Ubuntu security

USN-4111-1: Ghostscript vulnerabilities ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Ghostscript could be made to access arbitrary files if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when ‘-dSAFER’ restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ghostscript – 9.26~dfsg+0-0ubuntu7.3 libgs9 – 9.26~dfsg+0-0ubuntu7.3 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.11 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.11 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.11 libgs9 [ more… ]

USN-4110-4: Dovecot regression dovecot regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary USN-4110-1 introduced a regression in Dovecot. Software Description dovecot – IMAP and POP3 email server Details USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM dovecot-core – 1:2.2.9-1ubuntu2.6+esm2 Ubuntu 12.04 ESM dovecot-core – 1:2.0.19-0ubuntu2.8 To update your system, please follow these instructions: [ more… ]

USN-4110-3: Dovecot regression Dovecot regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4110-1 introduced a regression in Dovecot. Software Description dovecot – IMAP and POP3 email server Details USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dovecot-core – 1:2.3.4.1-1ubuntu2.4 Ubuntu 18.04 LTS dovecot-core – 1:2.2.33.2-1ubuntu4.5 Ubuntu 16.04 LTS dovecot-core – 1:2.2.22-1ubuntu2.12 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4110-2: Dovecot vulnerability dovecot vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. Software Description dovecot – IMAP and POP3 email server Details USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM dovecot-core – 1:2.2.9-1ubuntu2.6+esm1 Ubuntu 12.04 ESM dovecot-core – 1:2.0.19-0ubuntu2.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-4110-1: Dovecot vulnerability dovecot vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. Software Description dovecot – IMAP and POP3 email server Details Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dovecot-core – 1:2.3.4.1-1ubuntu2.3 Ubuntu 18.04 LTS dovecot-core – 1:2.2.33.2-1ubuntu4.4 Ubuntu 16.04 LTS dovecot-core – 1:2.2.22-1ubuntu2.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11500 Source: USN-4110-1: Dovecot [ more… ]