SECURITY

USN-4295-1: Rake vulnerability rake vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Rake could be made run arbitrary commands it received a specially crafted file. Software Description rake – Ruby make-like utility Details It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 rake – 12.3.1-3ubuntu0.1 Ubuntu 18.04 LTS rake – 12.3.1-1ubuntu0.1 Ubuntu 16.04 LTS rake – 10.5.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-8130 Source: USN-4295-1: Rake vulnerability

USN-4290-2: libpam-radius-auth vulnerability libpam-radius-auth vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary libpam-radius-auth could be made to crash if it received specially crafted network traffic. Software Description libpam-radius-auth – The PAM RADIUS authentication module Details USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libpam-radius-auth – 1.3.17-0ubuntu4+esm1 Ubuntu 12.04 ESM libpam-radius-auth – 1.3.17-0ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-4294-1: OpenSMTPD vulnerabilities OpenSMTPD vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in opensmtpd. Software Description opensmtpd – secure, reliable, lean, and easy-to configure SMTP server Details It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. (CVE-2020-8794) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem. (CVE-2020-8793) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 opensmtpd – 6.0.3p1-6ubuntu0.2 Ubuntu 18.04 LTS opensmtpd – 6.0.3p1-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-4288-2: ppp vulnerability ppp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ppp could be made to crash or run programs if it received specially crafted network traffic. Software Description ppp – Point-to-Point Protocol (PPP) Details USN-4288-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM ppp – 2.4.5-5.1ubuntu2.3+esm1 Ubuntu 12.04 ESM ppp – 2.4.5-5ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4293-1: libarchive vulnerabilities libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libarchive. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. (CVE-2020-9308) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libarchive13 – 3.4.0-1ubuntu0.1 Ubuntu 18.04 LTS libarchive13 – 3.2.2-3.1ubuntu0.6 Ubuntu 16.04 LTS libarchive13 – 3.1.2-11ubuntu0.16.04.8 To update your system, [ more… ]