[월:] 2020년 03월

USN-4307-1: Apache HTTP Server update apache2 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS. Software Description apache2 – Apache HTTP server Details As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS apache2-bin – 2.4.29-1ubuntu4.13 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1845263 Source: USN-4307-1: Apache HTTP Server update

USN-4171-5: Apport regression apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4171-1 introduced a regression in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered [ more… ]