SECURITY – 페이지 1051 – 지락문화예술공작단

USN-3275-1: OpenJDK 8 vulnerabilities

2017-05-12 KENNETH 0

USN-3275-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-3275-1 11th May, 2017 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details It was discovered that OpenJDK improperly re-used cached NTLMconnections in some situations. A remote attacker could possiblyuse this to cause a Java application to perform actions with thecredentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existedin the Java Cryptography Extension (JCE) component of OpenJDK. Alocal attacker could possibly use this to gain the privileges of aJava application. (CVE-2017-3511) It was discovered that the Java API for XML Processing (JAXP) componentin OpenJDK did not properly enforce size limits when parsing XMLdocuments. An attacker could [ more… ]

USN-3284-1: OpenVPN vulnerabilities

2017-05-12 KENNETH 0

USN-3284-1: OpenVPN vulnerabilities Ubuntu Security Notice USN-3284-1 11th May, 2017 openvpn vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in OpenVPN. Software description openvpn – virtual private network software Details It was discovered that OpenVPN improperly triggered an assert whenreceiving an oversized control packet in some situations. A remoteattacker could use this to cause a denial of service (server or clientcrash). (CVE-2017-7478) It was discovered that OpenVPN improperly triggered an assert when packetids rolled over. An authenticated remote attacker could use this to cause adenial of service (application crash). (CVE-2017-7479) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: openvpn 2.4.0-4ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

RHBA-2017:1223-1: Update to .NET Core 1.0.5

2017-05-10 KENNETH 0

RHBA-2017:1223-1: Update to .NET Core 1.0.5 Red Hat Enterprise Linux: Update to .NET Core 1.0.5 Source: RHBA-2017:1223-1: Update to .NET Core 1.0.5

RHBA-2017:1224-1: Update to .NET Core 1.1.2

2017-05-10 KENNETH 0

RHBA-2017:1224-1: Update to .NET Core 1.1.2 Red Hat Enterprise Linux: Update to .NET Core 1.1.2 Source: RHBA-2017:1224-1: Update to .NET Core 1.1.2

RHSA-2017:1220-1: Moderate: java-1.8.0-ibm security update

2017-05-10 KENNETH 0

RHSA-2017:1220-1: Moderate: java-1.8.0-ibm security update Red Hat Enterprise Linux: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 Source: RHSA-2017:1220-1: Moderate: java-1.8.0-ibm security update