지락문화예술공작단

USN-3561-1: libvirt update Ubuntu Security Notice USN-3561-1 7th February, 2018 libvirt update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Spectre mitigations were added to libvirt. Software description libvirt – Libvirt virtualization toolkit Details It was discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. An attacker in the guest could usethis to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcodeupdates to guests. On amd64 and i386, new CPU models that match the updatedmicrocode features were added with an -IBRS suffix. Certain environmentswill require guests to be switched manually to the new CPU models aftermicrocode updates have been applied to the host. Update instructions The [ more… ]

USN-3559-1: Django vulnerabilities Ubuntu Security Notice USN-3559-1 7th February, 2018 python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in Django. Software description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled certain requests.An attacker could possibly use this to access sensitive information.(CVE-2017-12794, CVE-2018-6188) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: python3-django 1:1.11.4-1ubuntu1.1 python-django 1:1.11.4-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-12794, CVE-2018-6188 Source: USN-3559-1: Django vulnerabilities