지락문화예술공작단

USN-3119-1: Bind vulnerability Ubuntu Security Notice USN-3119-1 1st November, 2016 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details Tony Finch and Marco Davids discovered that Bind incorrectly handledcertain responses containing a DNAME answer. A remote attacker couldpossibly use this issue to cause Bind to crash, resulting in a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3115-1: Django vulnerabilities Ubuntu Security Notice USN-3115-1 1st November, 2016 python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Django. Software description python-django – High-level Python web development framework Details Marti Raudsepp discovered that Django incorrectly used a hardcoded passwordwhen running tests on an Oracle database. A remote attacker could possiblyconnect to the database while the tests are running and prevent the testuser with the hardcoded password from being removed. (CVE-2016-9013) Aymeric Augustin discovered that Django incorrectly validated hosts whenbeing run with the debug setting enabled. A remote attacker could possiblyuse this issue to perform DNS rebinding attacks. (CVE-2016-9014) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python3-django [ more… ]

USN-3116-1: DBus vulnerabilities Ubuntu Security Notice USN-3116-1 1st November, 2016 dbus vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in DBus. Software description dbus – simple interprocess messaging system Details It was discovered that DBus incorrectly validated the source ofActivationFailure signals. A local attacker could use this issue to cause adenial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu14.04 LTS. (CVE-2015-0245) It was discovered that DBus incorrectly handled certain format strings. Alocal attacker could use this issue to cause a denial of service, orpossibly execute arbitrary code. This issue is only exposed to unprivilegedusers when the fix for CVE-2015-0245 is not applied, hence this issue isonly likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 [ more… ]