지락문화예술공작단

USN-3271-1: Libxslt vulnerabilities Ubuntu Security Notice USN-3271-1 27th April, 2017 libxslt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Libxslt. Software description libxslt – XSLT processing library Details Holger Fuhrmannek discovered an integer overflow in thexsltAddTextString() function in Libxslt. An attacker could usethis to craft a malicious document that, when opened, could cause adenial of service (application crash) or possible execute arbitrarycode. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespacenodes. An attacker could use this to craft a malicious document that,when opened, could cause a denial of service (application crash)or possibly execute arbtrary code. This issue only affected Ubuntu16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in [ more… ]

USN-3270-1: NSS vulnerabilities Ubuntu Security Notice USN-3270-1 27th April, 2017 nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in NSS. Software description nss – Network Security Service library Details Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DESciphers were vulnerable to birthday attacks. A remote attacker couldpossibly use this flaw to obtain clear text data from long encryptedsessions. This update causes NSS to limit use of the same symmetric key.(CVE-2016-2183) It was discovered that NSS incorrectly handled Base64 decoding. A remoteattacker could use this flaw to cause NSS to crash, resulting in a denialof service, or possibly execute arbitrary code. (CVE-2017-5461) This update refreshes the NSS package to version 3.28.4 which includesthe latest CA certificate bundle. [ more… ]