Articles by KENNETH

USN-3553-1: Ruby vulnerabilities Ubuntu Security Notice USN-3553-1 31st January, 2018 ruby2.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in Ruby. Software description ruby2.3 – Interpreter of object-oriented scripting language Ruby Details It was discovered that Ruby failed to validate specification names.An attacker could possibly use a maliciously crafted gem to potentiallyoverwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.An attacker could use this to possibly force the RubyGems client to downloadand install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker coulduse this to possibly execute arbitrary code. (CVE-2017-0903) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3551-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3551-1 30th January, 2018 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details Multiple security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit these to cause adenial of service, spoof the user interface, or execute arbitrary code.(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.6-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.6-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.6-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]