1. Server >
  2. Unix Server


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Unix Server


Suchen

News RSS Quellen: 8x
News Kategorien unterhalb von Unix Server: 0x
News RSS Feeds dieser Unix Server Kategorie: RSS Feed Unix Server
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 7 von 144 Seiten (Bei Beitrag 210 - 245)
5.010x Beiträge in dieser Kategorie

Auf Seite 6 zurück | Nächste 8 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [7] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ]

USN-4096-1: Linux kernel (AWS) vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux-aws, linux-aws-hwe vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

The system could be made to expose sensitive information.

Software Description

  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems

Details

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
linux-image-5.0.0-1012-aws - 5.0.0-1012.13
linux-image-aws - 5.0.0.1012.12
Ubuntu 18.04 LTS
linux-image-4.15.0-1045-aws - 4.15.0-1045.47
linux-image-aws - 4.15.0.1045.44
Ubuntu 16.04 LTS
linux-image-4.15.0-1045-aws - 4.15.0-1045.47~16.04.1
linux-image-aws-hwe - 4.15.0.1045.45

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4095-1: Linux kernel vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors

Details

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1054-kvm - 4.4.0-1054.61
linux-image-4.4.0-1090-aws - 4.4.0-1090.101
linux-image-4.4.0-1118-raspi2 - 4.4.0-1118.127
linux-image-4.4.0-1122-snapdragon - 4.4.0-1122.128
linux-image-4.4.0-159-generic - 4.4.0-159.187
linux-image-4.4.0-159-generic-lpae - 4.4.0-159.187
linux-image-4.4.0-159-lowlatency - 4.4.0-159.187
linux-image-4.4.0-159-powerpc-e500mc - 4.4.0-159.187
linux-image-4.4.0-159-powerpc-smp - 4.4.0-159.187
linux-image-4.4.0-159-powerpc64-emb - 4.4.0-159.187
linux-image-4.4.0-159-powerpc64-smp - 4.4.0-159.187
linux-image-aws - 4.4.0.1090.94
linux-image-generic - 4.4.0.159.167
linux-image-generic-lpae - 4.4.0.159.167
linux-image-kvm - 4.4.0.1054.54
linux-image-lowlatency - 4.4.0.159.167
linux-image-powerpc-e500mc - 4.4.0.159.167
linux-image-powerpc-smp - 4.4.0.159.167
linux-image-powerpc64-emb - 4.4.0.159.167
linux-image-powerpc64-smp - 4.4.0.159.167
linux-image-raspi2 - 4.4.0.1118.118
linux-image-snapdragon - 4.4.0.1122.114
linux-image-virtual - 4.4.0.159.167

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4094-1: Linux kernel vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-oem - Linux kernel for OEM processors
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)

Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615)

Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609)

Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)

Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)

Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856)

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)

It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)

It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)

It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1021-oracle - 4.15.0-1021.23
linux-image-4.15.0-1040-gcp - 4.15.0-1040.42
linux-image-4.15.0-1040-gke - 4.15.0-1040.42
linux-image-4.15.0-1042-kvm - 4.15.0-1042.42
linux-image-4.15.0-1043-raspi2 - 4.15.0-1043.46
linux-image-4.15.0-1050-oem - 4.15.0-1050.57
linux-image-4.15.0-1060-snapdragon - 4.15.0-1060.66
linux-image-4.15.0-58-generic - 4.15.0-58.64
linux-image-4.15.0-58-generic-lpae - 4.15.0-58.64
linux-image-4.15.0-58-lowlatency - 4.15.0-58.64
linux-image-gcp - 4.15.0.1040.42
linux-image-generic - 4.15.0.58.60
linux-image-generic-lpae - 4.15.0.58.60
linux-image-gke - 4.15.0.1040.43
linux-image-gke-4.15 - 4.15.0.1040.43
linux-image-kvm - 4.15.0.1042.42
linux-image-lowlatency - 4.15.0.58.60
linux-image-oem - 4.15.0.1050.54
linux-image-oracle - 4.15.0.1021.24
linux-image-powerpc-e500mc - 4.15.0.58.60
linux-image-powerpc-smp - 4.15.0.58.60
linux-image-powerpc64-emb - 4.15.0.58.60
linux-image-powerpc64-smp - 4.15.0.58.60
linux-image-raspi2 - 4.15.0.1043.41
linux-image-snapdragon - 4.15.0.1060.63
linux-image-virtual - 4.15.0.58.60
Ubuntu 16.04 LTS
linux-image-4.15.0-1021-oracle - 4.15.0-1021.23~16.04.1
linux-image-4.15.0-1040-gcp - 4.15.0-1040.42~16.04.1
linux-image-4.15.0-1055-azure - 4.15.0-1055.60
linux-image-4.15.0-58-generic - 4.15.0-58.64~16.04.1
linux-image-4.15.0-58-generic-lpae - 4.15.0-58.64~16.04.1
linux-image-4.15.0-58-lowlatency - 4.15.0-58.64~16.04.1
linux-image-azure - 4.15.0.1055.58
linux-image-gcp - 4.15.0.1040.54
linux-image-generic-hwe-16.04 - 4.15.0.58.79
linux-image-generic-lpae-hwe-16.04 - 4.15.0.58.79
linux-image-gke - 4.15.0.1040.54
linux-image-lowlatency-hwe-16.04 - 4.15.0.58.79
linux-image-oem - 4.15.0.58.79
linux-image-oracle - 4.15.0.1021.15
linux-image-virtual-hwe-16.04 - 4.15.0.58.79

