[월:] 2019년 04월

USN-3937-1: Apache HTTP Server vulnerabilities apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the Apache HTTP Server. Software Description apache2 – Apache HTTP server Details Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly [ more… ]

USN-3936-1: AdvanceCOMP vulnerability advancecomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. Software Description advancecomp – collection of recompression utilities Details It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 advancecomp – 2.1-1ubuntu0.18.10.1 Ubuntu 18.04 LTS advancecomp – 2.1-1ubuntu0.18.04.1 Ubuntu 16.04 LTS advancecomp – 1.20-1ubuntu0.2 Ubuntu 14.04 LTS advancecomp – 1.18-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-9210 Source: USN-3936-1: AdvanceCOMP vulnerability