[월:] 2019년 07월

USN-4049-1: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary GLib did not properly restrict directory and file permissions. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libglib2.0-0 – 2.58.1-2ubuntu0.2 libglib2.0-bin – 2.58.1-2ubuntu0.2 Ubuntu 18.04 LTS libglib2.0-0 – 2.56.4-0ubuntu0.18.04.4 libglib2.0-bin – 2.56.4-0ubuntu0.18.04.4 Ubuntu 16.04 LTS libglib2.0-0 – 2.48.2-0ubuntu4.3 libglib2.0-bin – 2.48.2-0ubuntu4.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13012 Source: USN-4049-1: GLib vulnerability

USN-4048-1: Docker vulnerabilities Docker vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Docker could be made to overwrite files as the administrator. Software Description docker.io – Linux container runtime Details Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 docker.io – 18.09.7-0ubuntu1~19.04.4 Ubuntu 18.10 docker.io – 18.09.7-0ubuntu1~18.10.3 Ubuntu 18.04 LTS docker.io – 18.09.7-0ubuntu1~18.04.3 Ubuntu 16.04 LTS docker.io – 18.09.7-0ubuntu1~16.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update [ more… ]

USN-4047-1: libvirt vulnerabilities libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libvirt. Software Description libvirt – Libvirt virtualization toolkit Details Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libvirt-clients – 5.0.0-1ubuntu2.4 libvirt-daemon – 5.0.0-1ubuntu2.4 libvirt0 – 5.0.0-1ubuntu2.4 Ubuntu 18.10 libvirt-clients – 4.6.0-2ubuntu3.8 libvirt-daemon – 4.6.0-2ubuntu3.8 libvirt0 – 4.6.0-2ubuntu3.8 Ubuntu 18.04 LTS libvirt-clients – 4.0.0-1ubuntu8.12 libvirt-daemon – 4.0.0-1ubuntu8.12 libvirt0 – 4.0.0-1ubuntu8.12 Ubuntu 16.04 LTS libvirt-bin – 1.3.1-1ubuntu10.27 [ more… ]