[월:] 2019년 12월

USN-4219-1: libssh vulnerability libssh vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libssh could be made to run programs under certain conditions. Software Description libssh – A tiny C SSH library Details It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libssh-4 – 0.9.0-1ubuntu1.3 Ubuntu 19.04 libssh-4 – 0.8.6-3ubuntu0.3 Ubuntu 18.04 LTS libssh-4 – 0.8.0~20170825.94fa1e38-1ubuntu0.5 Ubuntu 16.04 LTS libssh-4 – 0.6.3-4.3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-4218-1: GNU C vulnerability eglibc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GNU C could be made to execute arbitrary code or cause a crash if it received a specially crafted input. Software Description eglibc – GNU C Library Details Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libc6 – 2.19-0ubuntu6.15+esm1 Ubuntu 12.04 ESM libc6 – 2.15-0ubuntu10.22 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-6485 Source: USN-4218-1: GNU C vulnerability

USN-4217-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libsmbclient – 2:4.10.7+dfsg-0ubuntu2.3 samba – 2:4.10.7+dfsg-0ubuntu2.3 Ubuntu 19.04 libsmbclient – 2:4.10.0+dfsg-0ubuntu2.7 samba – 2:4.10.0+dfsg-0ubuntu2.7 Ubuntu 18.04 LTS libsmbclient – 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 Ubuntu 16.04 LTS libsmbclient [ more… ]