1. Server >
  2. Unix Server


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Unix Server


Suchen

News RSS Quellen: 8x
News Kategorien unterhalb von Unix Server: 0x
News RSS Feeds dieser Unix Server Kategorie: RSS Feed Unix Server
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 1 von 312 Seiten (Bei Beitrag 1 - 35)
10.910x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]

USN-4124-2: Exim vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

exim4 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM

Summary

Exim could be made to run programs as an administrator if it received specially crafted network traffic.

Software Description

  • exim4 - Exim is a mail transport agent

Details

USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
exim4-daemon-heavy - 4.82-3ubuntu2.4+esm1
exim4-daemon-light - 4.82-3ubuntu2.4+esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4134-1: IBus vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

ibus vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

IBus would allow local users to capture key strokes of other locally logged in users.

Software Description

  • ibus - Intelligent Input Bus - core

Details

Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
ibus - 1.5.19-1ubuntu2.1
Ubuntu 18.04 LTS
ibus - 1.5.17-3ubuntu5.1
Ubuntu 16.04 LTS
ibus - 1.5.11-1ubuntu2.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4133-1: Wireshark vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

Wireshark vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Wireshark could be made to crash if it received specially crafted network traffic or input files.

Software Description

  • wireshark - network traffic analyzer

Details

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libwireshark-data - 2.6.10-1~ubuntu19.04.0
libwireshark11 - 2.6.10-1~ubuntu19.04.0
libwiretap8 - 2.6.10-1~ubuntu19.04.0
libwscodecs2 - 2.6.10-1~ubuntu19.04.0
libwsutil9 - 2.6.10-1~ubuntu19.04.0
tshark - 2.6.10-1~ubuntu19.04.0
wireshark - 2.6.10-1~ubuntu19.04.0
wireshark-common - 2.6.10-1~ubuntu19.04.0
wireshark-gtk - 2.6.10-1~ubuntu19.04.0
wireshark-qt - 2.6.10-1~ubuntu19.04.0
Ubuntu 18.04 LTS
libwireshark-data - 2.6.10-1~ubuntu18.04.0
libwireshark11 - 2.6.10-1~ubuntu18.04.0
libwiretap8 - 2.6.10-1~ubuntu18.04.0
libwscodecs2 - 2.6.10-1~ubuntu18.04.0
libwsutil9 - 2.6.10-1~ubuntu18.04.0
tshark - 2.6.10-1~ubuntu18.04.0
wireshark - 2.6.10-1~ubuntu18.04.0
wireshark-common - 2.6.10-1~ubuntu18.04.0
wireshark-gtk - 2.6.10-1~ubuntu18.04.0
wireshark-qt - 2.6.10-1~ubuntu18.04.0
Ubuntu 16.04 LTS
libwireshark-data - 2.6.10-1~ubuntu16.04.0
libwireshark11 - 2.6.10-1~ubuntu16.04.0
libwiretap8 - 2.6.10-1~ubuntu16.04.0
libwscodecs2 - 2.6.10-1~ubuntu16.04.0
libwsutil9 - 2.6.10-1~ubuntu16.04.0
tshark - 2.6.10-1~ubuntu16.04.0
wireshark - 2.6.10-1~ubuntu16.04.0
wireshark-common - 2.6.10-1~ubuntu16.04.0
wireshark-gtk - 2.6.10-1~ubuntu16.04.0
wireshark-qt - 2.6.10-1~ubuntu16.04.0

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

DSA-4522 faad2 - security update

Zur Kategorie wechselnUnix Server vom | Quelle: debian.org Direktlink direkt öffnen

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.


News Bewertung

Weiterlesen Weiterlesen

DSA-4523 thunderbird - security update

Zur Kategorie wechselnUnix Server vom | Quelle: debian.org Direktlink direkt öffnen

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.


News Bewertung

Weiterlesen Weiterlesen

Umfrage: Wie löschen Sie Ihre Dateien?

