지락문화예술공작단

USN-4089-1: Rack vulnerability ruby-rack vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Rack could allow cross-site scripting (XSS) attacks. Software Description ruby-rack – modular Ruby webserver interface Details It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS ruby-rack – 1.6.4-4ubuntu0.1 Ubuntu 16.04 LTS ruby-rack – 1.6.4-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-16471 Source: USN-4089-1: Rack vulnerability

USN-4088-1: PHP vulnerability php5 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary PHP could be made to denial of service, expose sensitive information or execute arbitrary code if it received a specially crafted regular expression. Software Description php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain regular expressions. An attacker could possibly use this issue to expose sensitive information, cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm4 php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm4 php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm4 php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm4 php5-xmlrpc – 5.5.9+dfsg-1ubuntu4.29+esm4 Ubuntu 12.04 ESM libapache2-mod-php5 – 5.3.10-1ubuntu3.38 php5-cgi – 5.3.10-1ubuntu3.38 php5-cli – 5.3.10-1ubuntu3.38 php5-fpm – 5.3.10-1ubuntu3.38 php5-xmlrpc – 5.3.10-1ubuntu3.38 To update your [ more… ]