SECURITY – 페이지 937 – 지락문화예술공작단

USN-3416-1: Thunderbird vulnerabilities

2017-09-15 KENNETH 0

USN-3416-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3416-1 14th September, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing context,an attacker could potentially exploit these to bypass same-originrestrictions, bypass CSP restrictions, obtain sensitive information, spoofthe origin of modal alerts, cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779,CVE-2017-7784, CVE-2017-7785, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807,CVE-2017-7809) A buffer overflow was discovered when displaying SVG content in somecircumstances. If a user were tricked in to opening a specially craftedmessage, an attacker could potentially exploit [ more… ]

RHEA-2017:2737-1: Red Hat Enterprise Virtualization Manager 3.6.12

2017-09-15 KENNETH 0

RHEA-2017:2737-1: Red Hat Enterprise Virtualization Manager 3.6.12 Red Hat Enterprise Linux: Updated RFEs packages that fix several bugs and add various enhancements are now available. Source: RHEA-2017:2737-1: Red Hat Enterprise Virtualization Manager 3.6.12

USN-3417-1: Libgcrypt vulnerability

2017-09-15 KENNETH 0

USN-3417-1: Libgcrypt vulnerability Ubuntu Security Notice USN-3417-1 14th September, 2017 libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt20 – LGPL Crypto library Details Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt wassusceptible to an attack via side channels. A local attacker could use thisattack to recover Curve25519 private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libgcrypt20 1.7.6-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-0379 Source: USN-3417-1: Libgcrypt vulnerability

RHSA-2017:2731-1: Important: kernel security and bug fix update

2017-09-14 KENNETH 0

RHSA-2017:2731-1: Important: kernel security and bug fix update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-1000251 Source: RHSA-2017:2731-1: Important: kernel security and bug fix update

RHSA-2017:2732-1: Important: kernel security and bug fix update

2017-09-14 KENNETH 0

RHSA-2017:2732-1: Important: kernel security and bug fix update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-1000251, CVE-2017-7895 Source: RHSA-2017:2732-1: Important: kernel security and bug fix update