SECURITY

USN-4274-1: libxml2 vulnerabilities libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libxml2. Software Description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libxml2 – 2.9.4+dfsg1-7ubuntu3.1 libxml2-utils – 2.9.4+dfsg1-7ubuntu3.1 Ubuntu 18.04 LTS libxml2 – 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-utils – 2.9.4+dfsg1-6.1ubuntu1.3 Ubuntu 16.04 LTS libxml2 – 2.9.3+dfsg1-1ubuntu0.7 libxml2-utils – 2.9.3+dfsg1-1ubuntu0.7 Ubuntu 14.04 ESM libxml2 – 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-utils – 2.9.1+dfsg1-3ubuntu4.13+esm1 Ubuntu 12.04 ESM libxml2 – 2.7.8.dfsg-5.1ubuntu4.22 libxml2-utils – 2.7.8.dfsg-5.1ubuntu4.22 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4275-1: Qt vulnerabilities qtbase-opensource-src vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Qt. Software Description qtbase-opensource-src – Qt 5 libraries Details It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2019-18281) It was discovered [ more… ]

USN-4250-2: MariaDB vulnerability mariadb-10.1, mariadb-10.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary MariaDB clients could be made to crash if they received specially crafted input. Software Description mariadb-10.3 – MariaDB database mariadb-10.1 – MariaDB database Details It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libmariadb3 – 1:10.3.22-0ubuntu0.19.10.1 libmariadbd19 – 1:10.3.22-0ubuntu0.19.10.1 mariadb-client – 1:10.3.22-0ubuntu0.19.10.1 mariadb-client-10.3 – 1:10.3.22-0ubuntu0.19.10.1 mariadb-client-core-10.3 – [ more… ]

USN-4273-1: ReportLab vulnerability python-reportlab vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary ReportLab could be made to run programs as your login if it opened a specially crafted file. Software Description python-reportlab – library to create PDF documents Details It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-reportlab – 3.5.23-1ubuntu0.1 python3-reportlab – 3.5.23-1ubuntu0.1 Ubuntu 18.04 LTS python-reportlab – 3.4.0-3ubuntu0.1 python3-reportlab – 3.4.0-3ubuntu0.1 Ubuntu 16.04 LTS python-reportlab – 3.3.0-1ubuntu0.1 python3-reportlab – 3.3.0-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-4272-1: Pillow vulnerabilities pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in Pillow. Software Description pillow – Python Imaging Library Details It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310) It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a [ more… ]