Articles by KENNETH

USN-3551-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3551-1 30th January, 2018 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details Multiple security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit these to cause adenial of service, spoof the user interface, or execute arbitrary code.(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.6-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.6-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.6-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3550-1: ClamAV vulnerabilities Ubuntu Security Notice USN-3550-1 30th January, 2018 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled parsing certain mailmessages. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain PDFfiles. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12376) It was discovered that ClamAV incorrectly handled parsing certain mewpacket files. A remote attacker could use this issue to cause ClamAV tocrash, resulting in a [ more… ]