No Image

USN-3572-1: FreeType vulnerability

2018-02-15 KENNETH 0

USN-3572-1: FreeType vulnerability Ubuntu Security Notice USN-3572-1 14th February, 2018 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary FreeType could be made to crash if it opened a specially crafted file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType incorrectly handled certain files.An attacker could possibly use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libfreetype6 2.8-0.2ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to makeall the necessary changes. References CVE-2018-6942 Source: USN-3572-1: FreeType vulnerability

Mixed Reality at Microsoft – February update

2018-02-15 KENNETH 0

Mixed Reality at Microsoft – February update It’s hard to believe that 2018 is almost two months old! Speaking on behalf of everyone on the mixed reality team at Microsoft, we are excited about the year to come. We have a lot of fun things planned. Because I love mixed reality so much, I thought February 14th (Valentine’s Day for those who celebrate) would be the perfect day to kick off a new regular update from us. Each month we will share some news on what we are doing, and we will highlight some of the great work coming to market from our customers and partners. Let’s get going with what we have to share today! Making it easier to get your hands on HoloLens We have heard loud and clear that people are looking for additional ways to get [ more… ]

No Image

USN-3570-1: AdvanceCOMP vulnerability

2018-02-15 KENNETH 0

USN-3570-1: AdvanceCOMP vulnerability Ubuntu Security Notice USN-3570-1 14th February, 2018 advancecomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. Software description advancecomp – collection of recompression utilities Details Joonun Jang discovered that AdvanceCOMP incorrectly handled certainmalformed zip files. If a user or automated system were tricked intoprocessing a specially crafted zip file, a remote attacker could causeAdvanceCOMP to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: advancecomp 2.0-1ubuntu0.1 Ubuntu 16.04 LTS: advancecomp 1.20-1ubuntu0.1 Ubuntu 14.04 LTS: advancecomp 1.18-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

No Image

USN-3571-1: Erlang vulnerabilities

2018-02-15 KENNETH 0

USN-3571-1: Erlang vulnerabilities Ubuntu Security Notice USN-3571-1 14th February, 2018 erlang vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Erlang. Software description erlang – Concurrent, real-time, distributed functional language Details It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or [ more… ]

No Image

RHBA-2018:0318-1: rh-nodejs8 bug fix and enhancement update

2018-02-14 KENNETH 0

RHBA-2018:0318-1: rh-nodejs8 bug fix and enhancement update Red Hat Enterprise Linux: Updated rh-nodejs8 packages that fix several bugs and add various enhancements are now available for Red Hat Software Collections. Source: RHBA-2018:0318-1: rh-nodejs8 bug fix and enhancement update