No Image

USN-4230-2: ClamAV vulnerability

2020-01-24 KENNETH 0

USN-4230-2: ClamAV vulnerability clamav vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ClamAV could be made to crash if it opened a specially crafted file. Software Description clamav – Anti-virus utility for Unix Details USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM clamav – 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM clamav – 0.102.1+dfsg-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream [ more… ]

No Image

USN-4233-2: GnuTLS update

2020-01-24 KENNETH 0

USN-4233-2: GnuTLS update gnutls28 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround. Software Description gnutls28 – GNU TLS library Details USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libgnutls30 – 3.5.18-1ubuntu1.3 Ubuntu 16.04 LTS libgnutls30 – 3.4.10-4ubuntu1.7 To update your system, [ more… ]

No Image

USN-4247-3: python-apt vulnerabilities

2020-01-24 KENNETH 0

USN-4247-3: python-apt vulnerabilities python-apt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in python-apt. Software Description python-apt – Python interface to libapt-pkg Details USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-apt – 0.9.3.5ubuntu3+esm2 python3-apt – 0.9.3.5ubuntu3+esm2 Ubuntu [ more… ]

No Image

USN-4249-1: e2fsprogs vulnerability

2020-01-23 KENNETH 0

USN-4249-1: e2fsprogs vulnerability e2fsprogs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary e2fsprogs could be made to execute arbitrary code if it was running in a crafted ext4 partition. Software Description e2fsprogs – ext2/ext3/ext4 file system utilities Details It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 e2fsprogs – 1.45.3-4ubuntu2.1 Ubuntu 19.04 e2fsprogs – 1.44.6-1ubuntu0.2 Ubuntu 18.04 LTS e2fsprogs – 1.44.1-1ubuntu1.3 Ubuntu 16.04 LTS e2fsprogs – 1.42.13-1ubuntu1.2 Ubuntu 14.04 ESM e2fsprogs – 1.42.9-3ubuntu1.3+esm2 Ubuntu 12.04 ESM e2fsprogs – 1.42-1ubuntu2.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

No Image

USN-4247-2: python-apt regression

2020-01-23 KENNETH 0

USN-4247-2: python-apt regression python-apt regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4247-1 introduced a regression in python-apt. Software Description python-apt – Python interface to libapt-pkg Details USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the [ more… ]