ubuntu-usn

USN-4406-1: Mailman vulnerability mailman vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input. Software Description mailman – Web-based mailing list manager (legacy branch) Details It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS mailman – 1:2.1.26-1ubuntu0.3 Ubuntu 16.04 LTS mailman – 1:2.1.20-1ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-15011 Source: USN-4406-1: Mailman vulnerability

USN-4405-1: GLib Networking vulnerability glib-networking vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. Software Description glib-networking – Network extensions for GLib Details It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS glib-networking – 2.64.2-1ubuntu0.1 Ubuntu 19.10 glib-networking – 2.62.1-1ubuntu0.1 Ubuntu 18.04 LTS glib-networking – 2.56.0-1ubuntu0.1 Ubuntu 16.04 LTS glib-networking – 2.48.2-1~ubuntu16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-4404-2: Linux kernel vulnerabilities linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in the NVIDIA graphics driver kernel modules. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-oracle – Linux kernel for Oracle Cloud systems linux-aws-5.3 – Linux kernel for Amazon Web Services (AWS) systems linux-azure-5.3 – Linux kernel for Microsoft Azure Cloud systems linux-gcp-5.3 – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM systems linux-oem-osp1 – Linux kernel for OEM systems linux-oracle-5.3 – Linux kernel for Oracle Cloud systems [ more… ]

USN-4404-1: NVIDIA graphics drivers vulnerabilities nvidia-graphics-drivers-390, nvidia-graphics-drivers-440 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in NVIDIA graphics drivers. Software Description nvidia-graphics-drivers-390 – NVIDIA binary X.Org driver nvidia-graphics-drivers-440 – NVIDIA binary X.Org driver Details Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-5963) It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. (CVE-2020-5967) It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An [ more… ]

USN-4403-1: Mutt vulnerability and regression mutt vulnerability and regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 12.04 ESM Summary Mutt could be made to enable MITM attacks if it received a specially crafted request. Software Description mutt – text-based mailreader supporting MIME, GPG, PGP and threading Details It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14954) This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS mutt – 1.13.2-1ubuntu0.2 Ubuntu 19.10 mutt – 1.10.1-2.1ubuntu0.2 Ubuntu 18.04 [ more… ]