SECURITY

USN-4103-1: docker-credential-helpers vulnerability docker-credential-helpers vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary docker-credential-helpers could be made to crash or run programs as your login Software Description golang-github-docker-docker-credential-helpers – Use native stores to safeguard Docker credentials Details Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 golang-docker-credential-helpers – 0.6.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1020014 Source: USN-4103-1: docker-credential-helpers vulnerability

USN-4078-2: OpenLDAP vulnerabilities openldap vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in OpenLDAP. Software Description openldap – OpenLDAP utilities Details USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 [ more… ]

USN-4102-1: LibreOffice vulnerabilities libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in LibreOffice. Software Description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2019-9852) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libreoffice-core – 1:6.2.6-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libreoffice-core – 1:6.0.7-0ubuntu0.18.04.9 Ubuntu 16.04 LTS libreoffice-core – 1:5.1.6~rc2-0ubuntu1~xenial9 To update your [ more… ]

USN-4100-1: KConfig and KDE libraries vulnerabilities kconfig, kde4libs vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary KConfig and KDE libraries could be made to crash or run programs if it opened a specially crafted file. Software Description kconfig – configuration settings framework for Qt kde4libs – KDE 4 core applications and libraries Details It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. (CVE-2019-14744) It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file. (CVE-2016-6232) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libkdecore5 – 4:4.14.38-0ubuntu6.1 libkf5configcore5 – 5.56.0-0ubuntu1.1 Ubuntu 18.04 [ more… ]

USN-4101-1: Firefox vulnerability firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary A local attacker could obtain saved passwords. Software Description firefox – Mozilla Open Source web browser Details It was discovered that passwords could be copied to the clipboard from the "Saved Logins" dialog without entering the master password, even when a master password has been set. A local attacker could potentially exploit this to obtain saved passwords. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 firefox – 68.0.2+build1-0ubuntu0.19.04.1 Ubuntu 18.04 LTS firefox – 68.0.2+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS firefox – 68.0.2+build1-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to make all the necessary changes. [ more… ]