SECURITY

USN-3940-2: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details USN-3940-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue [ more… ]

USN-3939-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Samba could be made to create files in unexpected locations. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libsmbclient – 2:3.6.25-0ubuntu0.12.04.17 samba – 2:3.6.25-0ubuntu0.12.04.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3939-1 CVE-2019-3880 [ more… ]

USN-3940-1: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. [ more… ]

USN-3939-1: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be made to create files in unexpected locations. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsmbclient – 2:4.8.4+dfsg-2ubuntu2.3 samba – 2:4.8.4+dfsg-2ubuntu2.3 Ubuntu 18.04 LTS libsmbclient – 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 Ubuntu 16.04 LTS libsmbclient – 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba – 2:4.3.11+dfsg-0ubuntu0.16.04.19 Ubuntu 14.04 LTS libsmbclient – 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3937-1: Apache HTTP Server vulnerabilities apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the Apache HTTP Server. Software Description apache2 – Apache HTTP server Details Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly [ more… ]