SECURITY

USN-4048-1: Docker vulnerabilities Docker vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Docker could be made to overwrite files as the administrator. Software Description docker.io – Linux container runtime Details Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 docker.io – 18.09.7-0ubuntu1~19.04.4 Ubuntu 18.10 docker.io – 18.09.7-0ubuntu1~18.10.3 Ubuntu 18.04 LTS docker.io – 18.09.7-0ubuntu1~18.04.3 Ubuntu 16.04 LTS docker.io – 18.09.7-0ubuntu1~16.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update [ more… ]

USN-4047-1: libvirt vulnerabilities libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libvirt. Software Description libvirt – Libvirt virtualization toolkit Details Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libvirt-clients – 5.0.0-1ubuntu2.4 libvirt-daemon – 5.0.0-1ubuntu2.4 libvirt0 – 5.0.0-1ubuntu2.4 Ubuntu 18.10 libvirt-clients – 4.6.0-2ubuntu3.8 libvirt-daemon – 4.6.0-2ubuntu3.8 libvirt0 – 4.6.0-2ubuntu3.8 Ubuntu 18.04 LTS libvirt-clients – 4.0.0-1ubuntu8.12 libvirt-daemon – 4.0.0-1ubuntu8.12 libvirt0 – 4.0.0-1ubuntu8.12 Ubuntu 16.04 LTS libvirt-bin – 1.3.1-1ubuntu10.27 [ more… ]

USN-4046-1: Irssi vulnerabilities irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Irssi. Software Description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-7054) It was discovered that Irssi incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-13045) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 irssi – 1.2.0-2ubuntu1.1 Ubuntu 18.10 irssi – 1.1.1-1ubuntu1.2 Ubuntu 18.04 LTS irssi – 1.0.5-1ubuntu4.2 Ubuntu 16.04 LTS irssi [ more… ]

USN-4038-4: bzip2 regression bzip2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary USN-4038-1 introduced a regression in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bzip2 – 1.0.6-5ubuntu0.1~esm2 lib32bz2-1.0 – 1.0.6-5ubuntu0.1~esm2 lib64bz2-1.0 – 1.0.6-5ubuntu0.1~esm2 libbz2-1.0 – 1.0.6-5ubuntu0.1~esm2 Ubuntu 12.04 ESM bzip2 – 1.0.6-1ubuntu0.2 lib32bz2-1.0 [ more… ]

USN-4038-3: bzip2 regression bzip2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4038-1 introduced a regression in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 bzip2 – 1.0.6-9ubuntu0.19.04.1 libbz2-1.0 – 1.0.6-9ubuntu0.19.04.1 Ubuntu 18.10 bzip2 – 1.0.6-9ubuntu0.18.10.1 libbz2-1.0 – 1.0.6-9ubuntu0.18.10.1 Ubuntu 18.04 LTS bzip2 – 1.0.6-8.1ubuntu0.2 libbz2-1.0 – 1.0.6-8.1ubuntu0.2 Ubuntu 16.04 LTS bzip2 – 1.0.6-8ubuntu0.2 [ more… ]