Ubuntu security

USN-3962-1: libpng vulnerability libpng1.6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary libpng be made to crash or run programs if it opened a specially crafted file. Software Description libpng1.6 – PNG (Portable Network Graphics) file library Details It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpng16-16 – 1.6.34-2ubuntu0.1 Ubuntu 18.04 LTS libpng16-16 – 1.6.34-1ubuntu0.18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-3961-1: Dovecot vulnerabilities dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Dovecot could be made to crash if it received specially crafted network traffic. Software Description dovecot – IMAP and POP3 email server Details It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dovecot-core – 1:2.3.4.1-1ubuntu2.2 dovecot-submissiond – 1:2.3.4.1-1ubuntu2.2 Ubuntu 18.10 dovecot-core – 1:2.3.2.1-1ubuntu3.4 dovecot-submissiond – 1:2.3.2.1-1ubuntu3.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11494 CVE-2019-11499 Source: USN-3961-1: Dovecot vulnerabilities

USN-3960-1: WavPack vulnerability wavpack vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary WavPack could be made to crash if it received a specially crafted file. Software Description wavpack – audio codec (lossy and lossless) – encoder and decoder Details It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwavpack1 – 5.1.0-5ubuntu0.1 wavpack – 5.1.0-5ubuntu0.1 Ubuntu 18.10 libwavpack1 – 5.1.0-4ubuntu0.2 wavpack – 5.1.0-4ubuntu0.2 Ubuntu 18.04 LTS libwavpack1 – 5.1.0-2ubuntu1.3 wavpack – 5.1.0-2ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11498 Source: USN-3960-1: [ more… ]

USN-3959-1: Evince vulnerability evince vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Evince could be made to expose sensitive information if it received a specially crafted file. Software Description evince – Document viewer Details It was discovered that Evince incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 evince – 3.32.0-1ubuntu0.1 evince-common – 3.32.0-1ubuntu0.1 Ubuntu 18.10 evince – 3.30.1-1ubuntu1.3 evince-common – 3.30.1-1ubuntu1.3 Ubuntu 18.04 LTS evince – 3.28.4-0ubuntu1.1 evince-common – 3.28.4-0ubuntu1.1 Ubuntu 16.04 LTS evince – 3.18.2-1ubuntu4.4 evince-common – 3.18.2-1ubuntu4.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3958-1: GStreamer Base Plugins vulnerability gst-plugins-base0.10, gst-plugins-base1.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic. Software Description gst-plugins-base1.0 – GStreamer plugins gst-plugins-base0.10 – GStreamer plugins Details It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gstreamer1.0-plugins-base – 1.14.4-1ubuntu1.1 Ubuntu 18.04 LTS gstreamer1.0-plugins-base – 1.14.1-1ubuntu1~ubuntu18.04.2 Ubuntu 16.04 LTS gstreamer0.10-plugins-base – 0.10.36-2ubuntu0.2 gstreamer1.0-plugins-base – 1.8.3-1ubuntu0.3 To [ more… ]