지락문화예술공작단

USN-3262-1: curl vulnerability Ubuntu Security Notice USN-3262-1 20th April, 2017 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Applications using curl could allow unintended access over the network. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details It was discovered that curl incorrectly handled client certificates whenresuming a TLS session. A remote attacker could use this to hijack apreviously authenticated connection. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libcurl3-nss 7.52.1-4ubuntu1.1 curl 7.52.1-4ubuntu1.1 libcurl3-gnutls 7.52.1-4ubuntu1.1 libcurl3 7.52.1-4ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-7468 Source: USN-3262-1: curl vulnerability

USN-3261-1: QEMU vulnerabilities Ubuntu Security Notice USN-3261-1 20th April, 2017 qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer Details Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPUdevice. An attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. This issue only affected Ubuntu16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029) Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. Aprivileged attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. (CVE-2016-10155) Li Qiang discovered that QEMU incorrectly handled the i.MX Fast EthernetController. A privileged attacker inside the guest could use this issue tocause [ more… ]