[월:] 2020년 02월

USN-4289-1: Squid vulnerabilities squid, squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Squid. Software Description squid – Web proxy cache server squid3 – Web proxy cache server Details Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server reources prohibited by earlier security filters. (CVE-2020-8449) Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, [ more… ]

USN-4288-1: ppp vulnerability ppp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary ppp could be made to crash or run programs if it received specially crafted network traffic. Software Description ppp – Point-to-Point Protocol (PPP) Details It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 ppp – 2.4.7-2+4.1ubuntu4.1 Ubuntu 18.04 LTS ppp – 2.4.7-2+2ubuntu1.2 Ubuntu 16.04 LTS ppp – 2.4.7-1+2ubuntu1.16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-8597 Source: USN-4288-1: [ more… ]