SECURITY

USN-4217-2: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libsmbclient – 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 To update your system, please follow these instructions: [ more… ]

USN-4221-1: libpcap vulnerability libpcap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Applications using libpcap could be made to crash if given specially crafted data. Software Description libpcap – Library for for user-level network packet capture Details It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libpcap0.8 – 1.8.1-6ubuntu1.19.04.1 Ubuntu 18.04 LTS libpcap0.8 – 1.8.1-6ubuntu1.18.04.1 Ubuntu 16.04 LTS libpcap0.8 – 1.7.4-2ubuntu0.1 Ubuntu 14.04 ESM libpcap0.8 – 1.5.3-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-4202-2: Thunderbird regression thunderbird regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary USN-4202-1 caused a regression in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an [ more… ]

USN-4220-1: Git vulnerabilities git vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Git. Software Description git – fast, scalable, distributed revision control system Details Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 git – 1:2.20.1-2ubuntu1.19.10.1 Ubuntu 19.04 git – 1:2.20.1-2ubuntu1.19.04.1 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.5 Ubuntu 16.04 LTS git – 1:2.7.4-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1348 CVE-2019-1349 [ more… ]