지락문화예술공작단

USN-2950-1: Samba vulnerabilities Ubuntu Security Notice USN-2950-1 18th April, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Jouni Knuutinen discovered that Samba contained multiple flaws in theDCE/RPC implementation. A remote attacker could use this issue to performa denial of service, downgrade secure connections by performing a man inthe middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in theNTLMSSP authentication implementation. A remote attacker could use thisissue to downgrade connections to plain text by performing a man in themiddle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish asecure connection to a server with a [ more… ]

USN-2951-1: OptiPNG vulnerabilities Ubuntu Security Notice USN-2951-1 18th April, 2016 optipng vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. Software description optipng – advanced PNG (Portable Network Graphics) optimizer Details Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remoteattacker could use this issue with a specially crafted image file to causeOptiPNG to crash, resulting in a denial of service. (CVE-2015-7801) Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remoteattacker could use this issue with a specially crafted image file to causeOptiPNG to crash, resulting in a denial of service. (CVE-2015-7802) Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. Aremote attacker could use this issue with [ more… ]