SECURITY

USN-4057-1: Zipios vulnerability Zipios vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Zipios could be made to crash or consume system resources if it received specially crafted input. Software Description zipios++ – small C++ library for reading zip files (development) Details Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1 Ubuntu 18.10 libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1 Ubuntu 18.04 LTS libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1 Ubuntu 16.04 LTS libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-4058-1: Bash vulnerability bash vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary A system hardening measure could be bypassed. Software Description bash – GNU Bourne Again SHell Details It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS bash – 4.3-14ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-9924 Source: USN-4058-1: Bash vulnerability

USN-4055-1: flightcrew vulnerabilities flightcrew vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in FlightCrew. Software Description flightcrew – C++ epub validator and plugin for Sigil Details Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. (CVE-2019-13032) Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2019-13241) Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update instructions The problem can be corrected by updating your system to [ more… ]

USN-4056-1: Exiv2 vulnerabilities exiv2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Exiv2. Software Description exiv2 – EXIF/IPTC/XMP metadata manipulation tool Details It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19107, CVE-2018-19108) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19535, CVE-2019-13112) It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13110, CVE-2019-13113) It was discovered that incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. [ more… ]

USN-4054-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, [ more… ]