[월:] 2019년 09월

USN-4124-2: Exim vulnerability exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Exim could be made to run programs as an administrator if it received specially crafted network traffic. Software Description exim4 – Exim is a mail transport agent Details USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM exim4-daemon-heavy – 4.82-3ubuntu2.4+esm1 exim4-daemon-light – 4.82-3ubuntu2.4+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4124-1 CVE-2019-15846 Source: USN-4124-2: [ more… ]

USN-4134-1: IBus vulnerability ibus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary IBus would allow local users to capture key strokes of other locally logged in users. Software Description ibus – Intelligent Input Bus – core Details Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ibus – 1.5.19-1ubuntu2.1 Ubuntu 18.04 LTS ibus – 1.5.17-3ubuntu5.1 Ubuntu 16.04 LTS ibus – 1.5.11-1ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-4133-1: Wireshark vulnerabilities Wireshark vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Wireshark could be made to crash if it received specially crafted network traffic or input files. Software Description wireshark – network traffic analyzer Details It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwireshark-data – 2.6.10-1~ubuntu19.04.0 libwireshark11 – 2.6.10-1~ubuntu19.04.0 libwiretap8 – 2.6.10-1~ubuntu19.04.0 libwscodecs2 – 2.6.10-1~ubuntu19.04.0 libwsutil9 – 2.6.10-1~ubuntu19.04.0 tshark – 2.6.10-1~ubuntu19.04.0 wireshark – 2.6.10-1~ubuntu19.04.0 wireshark-common – 2.6.10-1~ubuntu19.04.0 wireshark-gtk – 2.6.10-1~ubuntu19.04.0 wireshark-qt – 2.6.10-1~ubuntu19.04.0 Ubuntu 18.04 LTS libwireshark-data – 2.6.10-1~ubuntu18.04.0 libwireshark11 [ more… ]