You are here

Hírolvasó

USN-3586-1: DHCP vulnerabilities

Ubuntu security notices - 2018.03.01, cs - 21:24
Ubuntu Security Notice USN-3586-1

1st March, 2018

isc-dhcp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in DHCP.

Software description
  • isc-dhcp - DHCP server and client
Details

Konstantin Orekhov discovered that the DHCP server incorrectly handled a
large number of concurrent TCP sessions. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774)

It was discovered that the DHCP server incorrectly handled socket
descriptors. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-3144)

Felix Wilhelm discovered that the DHCP client incorrectly handled certain
malformed responses. A remote attacker could use this issue to cause the
DHCP client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated by
the dhclient AppArmor profile. (CVE-2018-5732)

Felix Wilhelm discovered that the DHCP server incorrectly handled reference
counting. A remote attacker could possibly use this issue to cause the DHCP
server to crash, resulting in a denial of service. (CVE-2018-5733)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
isc-dhcp-server 4.3.5-3ubuntu2.2
isc-dhcp-relay 4.3.5-3ubuntu2.2
isc-dhcp-client 4.3.5-3ubuntu2.2
isc-dhcp-server-ldap 4.3.5-3ubuntu2.2
Ubuntu 16.04 LTS:
isc-dhcp-server 4.3.3-5ubuntu12.9
isc-dhcp-relay 4.3.3-5ubuntu12.9
isc-dhcp-client 4.3.3-5ubuntu12.9
isc-dhcp-server-ldap 4.3.3-5ubuntu12.9
Ubuntu 14.04 LTS:
isc-dhcp-server 4.2.4-7ubuntu12.12
isc-dhcp-relay 4.2.4-7ubuntu12.12
isc-dhcp-client 4.2.4-7ubuntu12.12
isc-dhcp-server-ldap 4.2.4-7ubuntu12.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-2774, CVE-2017-3144, CVE-2018-5732, CVE-2018-5733

Kategóriák: Securiy

Inkscape sorozat (negyedik különkiadás): 22–28. rész

Ubuntu magyar közösség - 2018.03.01, cs - 18:11

Folytatjuk az Inkscape cikksorozat különkiadását. A cikksorozat 22–28. részeivel, semmi extra, csak a tények.

Ne feledkezzetek meg az eredeti kiadási dátumokról. A hardver és szoftver jelenlegi verziói eltérhetnek az akkor közöltektől, ellenőrizzétek a verziószámokat, mielőtt kipróbáljátok a cikkekben leírtakat. Nem feltétlenül fog működni az akkori megoldás a mostani rendszereken.

Ez a kiadás letölthető a szokásos PDF változatban.

Letöltés: Inkscape 22–28. rész

Jó olvasgatást!

Inkscape sorozat 4. rész – 22-28. részek

Full Circle Magazin - 2018.03.01, cs - 17:55

Nehogy unatkozzanak a kedves rajzolni vágyó olvasók, az „Inkscape” sorozat 4. kötetét is közreadjuk. Ebben a kiadásban a 22 – 28. részt lehet megtalálni, semmi extra, csak a tények.

 

Kérlek, ne feledkezz meg az eredeti kiadási dátumról. A hardver és szoftver jelenlegi verziói eltérhetnek az akkor közöltektől, így ellenőrizd a hardvered és szoftvered verzióit, mielőtt megpróbálod emulálni/utánozni a különkiadásokban lévő ismertetőket. Előfordulhat, hogy a szoftver későbbi verziói vannak meg neked, vagy érhetők el a kiadásod tárolóiban.

Inkscape sorozat 4. rész (0)

USN-3579-2: LibreOffice regression

Ubuntu security notices - 2018.03.01, cs - 03:24
Ubuntu Security Notice USN-3579-2

28th February, 2018

libreoffice regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
Summary

USN-3579-1 caused a regression in LibreOffice.

