Articles by KENNETH

USN-4062-1: WavPack vulnerabilities wavpack vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary WavPack could be made to crash if it received a specially crafted WAV file. Software Description wavpack – audio codec (lossy and lossless) – encoder and decoder Details Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwavpack1 – 5.1.0-5ubuntu0.2 wavpack – 5.1.0-5ubuntu0.2 Ubuntu 18.04 LTS libwavpack1 – 5.1.0-2ubuntu1.4 wavpack – 5.1.0-2ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1010315 CVE-2019-1010317 CVE-2019-1010318 CVE-2019-1010319 Source: USN-4062-1: WavPack vulnerabilities

USN-4060-2: NSS vulnerabilities nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in NSS. Software Description nss – Network Security Service library Details USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-4061-1: Redis vulnerabilities redis vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Redis. Software Description redis – Persistent key-value database with network interface Details It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 redis – 5:5.0.3-4ubuntu0.1 redis-tools – 5:5.0.3-4ubuntu0.1 Ubuntu 18.04 LTS redis – 5:4.0.9-1ubuntu0.2 redis-tools – 5:4.0.9-1ubuntu0.2 Ubuntu 16.04 LTS redis-tools – 2:3.0.6-1ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-10192 CVE-2019-10193 Source: [ more… ]

USN-4060-1: NSS vulnerabilities nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in NSS. Software Description nss – Network Security Service library Details Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. (CVE-2019-11727) Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in [ more… ]