지락문화예술공작단

USN-4075-1: Exim vulnerability exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Exim could be made to run programs as an administrator if it received specially crafted network traffic. Software Description exim4 – Exim is a mail transport agent Details Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 exim4-daemon-heavy – 4.92-4ubuntu1.2 exim4-daemon-light – 4.92-4ubuntu1.2 Ubuntu 18.04 LTS exim4-daemon-heavy – 4.90.1-1ubuntu1.3 exim4-daemon-light – 4.90.1-1ubuntu1.3 Ubuntu 16.04 LTS exim4-daemon-heavy – 4.86.2-2ubuntu2.4 exim4-daemon-light – 4.86.2-2ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-4074-1: VLC vulnerabilities vlc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in VLC. Software Description vlc – multimedia player and streamer Details It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19857) It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12874) It was discovered that the VLC [ more… ]

USN-4073-1: libEBML vulnerability libebml vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libEBML could be made to crash if it opened a specially crafted file. Software Description libebml – library for the EBML format Details It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libebml4v5 – 1.3.5-2ubuntu0.1 Ubuntu 16.04 LTS libebml4v5 – 1.3.3-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13615 Source: USN-4073-1: libEBML vulnerability

USN-4072-1: Ansible vulnerabilities ansible vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Ansible. Software Description ansible – Configuration management, deployment, and task execution system Details It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu [ more… ]