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

News: Videokonferenzprogramm Meet erreicht Version 1.0

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Kopano hat das im Januar erstmals vorgestellte Videokonferenzprogramm Meet in Version 1.0 veröffentlicht. Das Programm kann auf den eigenen Servern der Benutzer oder in einer privaten Cloud betrieben werden.
News Bewertung

Weiterlesen Weiterlesen

News: Gnome 3.34 freigegeben

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Die freie Desktopumgebung Gnome ist wie geplant in Version 3.34 erschienen. Neu in der aktuellen Version sind unter anderem Verbesserungen der grafischen Darstellung sowie die Einführung von benutzerdefinierten Verzeichnissen in der Anwendungsansicht. Entwickler dürften zudem von erweiterten Profilingmöglichkeiten in der neuen Version profitieren.
News Bewertung

Weiterlesen Weiterlesen

Security: Pufferüberlauf in srt (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in python-urllib3 (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Zwei Probleme in curl (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Preisgabe von Informationen in cri-o (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Ausführen beliebiger Kommandos in curl (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Preisgabe von Informationen in cri-o (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Preisgabe von Informationen in Expat (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Zwei Probleme in python-SQLAlchemy (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in java-1_8_0-ibm (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Pufferüberlauf in curl (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Preisgabe von Informationen in Expat (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

USN-4129-2: curl vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary

curl could be made to crash or possibly execute arbitrary code if it incorrectly handled memory during TFTP transfers.

Software Description

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

Original advisory details:

Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
curl - 7.35.0-1ubuntu2.20+esm3
libcurl3 - 7.35.0-1ubuntu2.20+esm3
libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm3
libcurl3-nss - 7.35.0-1ubuntu2.20+esm3
Ubuntu 12.04 ESM
curl - 7.22.0-3ubuntu4.27
libcurl3 - 7.22.0-3ubuntu4.27
libcurl3-gnutls - 7.22.0-3ubuntu4.27
libcurl3-nss - 7.22.0-3ubuntu4.27

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4132-2: Expat vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

expat vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary

Expat could be made to expose sensitive information if it received a specially crafted XML file.

Software Description

  • expat - XML parsing C library

Details

USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
lib64expat1 - 2.1.0-4ubuntu1.4+esm2
libexpat1 - 2.1.0-4ubuntu1.4+esm2
Ubuntu 12.04 ESM
lib64expat1 - 2.0.1-7.2ubuntu1.7
libexpat1 - 2.0.1-7.2ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4132-1: Expat vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

expat vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Expat could be made to expose sensitive information if it received a specially crafted XML file.

Software Description

  • expat - XML parsing C library

Details

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libexpat1 - 2.2.6-1ubuntu0.19.5
Ubuntu 18.04 LTS
libexpat1 - 2.2.5-3ubuntu0.2
Ubuntu 16.04 LTS
lib64expat1 - 2.1.0-7ubuntu0.16.04.5
libexpat1 - 2.1.0-7ubuntu0.16.04.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

Artikel: Collabora – so klappt die Zusammenarbeit im Online-Office von Nextcloud

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Das Online-Office von Collabora lässt sich gut in Nextcloud nutzen. Dieser Artikel beschreibt, wie man es einrichtet.
News Bewertung

Weiterlesen Weiterlesen

News: Webbrowser Vivaldi auch unter Android

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Wie der Hersteller des Browsers Vivaldi bekannt gab, kann die Anwendung künftig auch unter Android genutzt werden. Eine entsprechende Betaversion wurde gestartet und kann von jedem Interessenten ausprobiert werden.
News Bewertung

Weiterlesen Weiterlesen

USN-4131-1: VLC vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

vlc vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS

Summary

Several security issues were fixed in VLC.

