SECURITY – 페이지 940 – 지락문화예술공작단

USN-3414-1: QEMU vulnerabilities

2017-09-13 KENNETH 0

USN-3414-1: QEMU vulnerabilities Ubuntu Security Notice USN-3414-1 13th September, 2017 qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer Details Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control.A guest attacker could use this issue to elevate privileges inside theguest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.A privileged attacker inside the guest could use this issue to cause QEMUto consume resources or crash, resulting in a denial of service.(CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 HostBus Adapter emulation support. A privileged attacker inside the guest coulduse this issue to cause QEMU to crash, resulting in a denial of service, orpossibly to obtain sensitive [ more… ]

RHSA-2017:2702-1: Critical: flash-plugin security update

2017-09-13 KENNETH 0

RHSA-2017:2702-1: Critical: flash-plugin security update Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-11281, CVE-2017-11282 Source: RHSA-2017:2702-1: Critical: flash-plugin security update

USN-3413-1: BlueZ vulnerability

2017-09-13 KENNETH 0

USN-3413-1: BlueZ vulnerability Ubuntu Security Notice USN-3413-1 12th September, 2017 bluez vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary BlueZ could be made to expose sensitive information over bluetooth. Software description bluez – Bluetooth tools and daemons Details It was discovered that an information disclosure vulnerability existedin the Service Discovery Protocol (SDP) implementation in BlueZ. Aphysically proximate unauthenticated attacker could use this todisclose sensitive information. (CVE-2017-1000250) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libbluetooth3 5.43-0ubuntu1.1 bluez 5.43-0ubuntu1.1 Ubuntu 16.04 LTS: libbluetooth3 5.37-0ubuntu5.1 bluez 5.37-0ubuntu5.1 Ubuntu 14.04 LTS: libbluetooth3 4.101-0ubuntu13.3 bluez 4.101-0ubuntu13.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-1000250 Source: USN-3413-1: [ more… ]

RHBA-2017:2690-1: openstack-neutron bug fix advisory

2017-09-13 KENNETH 0

RHBA-2017:2690-1: openstack-neutron bug fix advisory Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now available for Red Hat OpenStack Platform 8.0 (Liberty) for RHEL 7. Source: RHBA-2017:2690-1: openstack-neutron bug fix advisory

RHBA-2017:2691-1: openstack-packstack and openstack-puppet-modules bug fix advisory

2017-09-13 KENNETH 0

RHBA-2017:2691-1: openstack-packstack and openstack-puppet-modules bug fix advisory Red Hat Enterprise Linux: Updated Installation utility packages that resolve various issues are now available for Red Hat OpenStack Platform 8.0 (Liberty) for RHEL 7. Source: RHBA-2017:2691-1: openstack-packstack and openstack-puppet-modules bug fix advisory