No Image

USN-4175-1: Nokogiri vulnerability

2019-11-05 KENNETH 0

USN-4175-1: Nokogiri vulnerability ruby-nokogiri vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Nokogiri could be made to execute programs if it received specially crafted input. Software Description ruby-nokogiri – HTML, XML, SAX, and Reader parser for Ruby Details It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 ruby-nokogiri – 1.10.3+dfsg1-2ubuntu0.1 Ubuntu 19.04 ruby-nokogiri – 1.10.0+dfsg1-2ubuntu0.1 Ubuntu 18.04 LTS ruby-nokogiri – 1.8.2-1ubuntu0.1 Ubuntu 16.04 LTS ruby-nokogiri – 1.6.7.2-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-5477 Source: USN-4175-1: Nokogiri vulnerability

No Image

USN-4174-1: HAproxy vulnerability

2019-11-05 KENNETH 0

USN-4174-1: HAproxy vulnerability haproxy vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary HAproxy would allow unintended access if ii received specially crafted HTTP request. Software Description haproxy – fast and reliable load balancing reverse proxy Details It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 haproxy – 2.0.5-1ubuntu0.2 Ubuntu 19.04 haproxy – 1.8.19-1ubuntu1.2 Ubuntu 18.04 LTS haproxy – 1.8.8-1ubuntu0.7 Ubuntu 16.04 LTS haproxy – 1.6.3-1ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-18277 Source: USN-4174-1: HAproxy vulnerability

No Image

USN-4171-3: Apport regression

2019-11-05 KENNETH 0

USN-4171-3: Apport regression apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4171-1 introduced a regression in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression in the Python Apport library. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) [ more… ]

PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP

2019-11-05 KENNETH 0

환경 PHP-7.3 * 아마도 PHP-7.0 이상이면 발생하는것으로 추정 된다.   오류(??)메세지 PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP   원본코드   원인 class 이름과 function 이름이 동일할 경우 발생하는 메세지 현재 상태에서 당장 “심각” 수준은 아니지만 오류가 발생하기 때문에 조치가 필요하긴 함… 참조 URL : http://docs.php.net/manual/kr/language.oop5.decon.php 처음 메세지를 봤을 때는… “에이 뭐 이런…!!!” 이었으나 글을 보고 나니 “아.. 따르는게 좋겠네…” 라는 느낌.. 뭐 난 개발자스런 지식이 없기 때문에 ㅋㅋㅋㅋ   수정코드      

No Image

USN-4170-3: Whoopsie regression

2019-11-05 KENNETH 0

USN-4170-3: Whoopsie regression whoopsie regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4170-2 caused a regression in Whoopsie Software Description whoopsie – Ubuntu error tracker submission Details USN-4170-1 fixed a vulnerability in Whoopsie and USN-4170-2 fixed a subsequent regression. That update was incomplete and could still result in Whoopsie potentially crashing when uploading crash reports on some architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libwhoopsie0 – [ more… ]