Ubuntu security

USN-4004-2: Berkeley DB vulnerability db5.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Berkeley DB could be made to expose sensitive information. Software Description db5.3 – Berkeley DB Utilities Details USN-4004-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM db5.3-sql-util – 5.3.28-3ubuntu3.1+esm1 db5.3-util – 5.3.28-3ubuntu3.1+esm1 libdb5.3 – 5.3.28-3ubuntu3.1+esm1 libdb5.3-sql – 5.3.28-3ubuntu3.1+esm1 libdb5.3-sql-dev – 5.3.28-3ubuntu3.1+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4004-1 CVE-2019-8457 Source: USN-4004-2: Berkeley [ more… ]

USN-4004-1: Berkeley DB vulnerability db5.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Berkeley DB could be made to expose sensitive information. Software Description db5.3 – Berkeley DB Utilities Details It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 db5.3-sql-util – 5.3.28+dfsg1-0.5ubuntu0.1 db5.3-util – 5.3.28+dfsg1-0.5ubuntu0.1 libdb5.3 – 5.3.28+dfsg1-0.5ubuntu0.1 libdb5.3-sql – 5.3.28+dfsg1-0.5ubuntu0.1 libdb5.3-sql-dev – 5.3.28+dfsg1-0.5ubuntu0.1 Ubuntu 18.10 db5.3-sql-util – 5.3.28+dfsg1-0.1ubuntu0.1 db5.3-util – 5.3.28+dfsg1-0.1ubuntu0.1 libdb5.3 – 5.3.28+dfsg1-0.1ubuntu0.1 libdb5.3-sql – 5.3.28+dfsg1-0.1ubuntu0.1 libdb5.3-sql-dev – 5.3.28+dfsg1-0.1ubuntu0.1 Ubuntu 18.04 LTS db5.3-sql-util – 5.3.28-13.1ubuntu1.1 db5.3-util – 5.3.28-13.1ubuntu1.1 libdb5.3 – 5.3.28-13.1ubuntu1.1 libdb5.3-sql – 5.3.28-13.1ubuntu1.1 libdb5.3-sql-dev – 5.3.28-13.1ubuntu1.1 Ubuntu 16.04 LTS db5.3-sql-util – 5.3.28-11ubuntu0.2 [ more… ]

USN-4003-1: Qt vulnerabilities qtbase-opensource-src vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Qt. Software Description qtbase-opensource-src – Qt 5 libraries Details It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-15518) It was discovered that Qt incorrectly handled certain GIF images. A remote attacker could use this issue with a specially crafted GIF image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19870) It was discovered that Qt incorrectly handled certain BMP images. A remote attacker could use this issue with a specially [ more… ]

USN-4002-1: Doxygen vulnerability doxygen vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Doxygen could be made to run scripts as your login if it received a specially crafted query. Software Description doxygen – Documentation system for C, C++, Java, Python and other languages Details It was discovered that Doxygen incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code and compromise sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS doxygen – 1.8.11-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-10245 Source: USN-4002-1: Doxygen vulnerability

USN-4001-2: libseccomp vulnerability libseccomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary libseccomp could allow unintended access to system calls. Software Description libseccomp – library for working with the Linux seccomp filter Details USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libseccomp2 – 2.4.1-0ubuntu0.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release which includes additional bug fixes. In general, a [ more… ]