Articles by KENNETH

USN-3434-2: Libidn vulnerability Ubuntu Security Notice USN-3434-2 23rd October, 2017 libidn vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Libidn could be made to crash or run programs if it processed specially crafted input. Software description libidn – implementation of IETF IDN specifications Details USN-3434-1 fixed a vulnerability in Libidn. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libidn11 1.23-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3441-2: curl vulnerabilities Ubuntu Security Notice USN-3441-2 23rd October, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details USN-3441-1 fixed several vulnerabilities in curl. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian [ more… ]