ubuntu-usn

USN-4397-2: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary NSS could be made to expose sensitive information over the network. Software Description nss – Network Security Service library Details USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libnss3 – 2:3.28.4-0ubuntu0.14.04.5+esm5 Ubuntu 12.04 ESM libnss3 – 2:3.28.4-0ubuntu0.12.04.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to [ more… ]

USN-4398-2: DBus vulnerability dbus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary DBus could be made to crash if it received specially crafted input. Software Description dbus – simple interprocess messaging system Details USN-4398-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libdbus-1-3 – 1.6.18-0ubuntu4.5+esm2 Ubuntu 12.04 ESM libdbus-1-3 – 1.4.18-1ubuntu1.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to [ more… ]

USN-4398-1: DBus vulnerability dbus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary DBus could be made to crash if it received specially crafted input. Software Description dbus – simple interprocess messaging system Details Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS dbus – 1.12.16-2ubuntu2.1 libdbus-1-3 – 1.12.16-2ubuntu2.1 Ubuntu 19.10 dbus – 1.12.14-1ubuntu2.1 libdbus-1-3 – 1.12.14-1ubuntu2.1 Ubuntu 18.04 LTS dbus – 1.12.2-1ubuntu1.2 libdbus-1-3 – 1.12.2-1ubuntu1.2 Ubuntu 16.04 LTS dbus – 1.10.6-1ubuntu3.6 libdbus-1-3 – 1.10.6-1ubuntu3.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-4397-1: NSS vulnerabilities nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in NSS. Software Description nss – Network Security Service library Details It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023) Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libnss3 – 2:3.49.1-1ubuntu1.1 Ubuntu 19.10 libnss3 – [ more… ]

USN-4396-1: libexif vulnerabilities libexif vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libexif. Software Description libexif – library to parse EXIF files Details It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-0093, CVE-2020-0182) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote denial of service. (CVE-2020-0198) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2020-13112) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause [ more… ]