SECURITY

USN-4267-1: ARM mbed TLS vulnerabilities mbedtls vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in mbedtls. Software Description mbedtls – lightweight crypto and SSL/TLS library – crypto library Details It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. (CVE-2017-18187) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. (CVE-2018-0487) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (heap corruption) via a [ more… ]

USN-4266-1: GraphicsMagick vulnerabilities graphicsmagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in GraphicsMagick. Software Description graphicsmagick – collection of image processing tools Details It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS graphicsmagick – 1.3.23-1ubuntu0.6 libgraphicsmagick++-q16-12 – 1.3.23-1ubuntu0.6 libgraphicsmagick-q16-3 – 1.3.23-1ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 CVE-2017-18219 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 Source: USN-4266-1: GraphicsMagick vulnerabilities

USN-4265-2: SpamAssassin vulnerabilities spamassassin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in SpamAssassin. Software Description spamassassin – Perl-based spam filter using text analysis Details USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM spamassassin – 3.4.2-0ubuntu0.14.04.1+esm2 Ubuntu 12.04 ESM spamassassin – 3.4.2-0ubuntu0.12.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-4265-1: SpamAssassin vulnerabilities spamassassin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SpamAssassin. Software Description spamassassin – Perl-based spam filter using text analysis Details It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 spamassassin – 3.4.2-1ubuntu0.19.10.2 Ubuntu 18.04 LTS spamassassin – 3.4.2-0ubuntu0.18.04.3 Ubuntu 16.04 LTS spamassassin – 3.4.2-0ubuntu0.16.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-1930 CVE-2020-1931 Source: USN-4265-1: SpamAssassin vulnerabilities

USN-4264-1: Django vulnerability python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Django could be vulnerable to SQL injection attacks. Software Description python-django – High-level Python web development framework Details Simon Charette discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection attacks. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-django – 1:1.11.22-1ubuntu1.2 python3-django – 1:1.11.22-1ubuntu1.2 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.7 python3-django – 1:1.11.11-1ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-7471 Source: USN-4264-1: Django vulnerability