[월:] 2020년 03월

USN-4294-1: OpenSMTPD vulnerabilities OpenSMTPD vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in opensmtpd. Software Description opensmtpd – secure, reliable, lean, and easy-to configure SMTP server Details It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. (CVE-2020-8794) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem. (CVE-2020-8793) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 opensmtpd – 6.0.3p1-6ubuntu0.2 Ubuntu 18.04 LTS opensmtpd – 6.0.3p1-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-4288-2: ppp vulnerability ppp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ppp could be made to crash or run programs if it received specially crafted network traffic. Software Description ppp – Point-to-Point Protocol (PPP) Details USN-4288-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM ppp – 2.4.5-5.1ubuntu2.3+esm1 Ubuntu 12.04 ESM ppp – 2.4.5-5ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4293-1: libarchive vulnerabilities libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libarchive. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. (CVE-2020-9308) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libarchive13 – 3.4.0-1ubuntu0.1 Ubuntu 18.04 LTS libarchive13 – 3.2.2-3.1ubuntu0.6 Ubuntu 16.04 LTS libarchive13 – 3.1.2-11ubuntu0.16.04.8 To update your system, [ more… ]