[월:] 2019년 09월

USN-4120-2: systemd regression systemd regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary USN-4120-1 caused a regression in systemd. Software Description systemd – system and service manager Details USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 systemd – 240-6ubuntu5.7 Ubuntu 18.04 LTS systemd – 237-3ubuntu10.29 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-4128-1: Tomcat vulnerabilities tomcat8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Tomcat 8. Software Description tomcat8 – Servlet and JSP engine Details It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libtomcat8-java – 8.5.39-1ubuntu1~18.04.3 tomcat8 – 8.5.39-1ubuntu1~18.04.3 Ubuntu 16.04 LTS libtomcat8-java – 8.0.32-1ubuntu1.10 tomcat8 – 8.0.32-1ubuntu1.10 To update your system, [ more… ]