Ubuntu security

USN-4046-1: Irssi vulnerabilities irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Irssi. Software Description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-7054) It was discovered that Irssi incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-13045) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 irssi – 1.2.0-2ubuntu1.1 Ubuntu 18.10 irssi – 1.1.1-1ubuntu1.2 Ubuntu 18.04 LTS irssi – 1.0.5-1ubuntu4.2 Ubuntu 16.04 LTS irssi [ more… ]

USN-4038-4: bzip2 regression bzip2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary USN-4038-1 introduced a regression in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bzip2 – 1.0.6-5ubuntu0.1~esm2 lib32bz2-1.0 – 1.0.6-5ubuntu0.1~esm2 lib64bz2-1.0 – 1.0.6-5ubuntu0.1~esm2 libbz2-1.0 – 1.0.6-5ubuntu0.1~esm2 Ubuntu 12.04 ESM bzip2 – 1.0.6-1ubuntu0.2 lib32bz2-1.0 [ more… ]

USN-4038-3: bzip2 regression bzip2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4038-1 introduced a regression in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 bzip2 – 1.0.6-9ubuntu0.19.04.1 libbz2-1.0 – 1.0.6-9ubuntu0.19.04.1 Ubuntu 18.10 bzip2 – 1.0.6-9ubuntu0.18.10.1 libbz2-1.0 – 1.0.6-9ubuntu0.18.10.1 Ubuntu 18.04 LTS bzip2 – 1.0.6-8.1ubuntu0.2 libbz2-1.0 – 1.0.6-8.1ubuntu0.2 Ubuntu 16.04 LTS bzip2 – 1.0.6-8ubuntu0.2 [ more… ]

USN-4045-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. (CVE-2019-11707) It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. (CVE-2019-11708) Update instructions The problem can be corrected by updating your system to the following package versions: [ more… ]

USN-4044-1: ZNC vulnerability znc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary znc could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description znc – advanced modular IRC bouncer Details Fix vulnerability where an authenticated non-admin users could load a module with a crafted name, then escalate privileges and run arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 znc – 1.7.2-2ubuntu0.1 Ubuntu 18.10 znc – 1.7.1-2ubuntu0.2 Ubuntu 18.04 LTS znc – 1.6.6-1ubuntu0.2 Ubuntu 16.04 LTS znc – 1.6.3-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart znc to make all the necessary changes. [ more… ]