SECURITY

USN-3912-1: GDK-PixBuf vulnerability gdk-pixbuf vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. Software Description gdk-pixbuf – GDK Pixbuf library Details It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libgdk-pixbuf2.0-0 – 2.32.2-1ubuntu1.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your [ more… ]

USN-3906-2: LibTIFF vulnerabilities tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description tiff – Tag Image File Format (TIFF) library Details USN-3906-1 and USN-3864-1fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libtiff-tools – 3.9.5-2ubuntu1.12 libtiff4 – 3.9.5-2ubuntu1.12 [ more… ]

USN-3911-1: file vulnerabilities file vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in file. Software Description file – Tool to determine file types Details It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 file – 1:5.34-2ubuntu0.1 libmagic1 – 1:5.34-2ubuntu0.1 Ubuntu 18.04 LTS file – 1:5.32-2ubuntu0.2 libmagic1 – 1:5.32-2ubuntu0.2 Ubuntu 16.04 LTS file – 1:5.25-2ubuntu1.2 libmagic1 – 1:5.25-2ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Source: USN-3911-1: [ more… ]

USN-3910-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to [ more… ]