Articles by KENNETH

USN-3895-1: LDB vulnerability ldb vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LDB could be made to crash if it received specially crafted network traffic. Software Description ldb – LDAP-like embedded database – tools Details It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libldb1 – 2:1.4.0+really1.3.5-2ubuntu0.1 Ubuntu 18.04 LTS libldb1 – 2:1.2.3-1ubuntu0.1 Ubuntu 16.04 LTS libldb1 – 2:1.1.24-1ubuntu3.1 Ubuntu 14.04 LTS libldb1 – 1:1.1.24-0ubuntu0.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]

USN-3894-1: GNOME Keyring vulnerability gnome-keyring vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary GNOME Keyring could be made to expose sensitive information. Software Description gnome-keyring – GNOME keyring services Details It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS gnome-keyring – 3.18.3-0ubuntu2.1 libpam-gnome-keyring – 3.18.3-0ubuntu2.1 Ubuntu 14.04 LTS gnome-keyring – 3.10.1-1ubuntu4.4 libpam-gnome-keyring – 3.10.1-1ubuntu4.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References CVE-2018-20781 Source: USN-3894-1: GNOME Keyring vulnerability

USN-3866-3: Ghostscript regression ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3866-2 introduced a regression in Ghostscript. Software Description ghostscript – PostScript and PDF interpreter Details USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – [ more… ]