Ubuntu security

USN-3941-1: Lua vulnerability lua5.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Lua could be made to crash if it received a specially crafted script. Software Description lua5.3 – Simple, extensible, embeddable programming language Details Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 lua5.3 – 5.3.3-1ubuntu0.18.10.1 Ubuntu 18.04 LTS lua5.3 – 5.3.3-1ubuntu0.18.04.1 Ubuntu 16.04 LTS lua5.3 – 5.3.1-1ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-6706 Source: USN-3941-1: Lua vulnerability

USN-3940-2: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details USN-3940-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue [ more… ]

USN-3939-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Samba could be made to create files in unexpected locations. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libsmbclient – 2:3.6.25-0ubuntu0.12.04.17 samba – 2:3.6.25-0ubuntu0.12.04.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3939-1 CVE-2019-3880 [ more… ]

USN-3940-1: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. [ more… ]

USN-3939-1: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be made to create files in unexpected locations. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsmbclient – 2:4.8.4+dfsg-2ubuntu2.3 samba – 2:4.8.4+dfsg-2ubuntu2.3 Ubuntu 18.04 LTS libsmbclient – 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 Ubuntu 16.04 LTS libsmbclient – 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba – 2:4.3.11+dfsg-0ubuntu0.16.04.19 Ubuntu 14.04 LTS libsmbclient – 2:4.3.11+dfsg-0ubuntu0.14.04.20 samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]