[월:] 2020년 02월

USN-4270-1: Exiv2 vulnerability exiv2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Exiv2 could be made to crash if it opened a specially crafted image. Software Description exiv2 – EXIF/IPTC/XMP metadata manipulation tool Details It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 exiv2 – 0.25-4ubuntu2.2 libexiv2-14 – 0.25-4ubuntu2.2 Ubuntu 18.04 LTS exiv2 – 0.25-3.1ubuntu0.18.04.5 libexiv2-14 – 0.25-3.1ubuntu0.18.04.5 Ubuntu 16.04 LTS exiv2 – 0.25-2.1ubuntu16.04.6 libexiv2-14 – 0.25-2.1ubuntu16.04.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-20421 Source: USN-4270-1: Exiv2 vulnerability

USN-4269-1: systemd vulnerabilities systemd vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in systemd. Software Description systemd – system and service manager Details It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue [ more… ]

USN-4268-1: OpenSMTPD vulnerability OpenSMTPD vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary OpenSMTPD could be made to run programs as root if it received specially crafted input over the network. Software Description opensmtpd – secure, reliable, lean, and easy-to configure SMTP server Details It was discovered that OpenSMTPD incorrectly verified the sender’s or receiver’s e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 opensmtpd – 6.0.3p1-6ubuntu0.1 Ubuntu 18.04 LTS opensmtpd – 6.0.3p1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-7247 Source: USN-4268-1: OpenSMTPD vulnerability

USN-4263-2: Sudo vulnerability sudo vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Sudo could allow unintended access to the administrator account. Software Description sudo – Provide limited super user privileges to specific users Details USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM sudo – 1.8.9p5-1ubuntu1.5+esm3 sudo-ldap – 1.8.9p5-1ubuntu1.5+esm3 Ubuntu 12.04 ESM sudo – 1.8.3p1-1ubuntu3.9 sudo-ldap – 1.8.3p1-1ubuntu3.9 To update your system, please follow these [ more… ]