SECURITY

USN-4159-1: Exiv2 vulnerability exiv2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Exiv2 could be made to crash if it received a specially crafted file. Software Description exiv2 – EXIF/IPTC/XMP metadata manipulation tool Details It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 exiv2 – 0.25-4ubuntu2.1 libexiv2-14 – 0.25-4ubuntu2.1 Ubuntu 19.04 exiv2 – 0.25-4ubuntu1.2 libexiv2-14 – 0.25-4ubuntu1.2 Ubuntu 18.04 LTS exiv2 – 0.25-3.1ubuntu0.18.04.4 libexiv2-14 – 0.25-3.1ubuntu0.18.04.4 Ubuntu 16.04 LTS exiv2 – 0.25-2.1ubuntu16.04.5 libexiv2-14 – 0.25-2.1ubuntu16.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-4155-2: Aspell vulnerability aspell vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Summary Aspell could be made to expose sensitive information if it received a specially crafted input. Software Description aspell – GNU Aspell spell-checker Details USN-4155-1 fixed a vulnerability in Aspell. This update provides the corresponding update for Ubuntu 19.10. Original advisory details: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 aspell – 0.60.7-3ubuntu0.1 libaspell15 – 0.60.7-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4155-1 CVE-2019-17544 Source: USN-4155-2: Aspell vulnerability

USN-4157-1: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt [ more… ]