SECURITY

No Image

USN-3869-1: Subversion vulnerability

2019-01-24 KENNETH 0

USN-3869-1: Subversion vulnerability subversion vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary Subversion could be made to crash if it received a specially crafted input. Software Description subversion – Advanced version control system Details Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libapache2-mod-svn – 1.10.0-2ubuntu2.1 libsvn1 – 1.10.0-2ubuntu2.1 subversion – 1.10.0-2ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-11803 Source: USN-3869-1: Subversion vulnerability

No Image

USN-3867-1: MySQL vulnerabilities

2019-01-24 KENNETH 0

USN-3867-1: MySQL vulnerabilities mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 mysql-server-5.7 – 5.7.25-0ubuntu0.18.10.2 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.18.04.2 Ubuntu 16.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.16.04.2 To update your system, please follow these [ more… ]

Microsoft’s Cyber Defense Operations Center shares best practices

2019-01-24 KENNETH 0

Microsoft’s Cyber Defense Operations Center shares best practices Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state of cybersecurity challenges today, we see the same types of attacks, but the sophistication and scope of each attack continues to grow and evolve. Add to these the threats of nation-state actors seeking to disrupt operations, conduct intelligence gathering, or generally undermine trust. You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats. Like many companies, Microsoft takes technical dependencies upon a shared infrastructure, multiple teams, [ more… ]

No Image

USN-3866-1: Ghostscript vulnerability

2019-01-24 KENNETH 0

USN-3866-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.4 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.4 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.4 libgs9 [ more… ]

No Image

USN-3707-2: NTP vulnerabilities

2019-01-23 KENNETH 0

USN-3707-2: NTP vulnerabilities ntp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in NTP. Software Description ntp – Network Time Protocol daemon and utility programs Details USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7427, CVE-2016-7428) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or [ more… ]