Software Description

  • vlc - multimedia player and streamer

Details

It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
vlc - 3.0.8-0ubuntu19.04.1
Ubuntu 18.04 LTS
vlc - 3.0.8-0ubuntu18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4130-1: WebKitGTK+ vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software Description

  • webkit2gtk - Web content engine library for GTK+

Details

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libjavascriptcoregtk-4.0-18 - 2.24.4-0ubuntu0.19.04.1
libwebkit2gtk-4.0-37 - 2.24.4-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
libjavascriptcoregtk-4.0-18 - 2.24.4-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 - 2.24.4-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in Red OpenShift Container Platform (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Zwei Probleme in Red OpenShift Container Platform (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

USN-4129-1: curl vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in curl.

Software Description

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481)

Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
curl - 7.64.0-2ubuntu1.2
libcurl3-gnutls - 7.64.0-2ubuntu1.2
libcurl3-nss - 7.64.0-2ubuntu1.2
libcurl4 - 7.64.0-2ubuntu1.2
Ubuntu 18.04 LTS
curl - 7.58.0-2ubuntu3.8
libcurl3-gnutls - 7.58.0-2ubuntu3.8
libcurl3-nss - 7.58.0-2ubuntu3.8
libcurl4 - 7.58.0-2ubuntu3.8
Ubuntu 16.04 LTS
curl - 7.47.0-1ubuntu2.14
libcurl3 - 7.47.0-1ubuntu2.14
libcurl3-gnutls - 7.47.0-1ubuntu2.14
libcurl3-nss - 7.47.0-1ubuntu2.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4115-2: Linux kernel regression

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

USN 4115-1 introduced a regression in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue.

We apologize for the inconvenience.

Original advisory details:

Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)

Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)

It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)

Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)

Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)

It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)

Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)

It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)

Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)

It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)

Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763)

It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)

It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214)

It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220)

It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)

Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506)

It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216)

It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)

Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)

Vladis Dronov discovered that the debug interface for the Linux kernel’s HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1023-oracle - 4.15.0-1023.26
linux-image-4.15.0-1042-gke - 4.15.0-1042.44
linux-image-4.15.0-1044-kvm - 4.15.0-1044.44
linux-image-4.15.0-1045-raspi2 - 4.15.0-1045.49
linux-image-4.15.0-1048-aws - 4.15.0-1048.50
linux-image-4.15.0-62-generic - 4.15.0-62.69
linux-image-4.15.0-62-generic-lpae - 4.15.0-62.69
linux-image-4.15.0-62-lowlatency - 4.15.0-62.69
linux-image-aws - 4.15.0.1048.47
linux-image-generic - 4.15.0.62.64
linux-image-generic-lpae - 4.15.0.62.64
linux-image-gke - 4.15.0.1042.45
linux-image-gke-4.15 - 4.15.0.1042.45
linux-image-kvm - 4.15.0.1044.44
linux-image-lowlatency - 4.15.0.62.64
linux-image-oracle - 4.15.0.1023.26
linux-image-powerpc-e500mc - 4.15.0.62.64
linux-image-powerpc-smp - 4.15.0.62.64
linux-image-powerpc64-emb - 4.15.0.62.64
linux-image-powerpc64-smp - 4.15.0.62.64
linux-image-raspi2 - 4.15.0.1045.43
linux-image-virtual - 4.15.0.62.64
Ubuntu 16.04 LTS
linux-image-4.15.0-1023-oracle - 4.15.0-1023.26~16.04.1
linux-image-4.15.0-1042-gcp - 4.15.0-1042.44
linux-image-4.15.0-1048-aws - 4.15.0-1048.50~16.04.1
linux-image-4.15.0-1057-azure - 4.15.0-1057.62
linux-image-4.15.0-62-generic - 4.15.0-62.69~16.04.1
linux-image-4.15.0-62-generic-lpae - 4.15.0-62.69~16.04.1
linux-image-4.15.0-62-lowlatency - 4.15.0-62.69~16.04.1
linux-image-aws-hwe - 4.15.0.1048.48
linux-image-azure - 4.15.0.1057.60
linux-image-gcp - 4.15.0.1042.56
linux-image-generic-hwe-16.04 - 4.15.0.62.82
linux-image-generic-lpae-hwe-16.04 - 4.15.0.62.82
linux-image-gke - 4.15.0.1042.56
linux-image-lowlatency-hwe-16.04 - 4.15.0.62.82
linux-image-oem - 4.15.0.62.82
linux-image-oracle - 4.15.0.1023.17
linux-image-virtual-hwe-16.04 - 4.15.0.62.82

