[월:] 2020년 03월

USN-4306-1: Dino vulnerabilities dino-im vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in dino-im. Software Description dino-im – modern XMPP client Details It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS dino-im – 0.0.git20180130-1ubuntu0.1 dino-im-common – 0.0.git20180130-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-16235 CVE-2019-16236 CVE-2019-16237 LP: 1866115 Source: USN-4306-1: Dino vulnerabilities

USN-4305-1: ICU vulnerability icu vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ICU could be made to execute arbitrary code if it received a specially crafted string. Software Description icu – International Components for Unicode library Details André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libicu63 – 63.2-2ubuntu0.1 Ubuntu 18.04 LTS libicu60 – 60.2-3ubuntu3.1 Ubuntu 16.04 LTS libicu55 – 55.1-7ubuntu0.5 Ubuntu 14.04 ESM libicu52 – 52.1-3ubuntu0.8+esm1 Ubuntu 12.04 ESM libicu48 – 4.8.1.1-3ubuntu0.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-4304-1: Ceph vulnerability ceph vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Ceph could be made to stop responding if it received specially crafted network traffic. Software Description ceph – distributed storage and file system Details Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 ceph – 14.2.4-0ubuntu0.19.10.2 ceph-base – 14.2.4-0ubuntu0.19.10.2 ceph-common – 14.2.4-0ubuntu0.19.10.2 Ubuntu 18.04 LTS ceph – 12.2.12-0ubuntu0.18.04.5 ceph-base – 12.2.12-0ubuntu0.18.04.5 ceph-common – 12.2.12-0ubuntu0.18.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-1700 Source: USN-4304-1: Ceph [ more… ]