SECURITY – 페이지 949 – 지락문화예술공작단

USN-3408-1: Liblouis vulnerabilities

2017-09-05 KENNETH 0

USN-3408-1: Liblouis vulnerabilities Ubuntu Security Notice USN-3408-1 4th September, 2017 liblouis vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Liblouis. Software description liblouis – Braille translation library – utilities Details It was discovered that an illegal address access can be made inLiblouis. A remote attacker can take advantange of this toaccess sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytesout-of-bounds write in Liblouis. A remote attacker can use this todenial of service or remote code execution. (CVE-2017-13739) It was discovered a stack-based buffer overflow in Liblouis. A remoteattacker can use this to denial of service or possibly unspecified otherimpact. (CVE-2017-13740, CVE-2017-13742) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

RHEA-2017:2564-1: Red Hat Satellite 5.8 cdn-sync-mappings enhancement update

2017-09-01 KENNETH 0

RHEA-2017:2564-1: Red Hat Satellite 5.8 cdn-sync-mappings enhancement update RHN Satellite and Proxy: An updated cdn-sync-mappings package that makes Red Hat Enterprise Linux 7.4 content available to Red Hat Satellite 5.8 is now available. Source: RHEA-2017:2564-1: Red Hat Satellite 5.8 cdn-sync-mappings enhancement update

RHSA-2017:2563-1: Moderate: openssh security update

2017-08-31 KENNETH 0

RHSA-2017:2563-1: Moderate: openssh security update Red Hat Enterprise Linux: An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-6210 Source: RHSA-2017:2563-1: Moderate: openssh security update

RHSA-2017:2561-1: Low: Red Hat Enterprise Virtualization 3.x – 30 Day End Of Life Notice

2017-08-31 KENNETH 0

RHSA-2017:2561-1: Low: Red Hat Enterprise Virtualization 3.x – 30 Day End Of Life Notice This is the 30 day notification for the End of Production Phase 2 of Red Hat Enterprise Virtualization 3.x. Source: RHSA-2017:2561-1: Low: Red Hat Enterprise Virtualization 3.x – 30 Day End Of Life Notice

USN-3407-1: PyJWT vulnerability

2017-08-31 KENNETH 0

USN-3407-1: PyJWT vulnerability Ubuntu Security Notice USN-3407-1 30th August, 2017 pyjwt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary PyJWT could be made to crash if it received specially crafted input. Software description pyjwt – Python implementation of JSON Web Token Details It was discovered that a vulnerability in PyJWT doesn't checkinvalid_strings properly for some public keys. A remote attackercould take advantage of a key confusion to craft JWTs from scratch. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: python-jwt 1.4.2-1ubuntu0.1 python3-jwt 1.4.2-1ubuntu0.1 Ubuntu 16.04 LTS: python-jwt 1.3.0-1ubuntu0.1 python3-jwt 1.3.0-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-11424 Source: USN-3407-1: PyJWT vulnerability