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4120-2: systemd regression

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

systemd regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS

Summary

USN-4120-1 caused a regression in systemd.

Software Description

  • systemd - system and service manager

Details

USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
systemd - 240-6ubuntu5.7
Ubuntu 18.04 LTS
systemd - 237-3ubuntu10.29

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4128-1: Tomcat vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

tomcat8 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Tomcat 8.

Software Description

  • tomcat8 - Servlet and JSP engine

Details

It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)

It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libtomcat8-java - 8.5.39-1ubuntu1~18.04.3
tomcat8 - 8.5.39-1ubuntu1~18.04.3
Ubuntu 16.04 LTS
libtomcat8-java - 8.0.32-1ubuntu1.10
tomcat8 - 8.0.32-1ubuntu1.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4127-2: Python vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

python2.7, python3.4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary

Several security issues were fixed in Python.

Software Description

  • python2.7 - An interactive high-level object-oriented language
  • python3.4 - An interactive high-level object-oriented language

Details

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-20406)

It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852)

Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160)

Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-5010)

It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947)

Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
python2.7 - 2.7.6-8ubuntu0.6+esm2
python2.7-minimal - 2.7.6-8ubuntu0.6+esm2
python3.4 - 3.4.3-1ubuntu1~14.04.7+esm2
python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm2
Ubuntu 12.04 ESM
python2.7 - 2.7.3-0ubuntu3.14
python2.7-minimal - 2.7.3-0ubuntu3.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4126-2: FreeType vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

freetype vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary

FreeType could be made to expose sensitive information if it opened a specially crafted font file.

Software Description

  • freetype - FreeType 2 is a font engine library

Details

USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9381, CVE-2015-9382)

Original advisory details:

It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9383)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libfreetype6 - 2.5.2-1ubuntu2.8+esm1
Ubuntu 12.04 ESM
libfreetype6 - 2.4.8-1ubuntu2.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4127-1: Python vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

python2.7, python3.5, python3.6, python3.7 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Python.

Software Description

  • python2.7 - An interactive high-level object-oriented language
  • python3.7 - An interactive high-level object-oriented language
  • python3.6 - An interactive high-level object-oriented language
  • python3.5 - An interactive high-level object-oriented language

Details

It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406)

It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852)

Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160)

Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010)

It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947)

Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
python2.7 - 2.7.16-2ubuntu0.1
python2.7-minimal - 2.7.16-2ubuntu0.1
python3.7 - 3.7.3-2ubuntu0.1
python3.7-minimal - 3.7.3-2ubuntu0.1
Ubuntu 18.04 LTS
python2.7 - 2.7.15-4ubuntu4~18.04.1
python2.7-minimal - 2.7.15-4ubuntu4~18.04.1
python3.6 - 3.6.8-1~18.04.2
python3.6-minimal - 3.6.8-1~18.04.2
Ubuntu 16.04 LTS
python2.7 - 2.7.12-1ubuntu0~16.04.8
python2.7-minimal - 2.7.12-1ubuntu0~16.04.8
python3.5 - 3.5.2-2ubuntu0~16.04.8
python3.5-minimal - 3.5.2-2ubuntu0~16.04.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 1 von 312 Seiten (Bei Beitrag 1 - 35)
10.910x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]