지락문화예술공작단

USN-3183-1: GnuTLS vulnerabilities Ubuntu Security Notice USN-3183-1 1st February, 2017 gnutls26, gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GnuTLS. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Stefan Buehler discovered that GnuTLS incorrectly verified the seriallength of OCSP responses. A remote attacker could possibly use this issueto bypass certain certificate validation measures. This issue only appliedto Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts.A remote attacker could possibly use this issue to cause GnuTLS to hang,resulting in a denial of service. This issue has only been addressed inUbuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with aProxy [ more… ]

USN-3184-1: Irssi vulnerabilities Ubuntu Security Notice USN-3184-1 1st February, 2017 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Irssi. Software description irssi – terminal based IRC client Details It was discovered that the Irssi buf.pl script set incorrect permissions. Alocal attacker could use this issue to retrieve another user's windowcontents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5193) It was discovered that Irssi incorrectly handled invalid nick messages. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5194) Joseph Bisch discovered [ more… ]