지락문화예술공작단

USN-4233-2: GnuTLS update gnutls28 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround. Software Description gnutls28 – GNU TLS library Details USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libgnutls30 – 3.5.18-1ubuntu1.3 Ubuntu 16.04 LTS libgnutls30 – 3.4.10-4ubuntu1.7 To update your system, [ more… ]

USN-4247-3: python-apt vulnerabilities python-apt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in python-apt. Software Description python-apt – Python interface to libapt-pkg Details USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-apt – 0.9.3.5ubuntu3+esm2 python3-apt – 0.9.3.5ubuntu3+esm2 Ubuntu [ more… ]

USN-4249-1: e2fsprogs vulnerability e2fsprogs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary e2fsprogs could be made to execute arbitrary code if it was running in a crafted ext4 partition. Software Description e2fsprogs – ext2/ext3/ext4 file system utilities Details It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 e2fsprogs – 1.45.3-4ubuntu2.1 Ubuntu 19.04 e2fsprogs – 1.44.6-1ubuntu0.2 Ubuntu 18.04 LTS e2fsprogs – 1.44.1-1ubuntu1.3 Ubuntu 16.04 LTS e2fsprogs – 1.42.13-1ubuntu1.2 Ubuntu 14.04 ESM e2fsprogs – 1.42.9-3ubuntu1.3+esm2 Ubuntu 12.04 ESM e2fsprogs – 1.42-1ubuntu2.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-4247-2: python-apt regression python-apt regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4247-1 introduced a regression in python-apt. Software Description python-apt – Python interface to libapt-pkg Details USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the [ more… ]