SECURITY

USN-4219-1: libssh vulnerability libssh vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libssh could be made to run programs under certain conditions. Software Description libssh – A tiny C SSH library Details It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libssh-4 – 0.9.0-1ubuntu1.3 Ubuntu 19.04 libssh-4 – 0.8.6-3ubuntu0.3 Ubuntu 18.04 LTS libssh-4 – 0.8.0~20170825.94fa1e38-1ubuntu0.5 Ubuntu 16.04 LTS libssh-4 – 0.6.3-4.3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-4218-1: GNU C vulnerability eglibc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GNU C could be made to execute arbitrary code or cause a crash if it received a specially crafted input. Software Description eglibc – GNU C Library Details Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libc6 – 2.19-0ubuntu6.15+esm1 Ubuntu 12.04 ESM libc6 – 2.15-0ubuntu10.22 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-6485 Source: USN-4218-1: GNU C vulnerability

USN-4217-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libsmbclient – 2:4.10.7+dfsg-0ubuntu2.3 samba – 2:4.10.7+dfsg-0ubuntu2.3 Ubuntu 19.04 libsmbclient – 2:4.10.0+dfsg-0ubuntu2.7 samba – 2:4.10.0+dfsg-0ubuntu2.7 Ubuntu 18.04 LTS libsmbclient – 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 Ubuntu 16.04 LTS libsmbclient [ more… ]

USN-4216-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – 71.0+build5-0ubuntu0.19.10.1 Ubuntu 19.04 firefox – 71.0+build5-0ubuntu0.19.04.1 Ubuntu 18.04 LTS firefox – 71.0+build5-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]

USN-4215-1: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary NSS could be made to crash if it received a specially crafted certificate. Software Description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain certificates. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libnss3 – 2:3.42-1ubuntu2.4 Ubuntu 18.04 LTS libnss3 – 2:3.35-2ubuntu2.6 Ubuntu 16.04 LTS libnss3 – 2:3.28.4-0ubuntu0.16.04.9 Ubuntu 14.04 ESM libnss3 – 2:3.28.4-0ubuntu0.14.04.5+esm3 Ubuntu 12.04 ESM libnss3 – 2:3.28.4-0ubuntu0.12.04.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer [ more… ]