Software description
  • libreoffice - Office productivity suite
Details

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was
no longer possible for LibreOffice to open documents from certain
locations outside of the user's home directory. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libreoffice-common 1:5.4.5-0ubuntu0.17.10.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make
all the necessary changes.

References

LP: 1751005

Kategóriák: Securiy

Inkscape sorozat (harmadik különkiadás): 15–21. rész

Ubuntu magyar közösség - 2018.02.26, h - 21:04

Folytatjuk az Inkscape cikksorozat különkiadását. A cikksorozat 15–21. részeivel, semmi extra, csak a tények.

Ne feledkezzetek meg az eredeti kiadási dátumokról. A hardver és szoftver jelenlegi verziói eltérhetnek az akkor közöltektől, ellenőrizzétek a verziószámokat, mielőtt kipróbáljátok a cikkekben leírtakat. Nem feltétlenül fog működni az akkori megoldás a mostani rendszereken.

Ez a kiadás letölthető a szokásos PDF változatban.

Letöltés: Inkscape 15–21. rész

Jó olvasgatást!

USN-3584-1: sensible-utils vulnerability

Ubuntu security notices - 2018.02.26, h - 20:53
Ubuntu Security Notice USN-3584-1

26th February, 2018

sensible-utils vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

sensible-utils could be made to run programs as your login if it opened a malicious URL.

Software description
  • sensible-utils - Utilities for sensible alternative selection
Details

Gabriel Corona discovered that sensible-utils incorrectly validated strings
when launcher a browser with the sensible-browser tool. A remote attacker
could possibly use this issue with a specially crafted URL to conduct an
argument injection attack and execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
sensible-utils 0.0.10ubuntu0.1
Ubuntu 16.04 LTS:
sensible-utils 0.0.9ubuntu0.16.04.1
Ubuntu 14.04 LTS:
sensible-utils 0.0.9ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-17512

Kategóriák: Securiy

Inkscape sorozat 3. rész – 15-21. részek

Full Circle Magazin - 2018.02.26, h - 20:29

Nehogy unatkozzanak a kedves rajzolni vágyó olvasók, az „Inkscape” sorozat 3. kötetét is közreadjuk. Ebben a kiadásban a 15 – 21. részt lehet megtalálni, semmi extra, csak a tények.

 

Kérlek, ne feledkezz meg az eredeti kiadási dátumról. A hardver és szoftver jelenlegi verziói eltérhetnek az akkor közöltektől, így ellenőrizd a hardvered és szoftvered verzióit, mielőtt megpróbálod emulálni/utánozni a különkiadásokban lévő ismertetőket. Előfordulhat, hogy a szoftver későbbi verziói vannak meg neked, vagy érhetők el a kiadásod tárolóiban.

Inkscape sorozat 3. rész (0)

USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu security notices - 2018.02.23, p - 13:57
Ubuntu Security Notice USN-3583-2

23rd February, 2018

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM
Details

USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)

It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2017-1000407)

Bo Zhang discovered that the netlink wireless configuration interface in
the Linux kernel did not properly validate attributes when handling certain
requests. A local attacker with the CAP_NET_ADMIN could use this to cause a
denial of service (system crash). (CVE-2017-12153)

Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel
did not properly track reference counts when merging buffers. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2017-12190)

It was discovered that the key management subsystem in the Linux kernel did
not properly restrict key reads on negatively instantiated keys. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-12192)

It was discovered that an integer overflow existed in the sysfs interface
for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2017-14051)

Otto Ebeling discovered that the memory manager in the Linux kernel did not
properly check the effective UID in some situations. A local attacker could
use this to expose sensitive information. (CVE-2017-14140)

It was discovered that the ATI Radeon framebuffer driver in the Linux
kernel did not properly initialize a data structure returned to user space.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2017-14156)

ChunYu Wang discovered that the iSCSI transport implementation in the Linux
kernel did not properly validate data structures. A local attacker could
use this to cause a denial of service (system crash). (CVE-2017-14489)

James Patrick-Evans discovered a race condition in the LEGO USB Infrared
Tower driver in the Linux kernel. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15102)

