[월:] 2020년 05월

USN-4363-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-oem – Linux kernel for OEM systems linux-oracle – Linux kernel for Oracle Cloud systems linux-snapdragon – Linux kernel for Qualcomm Snapdragon processors linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could [ more… ]

USN-4362-1: DPDK vulnerabilities dpdk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in DPDK. Software Description dpdk – set of libraries for fast packet processing Details It was discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725, CVE-2020-10726) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS dpdk – 19.11.1-0ubuntu1.1 Ubuntu 19.10 dpdk – 18.11.5-0ubuntu0.19.10.2 Ubuntu 18.04 LTS dpdk – 17.11.9-0ubuntu18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726 Source: USN-4362-1: DPDK vulnerabilities

USN-4361-1: Dovecot vulnerabilities dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Summary Several security issues were fixed in Dovecot. Software Description dovecot – IMAP and POP3 email server Details Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-10957, CVE-2020-10967) Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-10958) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS dovecot-core – 1:2.3.7.2-1ubuntu3.1 Ubuntu 19.10 dovecot-core – 1:2.3.4.1-5ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-10957 [ more… ]