지락문화예술공작단

USN-3301-1: strongSwan vulnerabilities Ubuntu Security Notice USN-3301-1 30th May, 2017 strongswan vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary strongSwan could be made to crash or hang if it received specially crafted network traffic. Software description strongswan – IPsec VPN solution Details It was discovered that the strongSwan gmp plugin incorrectly validated RSApublic keys. A remote attacker could use this issue to cause strongSwan tocrash, resulting in a denial of service. (CVE-2017-9022) It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. Aremote attacker could use this issue to cause strongSwan to hang, resultingin a denial of service. (CVE-2017-9023) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libstrongswan 5.5.1-1ubuntu3.1 strongswan 5.5.1-1ubuntu3.1 Ubuntu 16.10: strongswan 5.3.5-1ubuntu4.3 [ more… ]

USN-3302-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3302-1 30th May, 2017 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libmagick++-6.q16-7 8:6.9.7.4+dfsg-3ubuntu1.1 imagemagick 8:6.9.7.4+dfsg-3ubuntu1.1 imagemagick-6.q16 8:6.9.7.4+dfsg-3ubuntu1.1 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-3ubuntu1.1 libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-3ubuntu1.1 Ubuntu 16.10: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.6 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.6 imagemagick 8:6.8.9.9-7ubuntu8.6 imagemagick-6.q16 8:6.8.9.9-7ubuntu8.6 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.6 Ubuntu 16.04 [ more… ]

USN-3303-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3303-1 30th May, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libwebkit2gtk-4.0-37 2.16.3-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.16.3-0ubuntu0.17.04.1 Ubuntu 16.10: libwebkit2gtk-4.0-37 2.16.3-0ubuntu0.16.10.1 libjavascriptcoregtk-4.0-18 2.16.3-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.16.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.16.3-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3212-2: LibTIFF regression Ubuntu Security Notice USN-3212-2 30th May, 2017 tiff regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3212-1 caused a regression in LibTIFF. Software description tiff – Tag Image File Format (TIFF) library Details USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of thesecurity patches were misapplied, which caused a regression when processingcertain images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following [ more… ]