Articles by KENNETH

USN-3572-1: FreeType vulnerability Ubuntu Security Notice USN-3572-1 14th February, 2018 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary FreeType could be made to crash if it opened a specially crafted file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType incorrectly handled certain files.An attacker could possibly use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libfreetype6 2.8-0.2ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to makeall the necessary changes. References CVE-2018-6942 Source: USN-3572-1: FreeType vulnerability

USN-3570-1: AdvanceCOMP vulnerability Ubuntu Security Notice USN-3570-1 14th February, 2018 advancecomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. Software description advancecomp – collection of recompression utilities Details Joonun Jang discovered that AdvanceCOMP incorrectly handled certainmalformed zip files. If a user or automated system were tricked intoprocessing a specially crafted zip file, a remote attacker could causeAdvanceCOMP to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: advancecomp 2.0-1ubuntu0.1 Ubuntu 16.04 LTS: advancecomp 1.20-1ubuntu0.1 Ubuntu 14.04 LTS: advancecomp 1.18-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3571-1: Erlang vulnerabilities Ubuntu Security Notice USN-3571-1 14th February, 2018 erlang vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Erlang. Software description erlang – Concurrent, real-time, distributed functional language Details It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or [ more… ]