지락문화예술공작단

USN-4103-1: docker-credential-helpers vulnerability docker-credential-helpers vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary docker-credential-helpers could be made to crash or run programs as your login Software Description golang-github-docker-docker-credential-helpers – Use native stores to safeguard Docker credentials Details Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 golang-docker-credential-helpers – 0.6.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1020014 Source: USN-4103-1: docker-credential-helpers vulnerability

USN-4078-2: OpenLDAP vulnerabilities openldap vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in OpenLDAP. Software Description openldap – OpenLDAP utilities Details USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 [ more… ]

USN-4102-1: LibreOffice vulnerabilities libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in LibreOffice. Software Description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2019-9852) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libreoffice-core – 1:6.2.6-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libreoffice-core – 1:6.0.7-0ubuntu0.18.04.9 Ubuntu 16.04 LTS libreoffice-core – 1:5.1.6~rc2-0ubuntu1~xenial9 To update your [ more… ]