ChunYu Wang discovered that a use-after-free vulnerability existed in the
SCTP protocol implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code, (CVE-2017-15115)

It was discovered that the key management subsystem in the Linux kernel did
not properly handle NULL payloads with non-zero length values. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-15274)

It was discovered that the Bluebooth Network Encapsulation Protocol (BNEP)
implementation in the Linux kernel did not validate the type of socket
passed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN
privilege could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15868)

Andrey Konovalov discovered a use-after-free vulnerability in the USB
serial console driver in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-16525)

It was discovered that the netfilter passive OS fingerprinting (xt_osf)
module did not properly perform access control checks. A local attacker
could improperly modify the systemwide OS fingerprint list.
(CVE-2017-17450)

It was discovered that the HMAC implementation did not validate the state
of the underlying cryptographic hash algorithm. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-17806)

Denys Fedoryshchenko discovered a use-after-free vulnerability in the
netfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use
this to cause a denial of service (system crash). (CVE-2017-18017)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did
not properly restrict mapping page zero. A local privileged attacker could
use this to execute arbitrary code. (CVE-2017-5669)

It was discovered that an integer overflow vulnerability existing in the
IPv6 implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (infinite loop). (CVE-2017-7542)

Tommi Rantala and Brad Spengler discovered that the memory manager in the
Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection
mechanism. A local attacker with access to /dev/mem could use this to
expose sensitive information or possibly execute arbitrary code.
(CVE-2017-7889)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable
Datagram Sockets) protocol implementation of the Linux kernel. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-142-generic 3.13.0-142.191~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.142.133
linux-image-3.13.0-142-generic-lpae 3.13.0-142.191~precise1
linux-image-generic-lts-trusty 3.13.0.142.133

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-0750, CVE-2017-0861, CVE-2017-1000407, CVE-2017-12153, CVE-2017-12190, CVE-2017-12192, CVE-2017-14051, CVE-2017-14140, CVE-2017-14156, CVE-2017-14489, CVE-2017-15102, CVE-2017-15115, CVE-2017-15274, CVE-2017-15868, CVE-2017-16525, CVE-2017-17450, CVE-2017-17806, CVE-2017-18017, CVE-2017-5669, CVE-2017-7542, CVE-2017-7889, CVE-2017-8824, CVE-2018-5333, CVE-2018-5344

Kategóriák: Securiy

USN-3583-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.02.23, p - 13:57
Ubuntu Security Notice USN-3583-1

23rd February, 2018

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
Details

It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)

It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2017-1000407)

Bo Zhang discovered that the netlink wireless configuration interface in
the Linux kernel did not properly validate attributes when handling certain
requests. A local attacker with the CAP_NET_ADMIN could use this to cause a
denial of service (system crash). (CVE-2017-12153)

Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel
did not properly track reference counts when merging buffers. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2017-12190)

It was discovered that the key management subsystem in the Linux kernel did
not properly restrict key reads on negatively instantiated keys. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-12192)

It was discovered that an integer overflow existed in the sysfs interface
for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2017-14051)

Otto Ebeling discovered that the memory manager in the Linux kernel did not
properly check the effective UID in some situations. A local attacker could
use this to expose sensitive information. (CVE-2017-14140)

It was discovered that the ATI Radeon framebuffer driver in the Linux
kernel did not properly initialize a data structure returned to user space.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2017-14156)

ChunYu Wang discovered that the iSCSI transport implementation in the Linux
kernel did not properly validate data structures. A local attacker could
use this to cause a denial of service (system crash). (CVE-2017-14489)

James Patrick-Evans discovered a race condition in the LEGO USB Infrared
Tower driver in the Linux kernel. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15102)

ChunYu Wang discovered that a use-after-free vulnerability existed in the
SCTP protocol implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code, (CVE-2017-15115)

It was discovered that the key management subsystem in the Linux kernel did
not properly handle NULL payloads with non-zero length values. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-15274)

