[월:] 2019년 04월

USN-3939-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Samba could be made to create files in unexpected locations. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libsmbclient – 2:3.6.25-0ubuntu0.12.04.17 samba – 2:3.6.25-0ubuntu0.12.04.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3939-1 CVE-2019-3880 [ more… ]

USN-3940-1: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. [ more… ]

USN-3939-1: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be made to create files in unexpected locations. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsmbclient – 2:4.8.4+dfsg-2ubuntu2.3 samba – 2:4.8.4+dfsg-2ubuntu2.3 Ubuntu 18.04 LTS libsmbclient – 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 Ubuntu 16.04 LTS libsmbclient – 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba – 2:4.3.11+dfsg-0ubuntu0.16.04.19 Ubuntu 14.04 LTS libsmbclient – 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]