SECURITY

USN-4371-1: libvirt vulnerabilities libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in libvirt. Software Description libvirt – Libvirt virtualization toolkit Details It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2020-10703) It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2020-12430) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libvirt-clients – 5.4.0-0ubuntu5.4 libvirt-daemon – 5.4.0-0ubuntu5.4 libvirt0 – 5.4.0-0ubuntu5.4 Ubuntu 18.04 [ more… ]

USN-4370-1: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3341) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS clamav – 0.102.3+dfsg-0ubuntu0.20.04.1 Ubuntu 19.10 clamav – 0.102.3+dfsg-0ubuntu0.19.10.1 Ubuntu 18.04 LTS clamav – 0.102.3+dfsg-0ubuntu0.18.04.1 Ubuntu 16.04 LTS [ more… ]

USN-4369-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi (V7) systems linux-aws-5.3 – Linux kernel for Amazon Web Services (AWS) systems linux-gcp-5.3 – Linux kernel for Google Cloud Platform (GCP) systems linux-gke-5.3 – Linux kernel for Google Container Engine (GKE) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oracle-5.3 – Linux kernel for Oracle Cloud systems Details It was [ more… ]

USN-4365-2: Bind vulnerabilities bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in Bind. Software Description bind9 – Internet Domain Name Server Details USN-4365-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update [ more… ]

LSN-0067-1: Kernel Live Patch Security Notice Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-oem – Linux kernel for OEM systems Details It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 18.04 LTS aws – 67.1 azure – 67.1 gcp – 67.1 generic – 67.1 [ more… ]