SECURITY

No Image

USN-4616-1: AccountsService vulnerabilities

2020-11-04 KENNETH 0

USN-4616-1: AccountsService vulnerabilities Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14036) Source: USN-4616-1: AccountsService vulnerabilities

No Image

USN-4614-1: GDM vulnerability

2020-11-04 KENNETH 0

USN-4614-1: GDM vulnerability Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user. Source: USN-4614-1: GDM vulnerability

No Image

USN-4613-1: python-cryptography vulnerability

2020-11-03 KENNETH 0

USN-4613-1: python-cryptography vulnerability Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information. Source: USN-4613-1: python-cryptography vulnerability

No Image

USN-4605-2: Blueman update

2020-11-03 KENNETH 0

USN-4605-2: Blueman update Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. (CVE-2020-15238) While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands. Source: USN-4605-2: Blueman update

No Image

USN-4611-1: Samba vulnerabilities

2020-11-02 KENNETH 0

USN-4611-1: Samba vulnerabilities Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. (CVE-2020-14318) Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. (CVE-2020-14323) Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. (CVE-2020-14383) Source: USN-4611-1: Samba vulnerabilities