지락문화예술공작단

USN-4137-1: Mosquitto vulnerability Mosquitto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Mosquitto could be made to crash or run programs if it received specially crafted network traffic. Software Description mosquitto – MQTT version 3.1⁄3.1.1 compatible message broker Details It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libmosquitto1 – 1.5.7-1ubuntu0.1 libmosquittopp1 – 1.5.7-1ubuntu0.1 mosquitto – 1.5.7-1ubuntu0.1 mosquitto-clients – 1.5.7-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11779 Source: USN-4137-1: Mosquitto vulnerability

USN-4134-2: IBus regression ibus regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN 4134-1 introduced a regression in IBus. Software Description ibus – Intelligent Input Bus – core Details USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ibus – 1.5.19-1ubuntu2.2 Ubuntu 18.04 LTS ibus – 1.5.17-3ubuntu5.2 [ more… ]