No Image

USN-3867-1: MySQL vulnerabilities

2019-01-24 KENNETH 0

USN-3867-1: MySQL vulnerabilities mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 mysql-server-5.7 – 5.7.25-0ubuntu0.18.10.2 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.18.04.2 Ubuntu 16.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.16.04.2 To update your system, please follow these [ more… ]

No Image

USN-3866-1: Ghostscript vulnerability

2019-01-24 KENNETH 0

USN-3866-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.4 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.4 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.4 libgs9 [ more… ]

No Image

USN-3707-2: NTP vulnerabilities

2019-01-23 KENNETH 0

USN-3707-2: NTP vulnerabilities ntp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in NTP. Software Description ntp – Network Time Protocol daemon and utility programs Details USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7427, CVE-2016-7428) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or [ more… ]

No Image

USN-3865-1: poppler vulnerabilities

2019-01-22 KENNETH 0

USN-3865-1: poppler vulnerabilities poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in poppler. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20481, CVE-2018-20650) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpoppler79 – 0.68.0-0ubuntu1.4 poppler-utils – 0.68.0-0ubuntu1.4 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.6 poppler-utils – 0.62.0-2ubuntu2.6 Ubuntu 16.04 LTS libpoppler58 – 0.41.0-0ubuntu1.11 poppler-utils – 0.41.0-0ubuntu1.11 Ubuntu 14.04 LTS libpoppler44 – 0.24.5-2ubuntu4.15 poppler-utils – 0.24.5-2ubuntu4.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

No Image

USN-3864-1: LibTIFF vulnerabilities

2019-01-22 KENNETH 0

USN-3864-1: LibTIFF vulnerabilities tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libtiff-tools – 4.0.9-6ubuntu0.1 libtiff5 – 4.0.9-6ubuntu0.1 Ubuntu 18.04 LTS libtiff-tools – 4.0.9-5ubuntu0.1 libtiff5 – 4.0.9-5ubuntu0.1 Ubuntu 16.04 LTS libtiff-tools [ more… ]