SECURITY

USN-4341-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700) It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu [ more… ]

USN-4338-2: re2c vulnerability re2c vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary re2c could be made to execute arbitrary code if it received a specially crafted file. Software Description re2c – tool for generating fast C-based recognizers Details USN-4338-1 fixed vulnerabilities in re2c. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS re2c – 1.3-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4338-1 CVE-2020-11958 Source: USN-4338-2: re2c vulnerability

USN-4332-2: File Roller vulnerability file-roller vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary File Roller could be made to expose sensitive information. Software Description file-roller – archive manager for GNOME Details USN-4332-1 fixed vulnerabilities in File Roller. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS file-roller – 3.36.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4332-1 CVE-2020-11736 Source: USN-4332-2: File Roller vulnerability

USN-4340-1: CUPS vulnerabilities cups vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in CUPS. Software Description cups – Common UNIX Printing System™ Details It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-2228) Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2020-3898) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 cups – 2.3.1-9ubuntu1.1 Ubuntu 19.10 cups [ more… ]

USN-4339-1: OpenEXR vulnerabilities openexr vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenEXR. Software Description openexr – tools for the OpenEXR image format Details Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. [ more… ]