Articles by KENNETH

USN-3493-1: Exim vulnerability Ubuntu Security Notice USN-3493-1 27th November, 2017 exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Summary Exim could be made to crash or run programs if it received specially crafted network traffic. Software description exim4 – Exim is a mail transport agent Details It was discovered that Exim incorrectly handled memory in the ESMTPCHUNKING extension. A remote attacker could use this issue to cause Exim tocrash, resulting in a denial of service, or possibly execute arbitrarycode. The default compiler options for affected releases should reduce thevulnerability to a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: exim4-daemon-heavy 4.89-5ubuntu1.1 exim4-daemon-light 4.89-5ubuntu1.1 Ubuntu 17.04: exim4-daemon-heavy 4.88-5ubuntu1.2 exim4-daemon-light 4.88-5ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3494-1: XML::LibXML vulnerability Ubuntu Security Notice USN-3494-1 27th November, 2017 libxml-libxml-perl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary XML::LibXML could be made to crash or run programs if it processed specially crafted input. Software description libxml-libxml-perl – Perl interface to the libxml2 library Details It was discovered that XML::LibXML incorrectly handled memory whenprocessing a replaceChild call. A remote attacker could possibly use thisissue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libxml-libxml-perl 2.0128+dfsg-3ubuntu0.1 Ubuntu 17.04: libxml-libxml-perl 2.0128+dfsg-1ubuntu0.1 Ubuntu 16.04 LTS: libxml-libxml-perl 2.0123+dfsg-1ubuntu0.1 Ubuntu 14.04 LTS: libxml-libxml-perl 2.0108+dfsg-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-10672 [ more… ]

USN-3495-1: OptiPNG vulnerability Ubuntu Security Notice USN-3495-1 27th November, 2017 optipng vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. Software description optipng – advanced PNG (Portable Network Graphics) optimizer Details It was discovered that OptiPNG incorrectly handled memory. A remoteattacker could use this issue with a specially crafted image file to causeOptiPNG to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: optipng 0.7.6-1ubuntu0.17.10.1 Ubuntu 17.04: optipng 0.7.6-1ubuntu0.17.04.1 Ubuntu 16.04 LTS: optipng 0.7.6-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: optipng 0.6.4-1ubuntu0.14.04.2 To update your system, please follow these instructions: [ more… ]