SECURITY

USN-4107-1: GIFLIB vulnerabilities giflib vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in GIFLIB. Software Description giflib – library for GIF images (utilities) Details It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977) It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11490, CVE-2019-15133) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 giflib-tools – 5.1.4-3ubuntu0.1 libgif7 – 5.1.4-3ubuntu0.1 Ubuntu 18.04 LTS giflib-tools – 5.1.4-2ubuntu0.1 libgif7 – 5.1.4-2ubuntu0.1 Ubuntu 16.04 LTS giflib-tools – 5.1.4-0.3~16.04.1 libgif7 – 5.1.4-0.3~16.04.1 [ more… ]

USN-4106-1: NLTK vulnerability NLTK vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary NLTK could be made to overwrite files. Software Description nltk – Python libraries for natural language processing Details Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-nltk – 3.4-1ubuntu0.1 python3-nltk – 3.4-1ubuntu0.1 Ubuntu 18.04 LTS python-nltk – 3.2.5-1ubuntu0.1 python3-nltk – 3.2.5-1ubuntu0.1 Ubuntu 16.04 LTS python-nltk – 3.1-1ubuntu0.1 python3-nltk – 3.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-14751 Source: USN-4106-1: NLTK vulnerability

USN-4105-1: CUPS vulnerabilities cups vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in CUPS. Software Description cups – Common UNIX Printing System™ Details Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675) It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 cups – 2.2.10-4ubuntu2.1 Ubuntu 18.04 LTS cups – 2.2.7-1ubuntu2.7 Ubuntu 16.04 LTS cups – 2.1.3-4ubuntu0.10 To [ more… ]

USN-4104-1: Nova vulnerability nova vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Nova could be made to expose sensitive information. Software Description nova – OpenStack Compute cloud infrastructure Details Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 nova-compute – 2:19.0.1-0ubuntu2.1 python3-nova – 2:19.0.1-0ubuntu2.1 Ubuntu 18.04 LTS nova-compute – 2:17.0.10-0ubuntu2.1 python-nova – 2:17.0.10-0ubuntu2.1 Ubuntu 16.04 LTS nova-compute – 2:13.1.4-0ubuntu4.5 python-nova – 2:13.1.4-0ubuntu4.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4103-2: Docker vulnerability Docker vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Docker could be made to crash or run programs as your login. Software Description docker.io – Linux container runtime Details Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 docker.io – 18.09.7-0ubuntu1~19.04.5 Ubuntu 18.04 LTS docker.io – 18.09.7-0ubuntu1~18.04.4 Ubuntu 16.04 LTS [ more… ]