Ubuntu security

USN-4516-1: GnuPG vulnerability It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option –allow-weak-key-signatures can be used to revert this behaviour. Source: USN-4516-1: GnuPG vulnerability

USN-4515-1: Pure-FTPd vulnerability Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. (CVE-2020-9274) Source: USN-4515-1: Pure-FTPd vulnerability

USN-4514-1: libproxy vulnerability It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service. Source: USN-4514-1: libproxy vulnerability

USN-4513-1: apng2gif vulnerability Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information. (CVE-2017-6960) Source: USN-4513-1: apng2gif vulnerability

USN-4510-2: Samba vulnerability USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the “server schannel” setting to default to “yes”, instead of “auto”, which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Source: USN-4510-2: Samba vulnerability