ubuntu-usn

USN-4403-1: Mutt vulnerability and regression mutt vulnerability and regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 12.04 ESM Summary Mutt could be made to enable MITM attacks if it received a specially crafted request. Software Description mutt – text-based mailreader supporting MIME, GPG, PGP and threading Details It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14954) This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS mutt – 1.13.2-1ubuntu0.2 Ubuntu 19.10 mutt – 1.10.1-2.1ubuntu0.2 Ubuntu 18.04 [ more… ]

USN-4402-1: curl vulnerabilities curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in curl. Software Description curl – HTTP, HTTPS, and FTP client and client libraries Details Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169) It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS curl – 7.68.0-1ubuntu2.1 libcurl3-gnutls – 7.68.0-1ubuntu2.1 libcurl3-nss – 7.68.0-1ubuntu2.1 [ more… ]

USN-4401-1: Mutt vulnerabilities mutt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 12.04 ESM Summary Several security issues were fixed in Mutt. Software Description mutt – text-based mailreader supporting MIME, GPG, PGP and threading Details It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14093) It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if the user rejects an expired intermediate certificate. (CVE-2020-14154) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS mutt – 1.13.2-1ubuntu0.1 Ubuntu 19.10 mutt – 1.10.1-2.1ubuntu0.1 Ubuntu 18.04 LTS mutt – 1.9.4-3ubuntu0.2 Ubuntu 16.04 LTS mutt [ more… ]

USN-4400-1: nfs-utils vulnerability nfs-utils vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary nfs-utils could be made to overwrite files as the administrator. Software Description nfs-utils – None Details It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS nfs-common – 1:1.3.4-2.5ubuntu3.3 Ubuntu 19.10 nfs-common – 1:1.3.4-2.5ubuntu2.1 Ubuntu 18.04 LTS nfs-common – 1:1.3.4-2.1ubuntu5.3 Ubuntu 16.04 LTS nfs-common – 1:1.2.8-9ubuntu12.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3689 Source: USN-4400-1: nfs-utils vulnerability

USN-4399-1: Bind vulnerabilities bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8618) It was discovered that Bind incorrectly handled certain asterisk characters in zone files. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8619) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS bind9 – 1:9.16.1-0ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]