지락문화예술공작단

USN-4246-1: zlib vulnerabilities zlib vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in zlib Software Description zlib – Lossless data-compression library Details It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that zlib incorrectly handled vectors involving big-endian CRC calculation. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843) [ more… ]

USN-4248-1: GraphicsMagick vulnerabilities graphicsmagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in GraphicsMagick. Software Description graphicsmagick – collection of image processing tools Details It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS graphicsmagick – 1.3.23-1ubuntu0.5 libgraphicsmagick++-q16-12 – 1.3.23-1ubuntu0.5 libgraphicsmagick-q16-3 – 1.3.23-1ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-16545 CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 CVE-2017-17783 Source: USN-4248-1: GraphicsMagick vulnerabilities

USN-4247-1: python-apt vulnerabilities python-apt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in python-apt. Software Description python-apt – Python interface to libapt-pkg Details It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-apt – 1.9.0ubuntu1.2 python3-apt – 1.9.0ubuntu1.2 Ubuntu 19.04 python-apt – 1.8.5~ubuntu0.2 python3-apt – 1.8.5~ubuntu0.2 Ubuntu 18.04 LTS python-apt – 1.6.5ubuntu0.1 python3-apt – 1.6.5ubuntu0.1 Ubuntu 16.04 LTS python-apt [ more… ]