SECURITY

USN-4237-2: SpamAssassin vulnerabilities spamassassin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in SpamAssassin. Software Description spamassassin – Perl-based spam filter using text analysis Details USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. (CVE-2019-12420) Update instructions The problem can be corrected by updating your system to the following [ more… ]

USN-4238-1: SDL_image vulnerabilities sdl-image1.2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SDL_image. Software Description sdl-image1.2 – Image loading library for Simple DirectMedia Layer 1.2 Details It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libsdl-image1.2 – 1.2.12-8ubuntu0.1 Ubuntu 16.04 LTS libsdl-image1.2 – 1.2.12-5+deb9u1ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-3977 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 CVE-2019-13616 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 Source: USN-4238-1: SDL_image vulnerabilities

USN-4236-2: Libgcrypt vulnerability libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Libgcrypt could be made to expose sensitive information. Software Description libgcrypt20 – LGPL Crypto library Details USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libgcrypt20 – 1.6.5-2ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4236-1 CVE-2019-13627 Source: USN-4236-2: Libgcrypt vulnerability

USN-4237-1: SpamAssassin vulnerabilities spamassassin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SpamAssassin. Software Description spamassassin – Perl-based spam filter using text analysis Details It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. (CVE-2019-12420) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 spamassassin – 3.4.2-1ubuntu0.19.10.1 Ubuntu 19.04 spamassassin – 3.4.2-1ubuntu0.19.04.1 Ubuntu 18.04 LTS spamassassin – 3.4.2-0ubuntu0.18.04.2 [ more… ]

USN-4236-1: Libgcrypt vulnerability libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Libgcrypt could be made to expose sensitive information. Software Description libgcrypt20 – LGPL Crypto library Details It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libgcrypt20 – 1.8.4-5ubuntu2.1 Ubuntu 19.04 libgcrypt20 – 1.8.4-3ubuntu1.1 Ubuntu 18.04 LTS libgcrypt20 – 1.8.1-4ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13627 Source: USN-4236-1: Libgcrypt vulnerability