ubuntu-usn

USN-4407-1: LibVNCServer vulnerabilities It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding [ more… ]

USN-4406-1: Mailman vulnerability mailman vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input. Software Description mailman – Web-based mailing list manager (legacy branch) Details It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS mailman – 1:2.1.26-1ubuntu0.3 Ubuntu 16.04 LTS mailman – 1:2.1.20-1ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-15011 Source: USN-4406-1: Mailman vulnerability

USN-4405-1: GLib Networking vulnerability glib-networking vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. Software Description glib-networking – Network extensions for GLib Details It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS glib-networking – 2.64.2-1ubuntu0.1 Ubuntu 19.10 glib-networking – 2.62.1-1ubuntu0.1 Ubuntu 18.04 LTS glib-networking – 2.56.0-1ubuntu0.1 Ubuntu 16.04 LTS glib-networking – 2.48.2-1~ubuntu16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-4404-2: Linux kernel vulnerabilities linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in the NVIDIA graphics driver kernel modules. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-oracle – Linux kernel for Oracle Cloud systems linux-aws-5.3 – Linux kernel for Amazon Web Services (AWS) systems linux-azure-5.3 – Linux kernel for Microsoft Azure Cloud systems linux-gcp-5.3 – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM systems linux-oem-osp1 – Linux kernel for OEM systems linux-oracle-5.3 – Linux kernel for Oracle Cloud systems [ more… ]

USN-4404-1: NVIDIA graphics drivers vulnerabilities nvidia-graphics-drivers-390, nvidia-graphics-drivers-440 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in NVIDIA graphics drivers. Software Description nvidia-graphics-drivers-390 – NVIDIA binary X.Org driver nvidia-graphics-drivers-440 – NVIDIA binary X.Org driver Details Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-5963) It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. (CVE-2020-5967) It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An [ more… ]