SECURITY

USN-4360-1: json-c vulnerability json-c vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary json-c could be made to execute arbitrary code if it received a specially crafted JSON file. Software Description json-c – JSON manipulation library Details It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjson-c4 – 0.13.1+dfsg-7ubuntu0.1 Ubuntu 19.10 libjson-c4 – 0.13.1+dfsg-4ubuntu0.1 Ubuntu 18.04 LTS libjson-c3 – 0.12.1-1.3ubuntu0.1 Ubuntu 16.04 LTS libjson-c2 – 0.11-4ubuntu2.1 libjson0 – 0.11-4ubuntu2.1 Ubuntu 14.04 ESM libjson-c2 – 0.11-3ubuntu1.2+esm1 libjson0 – 0.11-3ubuntu1.2+esm1 Ubuntu 12.04 ESM libjson0 – 0.9-1ubuntu1.2 To update your system, [ more… ]

USN-4359-1: APT vulnerability apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary APT could be made to crash if it opened a specially crafted file. Software Description apt – Advanced front-end for dpkg Details It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS apt – 2.0.2ubuntu0.1 Ubuntu 19.10 apt – 1.9.4ubuntu0.1 Ubuntu 18.04 LTS apt – 1.6.12ubuntu0.1 Ubuntu 16.04 LTS apt – 1.2.32ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-4358-1: libexif vulnerabilities libexif vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libexif. Software Description libexif – library to parse EXIF files Details It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libexif12 – 0.6.21-6ubuntu0.1 Ubuntu 19.10 libexif12 – 0.6.21-5.1ubuntu0.2 Ubuntu 18.04 LTS libexif12 – 0.6.21-4ubuntu0.2 Ubuntu 16.04 LTS libexif12 – 0.6.21-2ubuntu0.2 Ubuntu 14.04 ESM libexif12 – 0.6.21-1ubuntu1+esm2 [ more… ]

USN-4357-1: IPRoute vulnerability iproute2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary IPRoute could be made to execute arbitrary code if it received a specially crafted input. Software Description iproute2 – networking and traffic control tools Details It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS iproute2 – 4.15.0-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-20795 Source: USN-4357-1: IPRoute vulnerability