[월:] 2019년 07월

USN-4067-1: Evince vulnerability evince vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Evince could be made to crash or run arbitrary code if it received a specially crafted PDF file. Software Description evince – Document viewer Details It was discovered that Evince incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS evince – 3.18.2-1ubuntu4.6 evince-common – 3.18.2-1ubuntu4.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1010006 Source: USN-4067-1: Evince vulnerability

USN-4065-2: Squid vulnerabilities squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Squid. Software Description squid3 – Web proxy cache server Details USN-4065-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12529) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM squid3 – 3.1.19-1ubuntu3.12.04.10 To update your system, please [ more… ]

USN-4066-2: ClamAV vulnerability clamav vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ClamAV could be made to expose sensitive information if it received a specially crafted CHM file. Software Description clamav – Anti-virus utility for Unix Details USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM clamav – 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM clamav – 0.100.3+dfsg-1ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]