Ubuntu security

USN-4001-1: libseccomp vulnerability libseccomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libseccomp could allow unintended access to system calls. Software Description libseccomp – library for working with the Linux seccomp filter Details Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libseccomp2 – 2.4.1-0ubuntu0.19.04.3 Ubuntu 18.10 libseccomp2 – 2.4.1-0ubuntu0.18.10.3 Ubuntu 18.04 LTS libseccomp2 – 2.4.1-0ubuntu0.18.04.2 Ubuntu 16.04 LTS libseccomp2 – 2.4.1-0ubuntu0.16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release which includes additional bug [ more… ]

USN-4000-1: Corosync vulnerability corosync vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Corosync could be made to crash or execute arbitrary code if it received a specially crafted request. Software Description corosync – cluster engine daemon and utilities Details It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS corosync – 2.4.3-0ubuntu1.1 libtotem-pg5 – 2.4.3-0ubuntu1.1 Ubuntu 16.04 LTS corosync – 2.3.5-3ubuntu2.3 libtotem-pg5 – 2.3.5-3ubuntu2.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Corosync to make all the necessary changes. References CVE-2018-1084 Source: USN-4000-1: Corosync [ more… ]

USN-3999-1: GnuTLS vulnerabilities gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in GnuTLS. Software Description gnutls28 – GNU TLS library Details Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846) Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, [ more… ]

USN-3998-1: Evolution Data Server vulnerability evolution-data-server vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Evolution Data Server would sometimes display email content as encrypted when it was not. Software Description evolution-data-server – Evolution suite data server Details Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS evolution-data-server – 3.28.5-0ubuntu0.18.04.2 evolution-data-server-common – 3.28.5-0ubuntu0.18.04.2 libcamel-1.2-61 – 3.28.5-0ubuntu0.18.04.2 libebackend-1.2-10 – 3.28.5-0ubuntu0.18.04.2 libedataserver-1.2-23 – 3.28.5-0ubuntu0.18.04.2 Ubuntu 16.04 LTS evolution-data-server – 3.18.5-1ubuntu1.2 evolution-data-server-common – 3.18.5-1ubuntu1.2 libcamel-1.2-54 – 3.18.5-1ubuntu1.2 libebackend-1.2-10 – 3.18.5-1ubuntu1.2 libedataserver-1.2-21 – 3.18.5-1ubuntu1.2 To update your [ more… ]

USN-3968-2: Sudo vulnerability sudo vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Sudo could be made to overwrite files if it received a specially crafted input. Software Description sudo – Provide limited super user privileges to specific users Details USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM sudo – 1.8.9p5-1ubuntu1.5+esm1 sudo-ldap – 1.8.9p5-1ubuntu1.5+esm1 To update your system, please follow these instructions: [ more… ]