SECURITY

USN-4171-2: Apport vulnerabilities apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-1 fixed several vulnerabilities in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by [ more… ]

USN-4172-2: file vulnerability file vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary file could be made to crash or run programs if it opened a specially crafted file. Software Description file – Tool to determine file types Details USN-4172-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM Ubuntu 14.04 ESM. Original advisory details: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM file – 1:5.14-2ubuntu3.4+esm1 libmagic1 – 1:5.14-2ubuntu3.4+esm1 Ubuntu 12.04 ESM file – 5.09-2ubuntu0.8 libmagic1 – 5.09-2ubuntu0.8 To update your system, please follow these instructions: [ more… ]

USN-4170-2: Whoopsie regression whoopsie regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4170-1 caused a regression in Whoopsie. Software Description whoopsie – Ubuntu error tracker submission Details USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libwhoopsie0 – 0.2.66ubuntu0.2 whoopsie – 0.2.66ubuntu0.2 Ubuntu 19.04 libwhoopsie0 – 0.2.64ubuntu0.3 whoopsie – 0.2.64ubuntu0.3 Ubuntu 18.04 LTS libwhoopsie0 [ more… ]

USN-4173-1: FreeTDS vulnerability freetds vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary FreeTDS could be made to crash or run programs if it received specially crafted network traffic. Software Description freetds – libraries for connecting to MS SQL and Sybase SQL servers Details Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 freetds-bin – 1.1.6-1ubuntu0.1 libct4 – 1.1.6-1ubuntu0.1 libsybdb5 – 1.1.6-1ubuntu0.1 tdsodbc – 1.1.6-1ubuntu0.1 Ubuntu 19.04 freetds-bin – 1.00.104-1ubuntu0.1 libct4 – 1.00.104-1ubuntu0.1 libsybdb5 – 1.00.104-1ubuntu0.1 tdsodbc – 1.00.104-1ubuntu0.1 Ubuntu 18.04 LTS freetds-bin – [ more… ]

USN-4172-1: file vulnerability file vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary file could be made to crash or run programs if it opened a specially crafted file. Software Description file – Tool to determine file types Details It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 file – 1:5.37-5ubuntu0.1 libmagic1 – 1:5.37-5ubuntu0.1 Ubuntu 19.04 file – 1:5.35-4ubuntu0.1 libmagic1 – 1:5.35-4ubuntu0.1 Ubuntu 18.04 LTS file – 1:5.32-2ubuntu0.3 libmagic1 – 1:5.32-2ubuntu0.3 Ubuntu 16.04 LTS file – 1:5.25-2ubuntu1.3 libmagic1 – 1:5.25-2ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]