Ubuntu security

USN-4059-1: Squid vulnerabilities squid, squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Squid. Software Description squid – Web proxy cache server squid3 – Web proxy cache server Details It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19132) It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 squid – 4.4-1ubuntu2.1 Ubuntu 18.04 LTS squid3 – [ more… ]

USN-4057-1: Zipios vulnerability Zipios vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Zipios could be made to crash or consume system resources if it received specially crafted input. Software Description zipios++ – small C++ library for reading zip files (development) Details Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1 Ubuntu 18.10 libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1 Ubuntu 18.04 LTS libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1 Ubuntu 16.04 LTS libzipios++0v5 – 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-4058-1: Bash vulnerability bash vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary A system hardening measure could be bypassed. Software Description bash – GNU Bourne Again SHell Details It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS bash – 4.3-14ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-9924 Source: USN-4058-1: Bash vulnerability

USN-4055-1: flightcrew vulnerabilities flightcrew vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in FlightCrew. Software Description flightcrew – C++ epub validator and plugin for Sigil Details Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. (CVE-2019-13032) Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2019-13241) Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update instructions The problem can be corrected by updating your system to [ more… ]

USN-4056-1: Exiv2 vulnerabilities exiv2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Exiv2. Software Description exiv2 – EXIF/IPTC/XMP metadata manipulation tool Details It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19107, CVE-2018-19108) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19535, CVE-2019-13112) It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13110, CVE-2019-13113) It was discovered that incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. [ more… ]