RHBA-2016:0267-1: python-oslo-messaging bug fix advisory Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Source: RHBA-2016:0267-1: python-oslo-messaging bug fix advisory
RHSA-2016:0258-1: Important: thunderbird security update Red Hat Enterprise Linux: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2016-1930, CVE-2016-1935 Source: RHSA-2016:0258-1: Important: thunderbird security update
출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=24023 □ 개요 o 구글 온라인 시큐리티 연구팀에서는 리눅스 GNU C 라이브러리(glibc)에서 원격코드 실행이 가능한 취약점(CVE-2015-7547)을 발견함 ※ CVE-2015-7547는 glibc의 getaddrinfo 함수에서 발생하는 버퍼오버플로우 취약점 o 낮은 버전 사용자는 시스템 임의코드 실행 등에 취약할 수 있으므로 해결방안에 따라 최신버전으로 업데이트 권고 □ 해당 시스템 o 영향을 받는 시스템 – GNU glibc 2.9 이후 버전을 사용하는 시스템 □ 해결 방안 o 해당 취약점에 대한 보안업데이트가 공개된 OS를 운영하고 있을 경우, 참고사이트의 내용을 참조하여 보안업데이트 수행 – CentOS [1] – Debian [2] – Redhat [3] – Ubuntu [4] – Suse [5] □ 용어 설명 o GNU C 라이브러리(glibc) : 리눅스 계열 운영체제에서 C언어로 작성된 실행파일들이 동작하기 위해 공통적으로 사용하는 기능을 쉽게 이용할 수 있도록 묶어 놓은 소프트웨어 집합 □ 기타 문의사항 o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118 [참고사이트] [1] https://www.centos.org/forums/viewforum.php?f=17 [2] https://security-tracker.debian.org/tracker/CVE-2015-7547 [3] https://access.redhat.com/security/cve/cve-2015-7547 [4] http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html [5] https://www.suse.com/security/cve/CVE-2015-7547.html
USN-2903-1: NSS vulnerability Ubuntu Security Notice USN-2903-1 17th February, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to expose sensitive information. Software description nss – Network Security Service library Details Hanno Böck discovered that NSS incorrectly handled certain divisionfunctions, possibly leading to cryptographic weaknesses. (CVE-2015-1938) This update also refreshes the NSS package to version 3.21 which includesthe latest CA certificate bundle, and removes the SPI CA. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.21-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libnss3 2:3.21-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: libnss3 2:3.21-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bugfixes. After a standard system update [ more… ]
USN-2902-1: graphite2 vulnerabilities Ubuntu Security Notice USN-2902-1 17th February, 2016 graphite2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. Software description graphite2 – Font rendering engine for Complex Scripts Details Yves Younan discovered that graphite2 incorrectly handled certain malformedfonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to causegraphite2 to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgraphite2-3 1.2.4-3ubuntu1.1 Ubuntu 14.04 LTS: libgraphite2-3 1.2.4-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]
Copyright © 2024 | WordPress Theme by MH Themes
