RHBA-2016:0353-1: openstack-cinder bug fix advisory Red Hat Enterprise Linux: Updated OpenStack Block Storage packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Source: RHBA-2016:0353-1: openstack-cinder bug fix advisory
RHSA-2016:0354-1: Low: openstack-glance security update Red Hat Enterprise Linux: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2016-0757 Source: RHSA-2016:0354-1: Low: openstack-glance security update
USN-2919-1: JasPer vulnerabilities Ubuntu Security Notice USN-2919-1 3rd March, 2016 jasper vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in JasPer. Software description jasper – Library for manipulating JPEG-2000 files Details Jacob Baines discovered that JasPer incorrectly handled ICC color profilesin JPEG-2000 image files. If a user were tricked into opening a speciallycrafted JPEG-2000 image file, a remote attacker could cause JasPer tocrash or possibly execute arbitrary code with user privileges.(CVE-2016-1577) Tyler Hicks discovered that JasPer incorrectly handled memory whenprocessing JPEG-2000 image files. If a user were tricked into opening aspecially crafted JPEG-2000 image file, a remote attacker could causeJasPer to consume memory, resulting in a denial of service.(CVE-2016-2116) Update instructions The problem can be corrected by updating your system to the [ more… ]
USN-2918-1: pixman vulnerability Ubuntu Security Notice USN-2918-1 3rd March, 2016 pixman vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary pixman could be made to crash or run programs as your login if it processed specially crafted data. Software description pixman – pixel-manipulation library for X and cairo Details Vincent LE GARREC discovered an integer underflow in pixman. If a user weretricked into opening a specially crafted file, a remote attacker couldcause pixman to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libpixman-1-0 0.30.2-2ubuntu1.1 Ubuntu 12.04 LTS: libpixman-1-0 0.30.2-1ubuntu0.0.0.0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your [ more… ]
출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=24083 OpenSSL 긴급 보안 업데이트 □ 개요 o 3월 1일(현지시간) 오픈SSL은 SSLv2 규격(Protocol)에 대한 긴급 업데이트 발표[1] o SSL 취약점을 이용한 신종 공격 방식인 DROWN, CacheBleed에 대한 보안 업데이트 등 – DROWN(Decrypting RSA with Obsolete and Weakened eNcryption) – CacheBleed: 인텔 프로세서의 Cache-bank 충돌로 인한 정보 노출을 이용한 부채널 공격 □ 영향 받는 사용자 – OpenSSL 1.0.2 이전 버전 사용자: 1.0.2g로 업데이트 – OpenSSL 1.0.1 이전 버전 사용자: 1.0.1s로 업데이트 □ 업데이트 내용 o SSLv2 프로토콜 비활성화 기본 설정 및 SSLv2 EXPORT 암호화 제거 등 □ 취약점 내용 및 권고 사항 o DROWN: 낡고 취약한 암호화를 통한 RSA 복호화 – RSA(Rivest Shamir Adleman): 공개키 암호화 알고리즘의 하나 CVEs 심각도 내용 비고 CVE-2016-0800 높음 SSLv2를 이용한 TLS에 대한 프로토콜 간 공격 DROWN CVE-2016-0705 낮음 DFB, 발생 빈도 낮음 CVE-2016-0798 낮음 SRP 데이터베이스에서의 메모리 누수 CVE-2016-0797 낮음 널 포인터 역참조 및 힙 커럽션 [ more… ]
Copyright © 2026 | WordPress Theme by MH Themes
