You are here

Hírolvasó

USN-3558-1: systemd vulnerabilities

Ubuntu security notices - 2018.02.05, h - 23:36
Ubuntu Security Notice USN-3558-1

5th February, 2018

systemd vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in systemd.

Software description
  • systemd - system and service manager
Details

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez
independently discovered that systemd-resolved incorrectly handled certain
DNS responses. A remote attacker could possibly use this issue to cause
systemd to temporarily stop responding, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908)

It was discovered that systemd incorrectly handled automounted volumes. A
local attacker could possibly use this issue to cause applications to hang,
resulting in a denial of service. (CVE-2018-1049)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
systemd 229-4ubuntu21.1
Ubuntu 14.04 LTS:
systemd 204-5ubuntu20.26

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-15908, CVE-2018-1049

Kategóriák: Securiy

USN-3557-1: Squid vulnerabilities

Ubuntu security notices - 2018.02.05, h - 23:36
Ubuntu Security Notice USN-3557-1

5th February, 2018

squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in Squid.

Software description
  • squid3 - Web proxy cache server
Details

Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)

William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)

Santiago Ruano Rincón discovered that Squid incorrectly handled certain
Vary headers. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
squid3 3.5.23-5ubuntu1.1
Ubuntu 16.04 LTS:
squid3 3.5.12-1ubuntu7.5
Ubuntu 14.04 LTS:
squid3 3.3.8-1ubuntu6.11

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-3948, CVE-2018-1000024, CVE-2018-1000027

Kategóriák: Securiy

USN-3550-2: ClamAV vulnerabilities

Ubuntu security notices - 2018.02.05, h - 20:30
Ubuntu Security Notice USN-3550-2

5th February, 2018

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in ClamAV.

Software description
  • clamav - Anti-virus utility for Unix
Details

USN-3550-1 fixed several vulnerabilities in ClamAV. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain mail
messages. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)

It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-12376)

It was discovered that ClamAV incorrectly handled parsing certain mew
packet files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12377)

It was discovered that ClamAV incorrectly handled parsing certain TAR
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2017-12378)

In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
clamav 0.99.3+addedllvm-0ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380

Kategóriák: Securiy

Ubuntu Hour február

Ubuntu magyar közösség - 2018.02.04, v - 23:19

Időpont: 2018. február 9. (péntek)

BUDAPEST
Kezdés: 18.00 óra
Helyszín: A Grund Bazsesz terem (Budapest, VIII. Nagytemplom utca 30.)
Téma: Titkosított előadás
Megközelítés: Corvin negyedtől 8 perc, Klinikák megállótól 5 perc séta.
Kapcsolatfelvétel a szervezővel.
MISKOLC
Kezdés: 18.00 óra
Helyszín: GRABOVSKY „Iroda” (Miskolc, Rákóczi Ferenc utca 13.)
Téma: Lumina Desktop bemutatása
Kapcsolatfelvétel a szervezőkkel: itt és itt.

A rendezvények mindenki számára ingyenesek.

USN-3556-2: Dovecot vulnerabilities

Ubuntu security notices - 2018.02.02, p - 02:06
Ubuntu Security Notice USN-3556-2

1st February, 2018

dovecot vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in Dovecot.

Software description
  • dovecot - IMAP and POP3 email server
Details

USN-3556-1 fixed vulnerabilities in Dovecot. This update
provides the corresponding update for Ubuntu 12.04 ESM.

It was discovered that Dovecot incorrectly handled certain authentications.
An attacker could possibly use this to bypass authentication and access
sensitive information. (CVE-2013-6171)

Original advisory details:

It was discovered that Dovecot incorrectly handled certain authentications.
An attacker could possibly use this to cause a denial of service. (CVE-2017-15132)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
dovecot-core 1:2.0.19-0ubuntu2.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-6171, CVE-2017-15132

Kategóriák: Securiy

USN-3556-1: Dovecot vulnerability

Ubuntu security notices - 2018.02.01, cs - 22:42
Ubuntu Security Notice USN-3556-1

1st February, 2018

dovecot vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Dovecot could be made to crash if it received specially crafted input.

Software description
  • dovecot - IMAP and POP3 email server
Details

It was discovered that Dovecot incorrectly handled certain authentications.
An attacker could possibly use this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
dovecot-core 1:2.2.27-3ubuntu1.2
Ubuntu 16.04 LTS:
dovecot-core 1:2.2.22-1ubuntu2.6
Ubuntu 14.04 LTS:
dovecot-core 1:2.2.9-1ubuntu2.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-15132

Kategóriák: Securiy

USN-3555-2: w3m vulnerabilities

Ubuntu security notices - 2018.02.01, cs - 19:33
Ubuntu Security Notice USN-3555-2

1st February, 2018

w3m vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
Summary

Several security issues were fixed in w3m.

Software description
  • w3m - WWW browsable pager with excellent tables/frames support
Details

USN-3555-2 fixed vulnerabilities in w3m. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:

It was discovered that w3m incorrectly handled certain inputs.
An attacker could possibly use this to cause a denial of service.
(CVE-2018-6196, CVE-2018-6197)

It was discovered that w3m incorrectly handled temporary files.
An attacker could possibly use this to overwrite arbitrary files.
(CVE-2018-6198)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
w3m 0.5.3-5ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2018-6196, CVE-2018-6197, CVE-2018-6198

Kategóriák: Securiy

USN-3555-1: w3m vulnerabilities

Ubuntu security notices - 2018.02.01, cs - 19:33
Ubuntu Security Notice USN-3555-1

1st February, 2018

w3m vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in w3m.

Software description
  • w3m - WWW browsable pager with excellent tables/frames support
Details

It was discovered that w3m incorrectly handled certain inputs.
An attacker could possibly use this to cause a denial of service.
(CVE-2018-6196, CVE-2018-6197)

It was discovered that w3m incorrectly handled temporary files.
An attacker could possibly use this to overwrite arbitrary files.
(CVE-2018-6198)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
w3m 0.5.3-34ubuntu0.1
Ubuntu 16.04 LTS:
w3m 0.5.3-26ubuntu0.2
Ubuntu 14.04 LTS:
w3m 0.5.3-15ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2018-6196, CVE-2018-6197, CVE-2018-6198

Kategóriák: Securiy

Oldalak

Subscribe to Informatikai megoldások hírolvasó