SECURITY

USN-3964-1: python-gnupg vulnerabilities python-gnupg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in python-gnupg Software Description python-gnupg – Python wrapper for the GNU Privacy Guard Details Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-gnupg – 0.4.3-1ubuntu1.19.04.1 python3-gnupg – 0.4.3-1ubuntu1.19.04.1 Ubuntu 18.10 python-gnupg – 0.4.1-1ubuntu1.18.10.1 python3-gnupg – [ more… ]

USN-3953-2: PHP vulnerabilities php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php5 – HTML-embedded scripting language interpreter Details USN-3953-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm1 php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm1 php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm1 php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm1 Ubuntu 12.04 ESM libapache2-mod-php5 – 5.3.10-1ubuntu3.35 php5-cgi – 5.3.10-1ubuntu3.35 php5-cli – [ more… ]

USN-3963-1: Memcached vulnerability memcached vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Memcached could be made to crash if it received specially crafted network traffic. Software Description memcached – high-performance memory object caching system Details It was discovered that Memcached incorrectly handled certain lru command messages. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 memcached – 1.5.10-0ubuntu1.19.04.1 Ubuntu 18.10 memcached – 1.5.10-0ubuntu1.18.10.1 Ubuntu 18.04 LTS memcached – 1.5.6-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11596 Source: USN-3963-1: Memcached vulnerability

USN-3962-1: libpng vulnerability libpng1.6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary libpng be made to crash or run programs if it opened a specially crafted file. Software Description libpng1.6 – PNG (Portable Network Graphics) file library Details It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpng16-16 – 1.6.34-2ubuntu0.1 Ubuntu 18.04 LTS libpng16-16 – 1.6.34-1ubuntu0.18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-3961-1: Dovecot vulnerabilities dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Dovecot could be made to crash if it received specially crafted network traffic. Software Description dovecot – IMAP and POP3 email server Details It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dovecot-core – 1:2.3.4.1-1ubuntu2.2 dovecot-submissiond – 1:2.3.4.1-1ubuntu2.2 Ubuntu 18.10 dovecot-core – 1:2.3.2.1-1ubuntu3.4 dovecot-submissiond – 1:2.3.2.1-1ubuntu3.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11494 CVE-2019-11499 Source: USN-3961-1: Dovecot vulnerabilities