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4093-1: Linux kernel vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
linux-image-5.0.0-1013-gcp - 5.0.0-1013.13
linux-image-5.0.0-1013-kvm - 5.0.0-1013.14
linux-image-5.0.0-1014-azure - 5.0.0-1014.14
linux-image-5.0.0-1014-raspi2 - 5.0.0-1014.14
linux-image-5.0.0-1018-snapdragon - 5.0.0-1018.19
linux-image-5.0.0-25-generic - 5.0.0-25.26
linux-image-5.0.0-25-generic-lpae - 5.0.0-25.26
linux-image-5.0.0-25-lowlatency - 5.0.0-25.26
linux-image-azure - 5.0.0.1014.13
linux-image-gcp - 5.0.0.1013.13
linux-image-generic - 5.0.0.25.26
linux-image-generic-lpae - 5.0.0.25.26
linux-image-gke - 5.0.0.1013.13
linux-image-kvm - 5.0.0.1013.13
linux-image-lowlatency - 5.0.0.25.26
linux-image-raspi2 - 5.0.0.1014.11
linux-image-snapdragon - 5.0.0.1018.11
linux-image-virtual - 5.0.0.25.26
Ubuntu 18.04 LTS
linux-image-5.0.0-1014-azure - 5.0.0-1014.14~18.04.1
linux-image-5.0.0-25-generic - 5.0.0-25.26~18.04.1
linux-image-5.0.0-25-generic-lpae - 5.0.0-25.26~18.04.1
linux-image-5.0.0-25-lowlatency - 5.0.0-25.26~18.04.1
linux-image-azure - 5.0.0.1014.25
linux-image-generic-hwe-18.04 - 5.0.0.25.82
linux-image-generic-lpae-hwe-18.04 - 5.0.0.25.82
linux-image-lowlatency-hwe-18.04 - 5.0.0.25.82
linux-image-snapdragon-hwe-18.04 - 5.0.0.25.82
linux-image-virtual-hwe-18.04 - 5.0.0.25.82

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4070-3

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4070-3 - USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758,CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3. Ubuntu 19.04 has been updated to MariaDB 10.3.17. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2466-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. An improper authorization issue was addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4070-2

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4070-2 - USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.41. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Security: Mangelnde Rechteprüfung in CloudForms (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in MariaDB (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

USN-4070-3: MariaDB vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

MariaDB vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04

Summary

Several security issues were fixed in MariaDB.

Software Description

  • mariadb-10.3 - MariaDB database

Details

USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3.

Ubuntu 19.04 LTS has been updated to MariaDB 10.3.17.

In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10317-changelog/ https://mariadb.com/kb/en/library/mariadb-10317-release-notes/

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues.

Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libmariadb-dev - 1:10.3.17-0ubuntu0.19.04.1
libmariadb-dev-compat - 1:10.3.17-0ubuntu0.19.04.1
libmariadb3 - 1:10.3.17-0ubuntu0.19.04.1
libmariadbclient-dev - 1:10.3.17-0ubuntu0.19.04.1
libmariadbd-dev - 1:10.3.17-0ubuntu0.19.04.1
libmariadbd19 - 1:10.3.17-0ubuntu0.19.04.1
mariadb-backup - 1:10.3.17-0ubuntu0.19.04.1
mariadb-client - 1:10.3.17-0ubuntu0.19.04.1
mariadb-client-10.3 - 1:10.3.17-0ubuntu0.19.04.1
mariadb-client-core-10.3 - 1:10.3.17-0ubuntu0.19.04.1
mariadb-common - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-connect - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-cracklib-password-check - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-gssapi-client - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-gssapi-server - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-mroonga - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-oqgraph - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-rocksdb - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-spider - 1:10.3.17-0ubuntu0.19.04.1
mariadb-plugin-tokudb - 1:10.3.17-0ubuntu0.19.04.1
mariadb-server - 1:10.3.17-0ubuntu0.19.04.1
mariadb-server-10.3 - 1:10.3.17-0ubuntu0.19.04.1
mariadb-server-core-10.3 - 1:10.3.17-0ubuntu0.19.04.1
mariadb-test - 1:10.3.17-0ubuntu0.19.04.1
mariadb-test-data - 1:10.3.17-0ubuntu0.19.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

