SECURITY

USN-4341-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Samba could be made to consume resources if it received a specially crafted LDAP query. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]

USN-4348-1: Mailman vulnerabilities mailman vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Mailman. Software Description mailman – Web-based mailing list manager (legacy branch) Details It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12137) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS mailman – 1:2.1.26-1ubuntu0.1 Ubuntu 16.04 LTS mailman – 1:2.1.20-1ubuntu0.4 To update [ more… ]

USN-4347-1: WebKitGTK vulnerability webkit2gtk vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.20.04.1 Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.18.04.1 To update your system, [ more… ]

USN-4341-3: Samba regression samba regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-4341-1 introduced a regression in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS samba – 2:4.3.11+dfsg-0ubuntu0.16.04.27 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]