Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1388 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 7 May 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Swift Publisher: Apple Operating System: Ubuntu Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-4220 Original Bulletin: https://support.apple.com/en-au/HT208804 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 is now available and addresses the following: Swift for Ubuntu Available for: Ubuntu 14.04 Not impacted: Ubuntu 16.04 and 16.10 Impact: A process may gain admin privileges and execute arbitrary code Description: An issue existed in specific versions of Swift on Ubuntu 14.04 where libraries are loaded with write and execute permissions. This issue was addressed with improved permissions. CVE-2018-4220: Apple Installation note: Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 may be obtained from https://swift.org/download. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and the Swift announcements section on the forum: https://forums.swift.org/c/general-announce This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlrsmUcpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbkbA// TuLWltNrBXakVq4NY1wBZ0P+/SYUlw312FHtWrtDcAKNykyfED9bA8AnG0Ux3d1g MdJqT9KkRLXOSunWgiXG8IpWH9KCApeWDV/AE4p6isgOzE4orx02QeHzu9zc7RN6 jBVlfJaGCpTzVuFJRiEimyupjbd5db33N8raRmLxMUKTn0jVjG6ARNS7G+rpUygE 4Dy/lwP05tLWffK1O+w0oihfGsxEl1xiNAcErHTk6Fb/ZVHiITXsuOw9E775dRsM 5fkuyVU6uyhzVNWXkJ9AhOlld7t6gBFNCADMsi+jSqT6EYCHKODBXrar0CfafrsP edAvUE6PopD2i5ee7msdB+WxTLf1J/WPqT4kyD9kD4SwPeE6eN8evTqubNsOF+jc cwhsgFuH34AvsoCea5i5v9mwLpjWodgq6OyMkF0Ee3shVx8HRo2Gm/sjj/THJq/G 76Wkfb2bOcVJ3ncDAHAHO3tWfrqZYD9+Eg5hQLwyRDpBKTBzl9R5yXQZFa0naLdC 1iEzXtom+IeXn9jYqE79qOUkBSMzZQ95j98CklKGfKMz8UtfOzM2+mmwCSx5CAwC H92XBJ7wMyg6EEgByPX89Y4oyg9Ng+reTtAQD2TC9rygEKh5LMJxlhCM+CLDWEqC ys0NCk7M9izqbAZ4zsf+D+Ml/4h71iDBae92JURjhas= =sqwr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWu+pS4x+lLeg9Ub1AQgnuA/9E9Ve8eKdS5rftQN25bxrYGONOt8DAmnJ cj4nMiP1jVMxlzgahsdmzpC+eI6JdpAsZH2qG2rMuGDyWcqjoNfQht+05Xr8MQwM ZGEahReDGJJ967nBDdRdZfamAzV5zy7h4y1mZVCuD1AS2qQtKTWJvwcwd5fRNhNg L/q+Puj3iHNiowRI3vI5fVOUO5CN1rGTR4fknVaECvFYQezSVYLqHAsgmHz7SqCK ZUF/pbsB2cz83nLZ6svWOpufXZgwR6dbWV1xJeGOFkYMZ1EbxLFWGwTJxEz4hfna o9pHs7b5PCQ/s4JD3i58edmTApwTfr69UfkDMdmZyS2AWsFQfwg4RIVyO1lPZjuH pOyzpkMUyUUomQnwoO9eBPaAwljFqZsZ0iyfKeZdhmRckTrzWpgWuveDOwTtdCwr Usj3/96zGyPyI7ESKRCzARAq8+yhMohmQ2GWclProlJ4DWrtbay5P7jTJTWX4I5k c3FJ95DjMjt4HRdEIzJHi6mDhay6n46FnRW6sJSi4SNr+CJghbZWF0GOx/WaxeiS vvSr51JYG5LeT5oUOLKgcGw3UxCQRBhNIc+DkGy/DKr2yuHdN4IBxKiG1gCOtMpM qQxXPbbbfXfipXal767CuUiAmubp8Obl+g38vXd2kiM+N4FRXyemJPsRyorNdSyd Dv8Fpcc5Frg= =SVE7 -----END PGP SIGNATURE-----