News: Tuxedo Computers rüstet Notebooks mit Deep Learning-Fähigkeiten aus

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Der Linux-Notebookausrüster Tuxedo Computers aus dem bayrischen Königsbrunn rüstet einige seiner Notebooks mit der Option für Deep Learning aus.
News Bewertung

Weiterlesen Weiterlesen

News: Qt 6 Ende 2020

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Die freie Klassenbibliothek Qt soll Ende 2020 einen Versionssprung auf Version 6 machen. Dabei soll die Kompatibilität zu Qt 5 weitgehend gewahrt werden, während notwendige Modernisierungen einfließen können und veraltete Module entfernt werden.
News Bewertung

Weiterlesen Weiterlesen

News: Nextcloud schreibt seine Mission fest

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Das Open-Source-Unternehmen Nextcloud hat seine Werte und seine Mission weiter formalisiert und auf seiner Webseite verankert.
News Bewertung

Weiterlesen Weiterlesen

News: EGroupware 19.1 angekündigt

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Die EGroupware GmbH hat eine neue Version ihrer Groupware angekündigt. Unter den Neuerungen fallen vor allem ein Messenger, Funktionen zur Erfüllung der DSGVO und verbesserte Sicherheit durch Zwei-Faktor Authentifizierung auf.
News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in mingw-sqlite (Fedora)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in chromium (Debian)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Ausführen beliebiger Kommandos in kf5-kconfig (Fedora)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Pufferüberlauf in poppler (Fedora)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Denial of Service in poppler (Fedora)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

DSA-4497 linux - security update

Zur Kategorie wechselnUnix Server vom | Quelle: debian.org Direktlink direkt öffnen

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


News Bewertung

Weiterlesen Weiterlesen

Security: Mangelnde Rechteprüfung in ghostscript (Debian)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Ausführen beliebiger Kommandos in zstd (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Mangelnde Rechteprüfung in ghostscript (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Mangelnde Rechteprüfung in Ghostscript (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Denial of Service in poppler (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4499-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4499-1 - Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2465-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2465-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2462-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2462-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4092-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4092-1 - Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.
News Bewertung

Weiterlesen Weiterlesen

USN-4070-2: MariaDB vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

MariaDB vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS

Summary

Several security issues were fixed in MariaDB

Software Description

  • mariadb-10.1 - MariaDB database

Details

USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805 in MariaDB 10.1.

Ubuntu 18.04 LTS has been updated to MariaDB 10.1.41.

In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10141-changelog/ https://mariadb.com/kb/en/library/mariadb-10141-release-notes/

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues.

Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libmariadbclient-dev - 1:10.1.41-0ubuntu0.18.04.1
libmariadbclient-dev-compat - 1:10.1.41-0ubuntu0.18.04.1
libmariadbclient18 - 1:10.1.41-0ubuntu0.18.04.1
libmariadbd-dev - 1:10.1.41-0ubuntu0.18.04.1
libmariadbd18 - 1:10.1.41-0ubuntu0.18.04.1
mariadb-client - 1:10.1.41-0ubuntu0.18.04.1
mariadb-client-10.1 - 1:10.1.41-0ubuntu0.18.04.1
mariadb-client-core-10.1 - 1:10.1.41-0ubuntu0.18.04.1
mariadb-common - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-connect - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-cracklib-password-check - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-gssapi-client - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-gssapi-server - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-mroonga - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-oqgraph - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-spider - 1:10.1.41-0ubuntu0.18.04.1
mariadb-plugin-tokudb - 1:10.1.41-0ubuntu0.18.04.1
mariadb-server - 1:10.1.41-0ubuntu0.18.04.1
mariadb-server-10.1 - 1:10.1.41-0ubuntu0.18.04.1
mariadb-server-core-10.1 - 1:10.1.41-0ubuntu0.18.04.1
mariadb-test - 1:10.1.41-0ubuntu0.18.04.1
mariadb-test-data - 1:10.1.41-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

Ghidra (Linux) 9.0.4 Arbitrary Code Execution

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ghidra (Linux) version 9.0.4 suffers from a .gar related arbitrary code execution vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4498-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4498-1 - Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection,
News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4496-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4496-1 - Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4495-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4495-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4494-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.
News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 7 von 144 Seiten (Bei Beitrag 210 - 245)
5.010x Beiträge in dieser Kategorie

Auf Seite 6 zurück | Nächste 8 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [7] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ]