Articles by KENNETH

USN-3588-1: Memcached vulnerabilities Ubuntu Security Notice USN-3588-1 5th March, 2018 memcached vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Memcached. Software description memcached – high-performance memory object caching system Details Daniel Shapira discovered an integer overflow issue in Memcached. A remoteattacker could use this to cause a denial of service (daemon crash).(CVE-2017-9951) It was discovered that Memcached listened to UDP by default. A remoteattacker could use this as part of a distributed denial of service attack.(CVE-2018-1000115) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: memcached 1.4.33-1ubuntu3.2 Ubuntu 16.04 LTS: memcached 1.4.25-2ubuntu1.3 Ubuntu 14.04 LTS: memcached 1.4.14-0ubuntu9.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-3587-1: Dovecot vulnerabilities Ubuntu Security Notice USN-3587-1 5th March, 2018 dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Dovecot. Software description dovecot – IMAP and POP3 email server Details It was discovered that Dovecot incorrectly handled parsing certain emailaddresses. A remote attacker could use this issue to cause Dovecot tocrash, resulting in a denial of service, or possibly obtain sensitiveinformation. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups.A remote attacker could possibly use this issue to cause Dovecot to crash,resulting in a denial of service. (CVE-2017-15130) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: dovecot-core 1:2.2.27-3ubuntu1.3 Ubuntu 16.04 LTS: dovecot-core 1:2.2.22-1ubuntu2.7 Ubuntu 14.04 LTS: dovecot-core 1:2.2.9-1ubuntu2.4 [ more… ]

USN-3575-2: QEMU regression Ubuntu Security Notice USN-3575-2 5th March, 2018 qemu regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3575-1 introduced a regression in QEMU. Software description qemu – Machine emulator and virtualizer Details USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 causeda regression in Xen environments. This update removes the problematic fixpending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU [ more… ]