SECURITY

No Image

USN-3837-1: poppler vulnerabilities

2018-12-04 KENNETH 0

USN-3837-1: poppler vulnerabilities poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in poppler. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-19149) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpoppler79 – 0.68.0-0ubuntu1.2 poppler-utils – 0.68.0-0ubuntu1.2 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.4 poppler-utils – 0.62.0-2ubuntu2.4 Ubuntu 16.04 [ more… ]

No Image

USN-3836-2: Linux kernel (HWE) vulnerabilities

2018-12-04 KENNETH 0

USN-3836-2: Linux kernel (HWE) vulnerabilities linux-hwe, linux-gcp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from [ more… ]

No Image

RHSA-2018:3761-1: Important: ghostscript security and bug fix update

2018-12-04 KENNETH 0

RHSA-2018:3761-1: Important: ghostscript security and bug fix update Red Hat Enterprise Linux: An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-16863 Source: RHSA-2018:3761-1: Important: ghostscript security and bug fix update

No Image

RHSA-2018:3760-1: Important: ghostscript security update

2018-12-04 KENNETH 0

RHSA-2018:3760-1: Important: ghostscript security update Red Hat Enterprise Linux: An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-16509 Source: RHSA-2018:3760-1: Important: ghostscript security update

No Image

USN-3836-1: Linux kernel vulnerabilities

2018-12-04 KENNETH 0

USN-3836-1: Linux kernel vulnerabilities linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559) [ more… ]