntu 16.04 LTS libpam-systemd – 229-4ubuntu21.21 Ubuntu 14.04 LTS libpam-systemd – 204-5ubuntu20.31 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]