[월:] 2020년 01월

USN-4252-1: tcpdump vulnerabilities tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in tcpdump. Software Description tcpdump – command-line network traffic analyzer Details Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS tcpdump – 4.9.3-0ubuntu0.18.04.1 Ubuntu 16.04 LTS tcpdump – 4.9.3-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 [ more… ]

USN-4251-1: Tomcat vulnerabilities tomcat8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in Tomcat. Software Description tomcat8 – Servlet and JSP engine Details It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418) It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libtomcat8-java – 8.0.32-1ubuntu1.11 tomcat8 – 8.0.32-1ubuntu1.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-4250-1: MySQL vulnerabilities mysql-5.7, mysql-8.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-8.0 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-19.html https://www.oracle.com/security-alerts/cpujan2020.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 mysql-server-8.0 – 8.0.19-0ubuntu0.19.10.3 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.29-0ubuntu0.18.04.1 Ubuntu [ more… ]