SECURITY

No Image

USN-4040-1: Expat vulnerability

2019-06-27 KENNETH 0

USN-4040-1: Expat vulnerability expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Expat could be made to consume a high amount of RAM and CPU resources if it received a specially crafted XML file. Software Description expat – XML parsing C library Details It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libexpat1 – 2.2.6-1ubuntu0.19.04 Ubuntu 18.10 libexpat1 – 2.2.6-1ubuntu0.18.10 Ubuntu 18.04 LTS libexpat1 – 2.2.5-3ubuntu0.1 Ubuntu 16.04 LTS lib64expat1 – 2.1.0-7ubuntu0.16.04.4 libexpat1 – 2.1.0-7ubuntu0.16.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

No Image

USN-4038-2: bzip2 vulnerabilities

2019-06-26 KENNETH 0

USN-4038-2: bzip2 vulnerabilities bzip2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bzip2 – 1.0.6-5ubuntu0.1~esm1 lib32bz2-1.0 – 1.0.6-5ubuntu0.1~esm1 lib64bz2-1.0 – 1.0.6-5ubuntu0.1~esm1 libbz2-1.0 – 1.0.6-5ubuntu0.1~esm1 Ubuntu [ more… ]

No Image

USN-4038-1: bzip2 vulnerabilities

2019-06-26 KENNETH 0

USN-4038-1: bzip2 vulnerabilities bzip2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 bzip2 – 1.0.6-9ubuntu0.19.04 libbz2-1.0 – 1.0.6-9ubuntu0.19.04 Ubuntu 18.10 bzip2 – 1.0.6-9ubuntu0.18.10 libbz2-1.0 – 1.0.6-9ubuntu0.18.10 Ubuntu 18.04 LTS bzip2 – 1.0.6-8.1ubuntu0.1 libbz2-1.0 – 1.0.6-8.1ubuntu0.1 Ubuntu 16.04 LTS [ more… ]

No Image

Inside the MSRC – Customer-centric incident response

2019-06-26 KENNETH 0

Inside the MSRC – Customer-centric incident response The Microsoft Security Response Center (MSRC) is an integral part of Microsoft’s Cyber Defense Operations Center (CDOC) that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24×7, the CDOC has direct access to thousands of security professionals, data scientists, and … Inside the MSRC – Customer-centric incident response Read More » Source: Inside the MSRC – Customer-centric incident response

No Image

USN-4037-1: policykit-desktop-privileges update

2019-06-25 KENNETH 0

USN-4037-1: policykit-desktop-privileges update policykit-desktop-privileges update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary A security improvement has been made to policykit-desktop-privileges. Software Description policykit-desktop-privileges – run common desktop actions without password Details The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 policykit-desktop-privileges – 0.20ubuntu19.04.1 Ubuntu 18.10 policykit-desktop-privileges – 0.20ubuntu18.10.1 Ubuntu 18.04 LTS policykit-desktop-privileges – 0.20ubuntu18.04.1 Ubuntu 16.04 LTS policykit-desktop-privileges – 0.20ubuntu16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1832337 Source: USN-4037-1: policykit-desktop-privileges update