Articles by KENNETH

USN-3279-1: Apache HTTP Server vulnerabilities Ubuntu Security Notice USN-3279-1 9th May, 2017 apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Apache HTTP Server. Software description apache2 – Apache HTTP server Details It was discovered that the Apache mod_session_crypto module was encryptingdata and cookies using either CBC or ECB modes. A remote attacker couldpossibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest moduleincorrectly handled malicious input. A remote attacker could possibly usethis issue to cause Apache to crash, resulting in a denial of service.(CVE-2016-2161) David Dennerline and Régis Leroy discovered that the Apache HTTP Serverincorrectly handled unusual whitespace when parsing requests, contrary tospecifications. When being used in combination with a proxy or backendserver, [ more… ]

USN-3280-1: Apache Batik vulnerability Ubuntu Security Notice USN-3280-1 9th May, 2017 batik vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Apache Batik would allow unintended access to files over the network or could be made to crash. Software description batik – SVG Library Details Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectlyhandled XML external entities. A remote attacker could possibly use thisissue to obtain sensitive files from the filesystem, or cause a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-5662 Source: USN-3280-1: Apache Batik vulnerability

USN-3281-1: Apache Fop vulnerability Ubuntu Security Notice USN-3281-1 9th May, 2017 fop vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Apache Fop would allow unintended access to files over the network or could be made to crash. Software description fop – XML formatter Details Pierre Ernst discovered that Apache Fop incorrectly handled XML externalentities. A remote attacker could possibly use this issue to obtainsensitive files from the filesystem, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libfop-java 1:1.1.dfsg-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-5661 Source: USN-3281-1: Apache Fop vulnerability