SECURITY

No Image

Cisco 제품군 다중 취약점 보안 주의 권고

2016-10-20 KENNETH 0

출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=24647   □ 개요 o Cisco 社는 자사의 제품에 영향을 주는 취약점을 발표 [1] o 공격자는 해당 취약점을 악용하여 인증 우회, 서비스 거부 등의 피해를 발생시킬 수 있으므로 해결방안에 따른 조치 권고 ※ 해당 보안 업데이트 발표 시 재공지 □ 설명 o CVE-2016-6445 : Meeting Server의 XMPP 서비스에서 발생하는 클라이언트 인증 우회 취약점 [2] o CVE-2016-6437 : Wide Area Application Service(WAAS)의 SSL 세션 캐시 관리에서 발생하는 서비스 거부 취약점 [3] o CVE-2016-6440 : Cisco Unified Communications Manager(CUCM)의 웹 페이지에서 발생하는 iframe 데이터 클릭재킹 취약점 [4] o CVE-2016-6443 : Prime Infrastructure와 Evolved Programmable Network Manager에서 발생하는 SQL Injection 취약점 [5] o CVE-2016-6442 : Finesse 소프트웨어에서 발생하는 사이트간 요청 위조(CSRF) 취약점 [6] o CVE-2016-6438 : Cisco IOS XE 소프트웨어에서 동작하는 Cisco-cBR-8 Converged Broadband Router에서 vty line의 환경설정을 변경할 수 있는 취약점 [7] □ 해당 시스템 o 영향을 받는 제품 – 참고 [ more… ]

No Image

USN-3106-3: Linux kernel (Raspberry Pi 2) vulnerability

2016-10-20 KENNETH 0

USN-3106-3: Linux kernel (Raspberry Pi 2) vulnerability Ubuntu Security Notice USN-3106-3 19th October, 2016 linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a race condition existed in the memory manager ofthe Linux kernel when handling copy-on-write breakage of private read-onlymemory mappings. A local attacker could use this to gain administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1029-raspi2 4.4.0-1029.36 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel [ more… ]

No Image

USN-3104-2: Linux kernel (OMAP4) vulnerability

2016-10-20 KENNETH 0

USN-3104-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-3104-2 19th October, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that a race condition existed in the memory manager ofthe Linux kernel when handling copy-on-write breakage of private read-onlymemory mappings. A local attacker could use this to gain administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1491-omap4 3.2.0-1491.118 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a [ more… ]

No Image

USN-3106-2: Linux kernel (Xenial HWE) vulnerability

2016-10-20 KENNETH 0

USN-3106-2: Linux kernel (Xenial HWE) vulnerability Ubuntu Security Notice USN-3106-2 19th October, 2016 linux-lts-xenial vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3106-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that a race condition existed in the memory manager ofthe Linux kernel when handling copy-on-write breakage of private read-onlymemory mappings. A local attacker could use this to gain administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-4.4.0-45-powerpc64-emb 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-powerpc-smp 4.4.0-45.66~14.04.1 linux-image-4.4.0-45-lowlatency 4.4.0-45.66~14.04.1 [ more… ]

No Image

USN-3105-2: Linux kernel (Trusty HWE) vulnerability

2016-10-20 KENNETH 0

USN-3105-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3105-2 19th October, 2016 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3105-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. It was discovered that a race condition existed in the memory manager ofthe Linux kernel when handling copy-on-write breakage of private read-onlymemory mappings. A local attacker could use this to gain administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.13.0-100-generic-lpae 3.13.0-100.147~precise1 linux-image-3.13.0-100-generic 3.13.0-100.147~precise1 To update [ more… ]