Ubuntu security

USN-4015-1: DBus vulnerability dbus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary DBus could allow unintended access to services. Software Description dbus – simple interprocess messaging system Details Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dbus – 1.12.12-1ubuntu1.1 libdbus-1-3 – 1.12.12-1ubuntu1.1 Ubuntu 18.10 dbus – 1.12.10-1ubuntu2.1 libdbus-1-3 – 1.12.10-1ubuntu2.1 Ubuntu 18.04 LTS dbus – 1.12.2-1ubuntu1.1 libdbus-1-3 – 1.12.2-1ubuntu1.1 Ubuntu 16.04 LTS dbus – 1.10.6-1ubuntu3.4 libdbus-1-3 – 1.10.6-1ubuntu3.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your [ more… ]

USN-4014-2: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GLib could be made to expose sensitive information if it received a specially crafted file. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details USN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libglib2.0-0 – 2.40.2-0ubuntu1.1+esm1 libglib2.0-bin – 2.40.2-0ubuntu1.1+esm1 libglib2.0-dev – 2.40.2-0ubuntu1.1+esm1 Ubuntu 12.04 ESM libglib2.0-0 – 2.32.4-0ubuntu1.2 libglib2.0-bin – 2.32.4-0ubuntu1.2 libglib2.0-dev – 2.32.4-0ubuntu1.2 To update your system, please follow [ more… ]

USN-4014-1: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary GLib could be made to expose sensitive information if it received a specially crafted file. Software Description glib2.0 – GLib library of C routines Details It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libglib2.0-0 – 2.60.0-1ubuntu0.1 libglib2.0-bin – 2.60.0-1ubuntu0.1 libglib2.0-dev – 2.60.0-1ubuntu0.1 Ubuntu 18.10 libglib2.0-0 – 2.58.1-2ubuntu0.1 libglib2.0-bin – 2.58.1-2ubuntu0.1 libglib2.0-dev – 2.58.1-2ubuntu0.1 Ubuntu 18.04 LTS libglib2.0-0 – 2.56.4-0ubuntu0.18.04.3 libglib2.0-bin – 2.56.4-0ubuntu0.18.04.3 libglib2.0-dev – 2.56.4-0ubuntu0.18.04.3 Ubuntu 16.04 LTS libglib2.0-0 – 2.48.2-0ubuntu4.2 libglib2.0-bin – 2.48.2-0ubuntu4.2 libglib2.0-dev – 2.48.2-0ubuntu4.2 To update your system, please follow [ more… ]

USN-4013-1: libsndfile vulnerabilities libsndfile vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libsndfile. Software Description libsndfile – Library for reading/writing audio files Details It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsndfile1 – 1.0.28-4ubuntu0.18.10.1 Ubuntu 18.04 LTS libsndfile1 – 1.0.28-4ubuntu0.18.04.1 Ubuntu 16.04 LTS libsndfile1 – 1.0.25-10ubuntu0.16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-17456 [ more… ]

USN-4012-1: elfutils vulnerabilities elfutils vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in elfutils. Software Description elfutils – collection of utilities to handle ELF objects Details It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 elfutils – 0.170-0.5.0ubuntu1.1 libasm1 – 0.170-0.5.0ubuntu1.1 libdw1 – 0.170-0.5.0ubuntu1.1 libelf1 – 0.170-0.5.0ubuntu1.1 Ubuntu 18.04 LTS elfutils – 0.170-0.4ubuntu0.1 libasm1 – 0.170-0.4ubuntu0.1 libdw1 – 0.170-0.4ubuntu0.1 libelf1 – 0.170-0.4ubuntu0.1 Ubuntu 16.04 LTS elfutils – 0.165-3ubuntu1.2 libasm1 – 0.165-3ubuntu1.2 libdw1 – 0.165-3ubuntu1.2 [ more… ]