SECURITY

USN-4016-2: Neovim vulnerability Neovim vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Neovim could be made to run programs as your login if it opened a specially crafted file. Software Description neovim – heavily refactored vim fork Details It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 neovim – 0.3.4-1ubuntu0.19.04.1 neovim-runtime – 0.3.4-1ubuntu0.19.04.1 Ubuntu 18.10 neovim – 0.3.1-1ubuntu0.1 neovim-runtime – 0.3.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4016-1 CVE-2019-12735 Source: USN-4016-2: Neovim vulnerability

USN-4016-1: Vim vulnerabilities vim vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Vim. Software Description vim – Vi IMproved – enhanced vi editor Details It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 vim – 2:8.1.0320-1ubuntu3.1 vim-common – 2:8.1.0320-1ubuntu3.1 vim-gui-common – 2:8.1.0320-1ubuntu3.1 vim-runtime – 2:8.1.0320-1ubuntu3.1 Ubuntu 18.10 vim – 2:8.0.1766-1ubuntu1.1 vim-common – 2:8.0.1766-1ubuntu1.1 vim-gui-common – 2:8.0.1766-1ubuntu1.1 vim-runtime – 2:8.0.1766-1ubuntu1.1 Ubuntu 18.04 [ more… ]

USN-4015-1: DBus vulnerability dbus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary DBus could allow unintended access to services. Software Description dbus – simple interprocess messaging system Details Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dbus – 1.12.12-1ubuntu1.1 libdbus-1-3 – 1.12.12-1ubuntu1.1 Ubuntu 18.10 dbus – 1.12.10-1ubuntu2.1 libdbus-1-3 – 1.12.10-1ubuntu2.1 Ubuntu 18.04 LTS dbus – 1.12.2-1ubuntu1.1 libdbus-1-3 – 1.12.2-1ubuntu1.1 Ubuntu 16.04 LTS dbus – 1.10.6-1ubuntu3.4 libdbus-1-3 – 1.10.6-1ubuntu3.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your [ more… ]

USN-4014-2: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GLib could be made to expose sensitive information if it received a specially crafted file. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details USN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libglib2.0-0 – 2.40.2-0ubuntu1.1+esm1 libglib2.0-bin – 2.40.2-0ubuntu1.1+esm1 libglib2.0-dev – 2.40.2-0ubuntu1.1+esm1 Ubuntu 12.04 ESM libglib2.0-0 – 2.32.4-0ubuntu1.2 libglib2.0-bin – 2.32.4-0ubuntu1.2 libglib2.0-dev – 2.32.4-0ubuntu1.2 To update your system, please follow [ more… ]