지락문화예술공작단

USN-3452-1: Ceph vulnerabilities Ubuntu Security Notice USN-3452-1 11th October, 2017 ceph vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Ceph. Software description ceph – distributed storage and file system Details It was discovered that Ceph incorrectly handled the handle_commandfunction. A remote authenticated user could use this issue to cause Ceph tocrash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled theauthenticated-read ACL. A remote attacker could possibly use this issue tolist bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objectswith null conditions. A remote attacker could possibly use this issue tocuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Originheaders. A remote attacker [ more… ]

USN-3436-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3436-1 11th October, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing-likecontext, an attacker could potentially exploit these to read uninitializedmemory, bypass phishing and malware protection, conduct cross-sitescripting (XSS) attacks, cause a denial of service via application crash,or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814,CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could potentially exploit this to cause a denial ofservice via application crash, or execute arbitrary code. (CVE-2017-7805) Update instructions The problem can [ more… ]

USN-3443-3: Linux kernel (GCP) vulnerability Ubuntu Security Notice USN-3443-3 11th October, 2017 linux-gcp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems Details Andrey Konovalov discovered that a divide-by-zero error existed in the TCPstack implementation in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-14106) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-gcp 4.10.0.1007.9 linux-image-4.10.0-1007-gcp 4.10.0-1007.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates [ more… ]