It was discovered that the Bluebooth Network Encapsulation Protocol (BNEP)
implementation in the Linux kernel did not validate the type of socket
passed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN
privilege could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15868)

Andrey Konovalov discovered a use-after-free vulnerability in the USB
serial console driver in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-16525)

It was discovered that the netfilter passive OS fingerprinting (xt_osf)
module did not properly perform access control checks. A local attacker
could improperly modify the systemwide OS fingerprint list.
(CVE-2017-17450)

It was discovered that the HMAC implementation did not validate the state
of the underlying cryptographic hash algorithm. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-17806)

Denys Fedoryshchenko discovered a use-after-free vulnerability in the
netfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use
this to cause a denial of service (system crash). (CVE-2017-18017)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did
not properly restrict mapping page zero. A local privileged attacker could
use this to execute arbitrary code. (CVE-2017-5669)

It was discovered that an integer overflow vulnerability existing in the
IPv6 implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (infinite loop). (CVE-2017-7542)

Tommi Rantala and Brad Spengler discovered that the memory manager in the
Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection
mechanism. A local attacker with access to /dev/mem could use this to
expose sensitive information or possibly execute arbitrary code.
(CVE-2017-7889)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable
Datagram Sockets) protocol implementation of the Linux kernel. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-5344)

USN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in Ubuntu 14.04 LTS. This update provides the
corresponding mitigations for the ppc64el architecture. Original
advisory details:

Jann Horn discovered that microprocessors utilizing speculative execution
and indirect branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Meltdown. A local attacker could
use this to expose sensitive information, including kernel memory.
(CVE-2017-5754)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-3.13.0-142-powerpc-smp 3.13.0-142.191
linux-image-powerpc-smp 3.13.0.142.152
linux-image-powerpc-e500mc 3.13.0.142.152
linux-image-generic 3.13.0.142.152
linux-image-3.13.0-142-powerpc64-emb 3.13.0-142.191
linux-image-3.13.0-142-powerpc64-smp 3.13.0-142.191
linux-image-powerpc64-emb 3.13.0.142.152
linux-image-3.13.0-142-generic 3.13.0-142.191
linux-image-generic-lpae 3.13.0.142.152
linux-image-powerpc-e500 3.13.0.142.152
linux-image-powerpc64-smp 3.13.0.142.152
linux-image-3.13.0-142-generic-lpae 3.13.0-142.191
linux-image-3.13.0-142-powerpc-e500mc 3.13.0-142.191
linux-image-3.13.0-142-powerpc-e500 3.13.0-142.191
linux-image-lowlatency 3.13.0.142.152
linux-image-3.13.0-142-lowlatency 3.13.0-142.191

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-0750, CVE-2017-0861, CVE-2017-1000407, CVE-2017-12153, CVE-2017-12190, CVE-2017-12192, CVE-2017-14051, CVE-2017-14140, CVE-2017-14156, CVE-2017-14489, CVE-2017-15102, CVE-2017-15115, CVE-2017-15274, CVE-2017-15868, CVE-2017-16525, CVE-2017-17450, CVE-2017-17806, CVE-2017-18017, CVE-2017-5669, CVE-2017-5754, CVE-2017-7542, CVE-2017-7889, CVE-2017-8824, CVE-2018-5333, CVE-2018-5344

Kategóriák: Securiy

USN-3581-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ubuntu security notices - 2018.02.23, p - 10:55
Ubuntu Security Notice USN-3581-3

23rd February, 2018

linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
Details

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)

ChunYu Wang discovered that a use-after-free vulnerability existed in the
SCTP protocol implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code, (CVE-2017-15115)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
linux-image-4.13.0-1014-raspi2 4.13.0-1014.15
linux-image-raspi2 4.13.0.1014.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-15115, CVE-2017-17712, CVE-2017-8824

Kategóriák: Securiy

USN-3578-1: WavPack vulnerabilities

Ubuntu security notices - 2018.02.22, cs - 21:34
Ubuntu Security Notice USN-3578-1

21st February, 2018

wavpack vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
Summary

Several security issues were fixed in WavPack.

