Ubuntu security

USN-4173-1: FreeTDS vulnerability freetds vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary FreeTDS could be made to crash or run programs if it received specially crafted network traffic. Software Description freetds – libraries for connecting to MS SQL and Sybase SQL servers Details Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 freetds-bin – 1.1.6-1ubuntu0.1 libct4 – 1.1.6-1ubuntu0.1 libsybdb5 – 1.1.6-1ubuntu0.1 tdsodbc – 1.1.6-1ubuntu0.1 Ubuntu 19.04 freetds-bin – 1.00.104-1ubuntu0.1 libct4 – 1.00.104-1ubuntu0.1 libsybdb5 – 1.00.104-1ubuntu0.1 tdsodbc – 1.00.104-1ubuntu0.1 Ubuntu 18.04 LTS freetds-bin – [ more… ]

USN-4172-1: file vulnerability file vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary file could be made to crash or run programs if it opened a specially crafted file. Software Description file – Tool to determine file types Details It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 file – 1:5.37-5ubuntu0.1 libmagic1 – 1:5.37-5ubuntu0.1 Ubuntu 19.04 file – 1:5.35-4ubuntu0.1 libmagic1 – 1:5.35-4ubuntu0.1 Ubuntu 18.04 LTS file – 1:5.32-2ubuntu0.3 libmagic1 – 1:5.32-2ubuntu0.3 Ubuntu 16.04 LTS file – 1:5.25-2ubuntu1.3 libmagic1 – 1:5.25-2ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-4171-1: Apport vulnerabilities apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Apport. Software Description apport – automatically generate crash reports for debugging Details Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process [ more… ]

USN-4170-1: Whoopsie vulnerability whoopsie vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Whoopsie could be made to crash, expose sensitive information or run programs if it processed a specially crafted crash report. Software Description whoopsie – Ubuntu error tracker submission Details Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libwhoopsie0 – 0.2.66ubuntu0.1 whoopsie – 0.2.66ubuntu0.1 Ubuntu 19.04 libwhoopsie0 – 0.2.64ubuntu0.2 whoopsie – 0.2.64ubuntu0.2 Ubuntu 18.04 LTS libwhoopsie0 – 0.2.62ubuntu0.2 whoopsie – 0.2.62ubuntu0.2 Ubuntu 16.04 LTS libwhoopsie0 – 0.2.52.5ubuntu0.2 whoopsie – 0.2.52.5ubuntu0.2 [ more… ]

USN-4169-1: libarchive vulnerability libarchive vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary libarchive could be made to execute arbitrary code if it received specially crafted archive file. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libarchive13 – 3.3.3-4ubuntu0.1 Ubuntu 18.04 LTS libarchive13 – 3.2.2-3.1ubuntu0.5 Ubuntu 16.04 LTS libarchive13 – 3.1.2-11ubuntu0.16.04.7 Ubuntu 14.04 ESM libarchive13 – 3.1.2-7ubuntu2.8+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-18408 Source: USN-4169-1: libarchive vulnerability