Articles by KENNETH

USN-4263-2: Sudo vulnerability sudo vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Sudo could allow unintended access to the administrator account. Software Description sudo – Provide limited super user privileges to specific users Details USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM sudo – 1.8.9p5-1ubuntu1.5+esm3 sudo-ldap – 1.8.9p5-1ubuntu1.5+esm3 Ubuntu 12.04 ESM sudo – 1.8.3p1-1ubuntu3.9 sudo-ldap – 1.8.3p1-1ubuntu3.9 To update your system, please follow these [ more… ]

USN-4267-1: ARM mbed TLS vulnerabilities mbedtls vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in mbedtls. Software Description mbedtls – lightweight crypto and SSL/TLS library – crypto library Details It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. (CVE-2017-18187) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. (CVE-2018-0487) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (heap corruption) via a [ more… ]