Software description
  • wavpack - audio codec (lossy and lossless) - encoder and decoder
Details

It was discovered that WavPack incorrectly handled certain DSDIFF files.
An attacker could possibly use this to execute arbitrary code or
cause a denial of service. (CVE-2018-7253)

It was discovered that WavPack incorrectly handled certain CAF files.
An attacker could possibly use this to cause a denial of service.
(CVE-2018-7254)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libwavpack1 5.1.0-2ubuntu0.2
wavpack 5.1.0-2ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2018-7253, CVE-2018-7254

Kategóriák: Securiy

USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

Ubuntu security notices - 2018.02.22, cs - 16:05
Ubuntu Security Notice USN-3582-2

22nd February, 2018

linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
Details

USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)

Laurent Guerby discovered that the mbcache feature in the ext2 and ext4
filesystems in the Linux kernel improperly handled xattr block caching. A
local attacker could use this to cause a denial of service. (CVE-2015-8952)

Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel
did not properly track reference counts when merging buffers. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2017-12190)

ChunYu Wang discovered that a use-after-free vulnerability existed in the
SCTP protocol implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code, (CVE-2017-15115)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

USN-3540-2 mitigated CVE-2017-5715 (Spectre Variant 2) for the
amd64 architecture in Ubuntu 14.04 LTS. This update provides the
compiler-based retpoline kernel mitigation for the amd64 and i386
architectures. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial 4.4.0.116.98
linux-image-lowlatency-lts-xenial 4.4.0.116.98
linux-image-4.4.0-116-powerpc64-smp 4.4.0-116.140~14.04.1
linux-image-4.4.0-116-lowlatency 4.4.0-116.140~14.04.1
linux-image-4.4.0-116-powerpc-e500mc 4.4.0-116.140~14.04.1
linux-image-4.4.0-116-generic 4.4.0-116.140~14.04.1
linux-image-4.4.0-1014-aws 4.4.0-1014.14
linux-image-4.4.0-116-generic-lpae 4.4.0-116.140~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.116.98
linux-image-generic-lts-xenial 4.4.0.116.98
linux-image-4.4.0-116-powerpc64-emb 4.4.0-116.140~14.04.1
linux-image-aws 4.4.0.1014.14
linux-image-powerpc64-smp-lts-xenial 4.4.0.116.98
linux-image-powerpc64-emb-lts-xenial 4.4.0.116.98
linux-image-4.4.0-116-powerpc-smp 4.4.0-116.140~14.04.1
linux-image-powerpc-e500mc-lts-xenial 4.4.0.116.98

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8952, CVE-2017-12190, CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824

Kategóriák: Securiy

USN-3582-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.02.22, cs - 16:05
Ubuntu Security Notice USN-3582-1

22nd February, 2018

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
Details

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)

Laurent Guerby discovered that the mbcache feature in the ext2 and ext4
filesystems in the Linux kernel improperly handled xattr block caching. A
local attacker could use this to cause a denial of service. (CVE-2015-8952)

Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel
did not properly track reference counts when merging buffers. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2017-12190)

ChunYu Wang discovered that a use-after-free vulnerability existed in the
SCTP protocol implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code, (CVE-2017-15115)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

