Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-3393-2: ClamAV vulnerabilities

2017-08-18 KENNETH 0

USN-3393-2: ClamAV vulnerabilities Ubuntu Security Notice USN-3393-2 17th August, 2017 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in ClamAV. Software description clamav – Anti-virus utility for Unix Details USN-3393-1 fixed several vulnerabilities in ClamAV. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. In the default installation, attackers would be [ more… ]

No Image

USN-3394-1: libmspack vulnerabilities

2017-08-18 KENNETH 0

USN-3394-1: libmspack vulnerabilities Ubuntu Security Notice USN-3394-1 17th August, 2017 libmspack vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in libmspack. Software description libmspack – library for Microsoft compression formats Details It was discovered that libmspack incorrectly handled certain malformed CHMfiles. A remote attacker could use this issue to cause libmspack to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-6419) It was discovered that libmspack incorrectly handled certain malformed CABfiles. A remote attacker could use this issue to cause libmspack to crash,resulting in a denial of service. (CVE-2017-6419) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libmspack0 0.5-1ubuntu0.17.04.1 Ubuntu 16.04 LTS: libmspack0 0.5-1ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

No Image

USN-3395-1: c-ares vulnerability

2017-08-18 KENNETH 0

USN-3395-1: c-ares vulnerability Ubuntu Security Notice USN-3395-1 17th August, 2017 c-ares vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary c-ares could be made to crash if it received specially crafted network traffic. Software description c-ares – library for asynchronous name resolution Details It was discovered that c-ares incorrectly handled certain NAPTR responses.A remote attacker could possibly use this issue to cause applications usingc-ares to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libc-ares2 1.12.0-1ubuntu0.1 Ubuntu 16.04 LTS: libc-ares2 1.10.0-3ubuntu0.2 Ubuntu 14.04 LTS: libc-ares2 1.10.0-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000381 Source: USN-3395-1: c-ares [ more… ]

No Image

nginx.conf 2017: Speakers and Sessions Are Ready!

2017-08-18 KENNETH 0

nginx.conf 2017: Speakers and Sessions Are Ready! All the speakers and sessions for nginx.conf 2017 are ready to go. We have a healthy mix of experienced speakers from the NGINX community, NGINX developers, sales engineers, and senior management, and new faces sharing about brand-new solutions. Check out the nginx.conf 2017 speakers and sessions. We want our strong lineup of speakers to reach as many people in the NGINX community as possible. So we’re offering a 50% discount to make it easy for you to attend. Just enter code NGINXCONF. Highlights include: Trends in Enterprise Application Development, by Rich Sharples of Red Hat. The Business of Open Source (or, how we think about it at CoreOS), by Elsie Phillips of CoreOs. NGINX: Managing Continuous Delivery at Enterprise Scale by Jason Whittington of Equifax. Optimizing Webservers for High Throughput and Low Latency [ more… ]

No Image

USN-3393-1: ClamAV vulnerabilities

2017-08-18 KENNETH 0

USN-3393-1: ClamAV vulnerabilities Ubuntu Security Notice USN-3393-1 17th August, 2017 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled parsing certain e-mailmessages. A remote attacker could possibly use this issue to cause ClamAVto crash, resulting in a denial of service. (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain malformed CHMfiles. A remote attacker could use this issue to cause ClamAV to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 14.04 LTS. In the default installation,attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419) It was discovered that ClamAV incorrectly handled parsing certain PE fileswith WWPack [ more… ]