Ubuntu security

USN-4066-2: ClamAV vulnerability clamav vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ClamAV could be made to expose sensitive information if it received a specially crafted CHM file. Software Description clamav – Anti-virus utility for Unix Details USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM clamav – 0.100.3+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM clamav – 0.100.3+dfsg-1ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-4066-1: libmspack vulnerability libmspack vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libmspack could be made to expose sensitive information if it received a specially crafted CHM file. Software Description libmspack – library for Microsoft compression formats Details It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libmspack0 – 0.6-3ubuntu0.3 Ubuntu 16.04 LTS libmspack0 – 0.5-1ubuntu0.16.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1010305 Source: USN-4066-1: libmspack vulnerability

USN-4065-1: Squid vulnerabilities squid, squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Squid. Software Description squid – Web proxy cache server squid3 – Web proxy cache server Details It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-12527) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in [ more… ]

USN-4064-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, spoof origin attributes, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717) It was discovered that NSS incorrectly handled importing [ more… ]

USN-4063-1: LibreOffice vulnerabilities libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in LibreOffice. Software Description libreoffice – Office productivity suite Details Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9848) Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. (CVE-2019-9849) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libreoffice-core – 1:6.2.5-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libreoffice-core – 1:6.0.7-0ubuntu0.18.04.8 Ubuntu 16.04 LTS libreoffice-core – 1:5.1.6~rc2-0ubuntu1~xenial8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]