USN-3540-1 mitigated CVE-2017-5715 (Spectre Variant 2) for the
amd64 architecture in Ubuntu 16.04 LTS. This update provides the
compiler-based retpoline kernel mitigation for the amd64 and i386
architectures. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-powerpc-e500mc 4.4.0.116.122
linux-image-4.4.0-116-powerpc64-smp 4.4.0-116.140
linux-image-4.4.0-1052-aws 4.4.0-1052.61
linux-image-4.4.0-116-lowlatency 4.4.0-116.140
linux-image-4.4.0-1019-kvm 4.4.0-1019.24
linux-image-snapdragon 4.4.0.1087.79
linux-image-powerpc64-emb 4.4.0.116.122
linux-image-generic 4.4.0.116.122
linux-image-4.4.0-116-generic 4.4.0-116.140
linux-image-4.4.0-116-generic-lpae 4.4.0-116.140
linux-image-4.4.0-116-powerpc-e500mc 4.4.0-116.140
linux-image-4.4.0-1085-raspi2 4.4.0-1085.93
linux-image-aws 4.4.0.1052.54
linux-image-kvm 4.4.0.1019.18
linux-image-4.4.0-116-powerpc-smp 4.4.0-116.140
linux-image-raspi2 4.4.0.1085.85
linux-image-powerpc-smp 4.4.0.116.122
linux-image-4.4.0-116-powerpc64-emb 4.4.0-116.140
linux-image-generic-lpae 4.4.0.116.122
linux-image-powerpc64-smp 4.4.0.116.122
linux-image-4.4.0-1087-snapdragon 4.4.0-1087.92
linux-image-lowlatency 4.4.0.116.122

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8952, CVE-2017-12190, CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824

Kategóriák: Securiy

USN-3581-2: Linux kernel (HWE) vulnerabilities

Ubuntu security notices - 2018.02.22, cs - 16:05
Ubuntu Security Notice USN-3581-2

22nd February, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
  • linux-oem - Linux kernel for OEM processors
Details

USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)

ChunYu Wang discovered that a use-after-free vulnerability existed
in the SCTP protocol implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code, (CVE-2017-15115)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

USN-3541-2 mitigated CVE-2017-5715 (Spectre Variant 2) for the
amd64 architecture in Ubuntu 16.04 LTS. This update provides the
compiler-based retpoline kernel mitigation for the amd64 and i386
architectures. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-gke 4.13.0.1011.13
linux-image-4.13.0-36-generic 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-gcp 4.13.0-1011.15
linux-image-gcp 4.13.0.1011.13
linux-image-generic-hwe-16.04 4.13.0.36.55
linux-image-oem 4.13.0.1021.25
linux-image-lowlatency-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-36-lowlatency 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-azure 4.13.0-1011.14
linux-image-4.13.0-36-generic-lpae 4.13.0-36.40~16.04.1
linux-image-azure 4.13.0.1011.12
linux-image-generic-lpae-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-1021-oem 4.13.0-1021.23

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824

Kategóriák: Securiy

USN-3581-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.02.22, cs - 16:05
Ubuntu Security Notice USN-3581-1

22nd February, 2018

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
Details

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)

ChunYu Wang discovered that a use-after-free vulnerability existed
in the SCTP protocol implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code, (CVE-2017-15115)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-8824)

USN-3541-1 mitigated CVE-2017-5715 (Spectre Variant 2) for the
amd64 architecture in Ubuntu 17.10. This update provides the
compiler-based retpoline kernel mitigation for the amd64 and i386
architectures. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
linux-image-generic 4.13.0.36.38
linux-image-4.13.0-36-generic-lpae 4.13.0-36.40
linux-image-generic-lpae 4.13.0.36.38
linux-image-4.13.0-36-lowlatency 4.13.0-36.40
linux-image-lowlatency 4.13.0.36.38
linux-image-4.13.0-36-generic 4.13.0-36.40

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824

Kategóriák: Securiy

125. szám

Full Circle Magazin - 2018.02.22, cs - 13:41
Tartalom 125. szám
  • Hírek
  • Parancsolj és uralkodj: CSS Grid-ek
  • Hogyanok:
    • Luminance HDR
    • Bevezető a FreeCAD-hez – 6. rész
    • tmux – 1. rész
    • Inkscape – 65. rész
    • Kutatás Linuxszal
    • Xubuntu az Xplore iX104C2-n
  • Az én történetem – Hogyan váltottam Windowsról
  • Különvélemény – Néhány gondolat a Budgie-ről
  • Hogyan írjunk a Full Circle-be?
  • KODI-szoba: A mi KODI rendszerünk – 2. rész
  • Fókuszban: Trello
  • Levelek
  • KáVé
  • Játékok Ubuntun – Aragami
  • Az én asztalom
  • Támogatóink
  • Közreműködnél?
125. szám (0)

