SECURITY

USN-4199-1: libvpx vulnerabilities libvpx vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libvpx. Software Description libvpx – VP8 and VP9 video codec Details It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libvpx5 – 1.7.0-3ubuntu0.19.04.1 Ubuntu 18.04 LTS libvpx5 – 1.7.0-3ubuntu0.18.04.1 Ubuntu 16.04 LTS libvpx3 – 1.5.0-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-13194 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 [ more… ]

USN-4189-2: DPDK regression dpdk regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary USN-4189-1 introduced a regression in DPDK. Software Description dpdk – set of libraries for fast packet processing Details USN-4189-1 fixed a vulnerability in DPDK. The new version introduced a regression in certain environments. This update fixes the problem. Original advisory details: Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this issue to cause DPDK to leak resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 dpdk – 18.11.5-0ubuntu0.19.10.1 Ubuntu 19.04 dpdk – 18.11.5-0ubuntu0.19.04.1 Ubuntu 18.04 LTS dpdk – 17.11.9-0ubuntu18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update [ more… ]

USN-4198-1: DjVuLibre vulnerabilities djvulibre vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in DjVuLibre. Software Description djvulibre – DjVu image format library and tools Details It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libdjvulibre21 – 3.5.27.1-13ubuntu0.1 Ubuntu 19.04 libdjvulibre21 – 3.5.27.1-10ubuntu0.1 Ubuntu 18.04 LTS libdjvulibre21 – 3.5.27.1-8ubuntu0.1 Ubuntu 16.04 LTS libdjvulibre21 – 3.5.27.1-5ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]

USN-4197-1: Bind vulnerability bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Bind could be made to consume resources if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 bind9 – 1:9.11.5.P4+dfsg-5.1ubuntu2.1 Ubuntu 19.04 bind9 – 1:9.11.5.P1+dfsg-1ubuntu2.6 Ubuntu 18.04 LTS bind9 – 1:9.11.3+dfsg-1ubuntu1.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-6477 Source: USN-4197-1: Bind vulnerability