[월:] 2020년 05월

USN-4365-2: Bind vulnerabilities bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in Bind. Software Description bind9 – Internet Domain Name Server Details USN-4365-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update [ more… ]

LSN-0067-1: Kernel Live Patch Security Notice Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-oem – Linux kernel for OEM systems Details It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 18.04 LTS aws – 67.1 azure – 67.1 gcp – 67.1 generic – 67.1 [ more… ]