USN-3580-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.02.22, cs - 06:14
Ubuntu Security Notice USN-3580-1

21st February, 2018

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software description
  • linux - Linux kernel
Details

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-133-generic-pae 3.2.0-133.179
linux-image-generic 3.2.0.133.148
linux-image-generic-pae 3.2.0.133.148
linux-image-3.2.0-133-generic 3.2.0-133.179

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References

CVE-2017-5715, CVE-2017-5753, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Kategóriák: Securiy

USN-3579-1: LibreOffice vulnerability

Ubuntu security notices - 2018.02.22, cs - 02:42
Ubuntu Security Notice USN-3579-1

21st February, 2018

libreoffice vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

LibreOffice would allow unintended access to files over the network.

Software description
  • libreoffice - Office productivity suite
Details

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libreoffice-core 1:5.4.5-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial3
Ubuntu 14.04 LTS:
libreoffice-core 1:4.2.8-0ubuntu5.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make
all the necessary changes.

References

CVE-2018-6871

Kategóriák: Securiy

Megjelent a Full Circle magazin 125. számának magyar fordítása

Ubuntu magyar közösség - 2018.02.21, sze - 22:58

A fordítócsapat örömmel jelenti be, hogy elkészült a Full Circle magazin 125. számának magyar fordítása.

Tartalom:

  • Hírek
  • Parancsolj és uralkodj: CSS Grid-ek
  • Hogyanok:
    • Luminance HDR
    • Bevezető a FreeCAD-hez – 6. rész
    • tmux – 1. rész
    • Inkscape – 65. rész
  • Kutatás Linuxszal
  • Linux labor: Xubuntu az Xplore iX104C2-n
  • Az én történetem: Hogyan váltottam Windowsról
  • Különvélemény: Néhány gondolat a Budgie-ről
  • Hogyan írjunk a Full Circle-be!
  • KODI-szoba: A mi KODI rendszerünk – 2. rész
  • Fókuszban: Trello
  • Levelek
  • KáVé
  • Játékok Ubuntun: Aragami
  • Az én asztalom
  • Támogatóink
  • Közreműködnél?

Az új szám elérhető a régiek mellett a http://fullcircle.hu oldalon.

Letöltési link: 125. szám

A fordítást a Full Circle magazin magyar fordítócsapata készítette.

A régebbi számok továbbra is elérhetők a fordítócsapat oldalán, a fullcircle.hu oldalon, továbbá a Full Circle magazin hivatalos oldalának letöltései között: http://fullcirclemagazine.org/downloads/

Megpróbálunk minél hamarabb jelentkezni a 126. számmal. A régebbi számok mindegyike elérhető és letölthető weboldalunkról, illetve kereshettek minket a Facebookon is.

Jó olvasgatást kívánunk mindenkinek!

USN-3577-1: CUPS vulnerability

Ubuntu security notices - 2018.02.21, sze - 04:00
Ubuntu Security Notice USN-3577-1

20th February, 2018

cups vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

CUPS could be made to provide access to printers over the network.

Software description
  • cups - Common UNIX Printing System(tm)
Details

Jann Horn discovered that CUPS permitted HTTP requests with the Host
header set to "localhost.localdomain" from the loopback interface. If a
user were tricked in to opening a specially crafted website in their web
browser, an attacker could potentially exploit this to obtain sensitive
information or control printers, via a DNS rebinding attack.
(CVE-2017-18190)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
cups 2.1.3-4ubuntu0.4
Ubuntu 14.04 LTS:
cups 1.7.2-0ubuntu1.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-18190

Kategóriák: Securiy

Oldalak

Subscribe to Informatikai megoldások hírolvasó