Articles by KENNETH

USN-3267-1: Samba vulnerability Ubuntu Security Notice USN-3267-1 25th April, 2017 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details Jann Horn discovered that Samba incorrectly handled symlinks. Anauthenticated remote attacker could use this issue to access files on theserver outside of the exported directories. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: samba 2:4.5.8+dfsg-0ubuntu0.17.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges. References CVE-2017-2619 Source: USN-3267-1: Samba vulnerability

USN-3268-1: QEMU vulnerabilities Ubuntu Security Notice USN-3268-1 25th April, 2017 qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer Details Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPUdevice. An attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. (CVE-2016-10028) It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. Aprivileged attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. (CVE-2016-8667) Jann Horn discovered that QEMU incorrectly handled VirtFS directorysharing. A privileged attacker inside the guest could use this issue toaccess files on the host file system outside of the shared directory andpossibly escalate their privileges. In the [ more… ]