Ubuntu security

USN-4049-4: GLib regression glib2.0 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary USN-4049-1 introduced a regression in GLib. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libglib2.0-0 – 2.40.2-0ubuntu1.1+esm3 libglib2.0-bin – 2.40.2-0ubuntu1.1+esm3 Ubuntu 12.04 ESM libglib2.0-0 – 2.32.4-0ubuntu1.4 libglib2.0-bin – 2.32.4-0ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-4049-3: GLib regression glib2.0 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-4049-1 introduced a regression in GLib. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libglib2.0-0 – 2.48.2-0ubuntu4.4 libglib2.0-bin – 2.48.2-0ubuntu4.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-4058-2: Bash vulnerability bash vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary A system hardening measure could be bypassed. Software Description bash – GNU Bourne Again SHell Details USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bash – 4.3-7ubuntu1.8+esm1 Ubuntu 12.04 ESM bash – 4.2-2ubuntu2.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4058-1 CVE-2019-9924 Source: USN-4058-2: [ more… ]

USN-4079-2: SoX vulnerabilities sox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary SoX could be made to crash if it received a specially crafted MP3 file. Software Description sox – Swiss army knife of sound processing Details USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. Original advisory details: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libsox3 – 14.4.2-3ubuntu0.19.04.1 sox – 14.4.2-3ubuntu0.19.04.1 Ubuntu 18.04 LTS libsox3 – 14.4.2-3ubuntu0.18.04.1 sox – 14.4.2-3ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-4085-1: Sigil vulnerability Sigil vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Sigil could be made to overwrite files. Software Description sigil – multi-platform ebook editor Details Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 sigil – 0.9.13+dfsg-1ubuntu0.1 sigil-data – 0.9.13+dfsg-1ubuntu0.1 Ubuntu 18.04 LTS sigil – 0.9.9+dfsg-1ubuntu0.1~esm1 sigil-data – 0.9.9+dfsg-1ubuntu0.1~esm1 Ubuntu 16.04 LTS sigil – 0.9.5+dfsg-0ubuntu1+esm1 sigil-data – 0.9.5+dfsg-0ubuntu1+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-14452 Source: USN-4085-1: Sigil vulnerability