ubuntu-usn

USN-4374-1: Unbound vulnerabilities unbound vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in Unbound. Software Description unbound – validating, recursive, caching DNS resolver Details Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this issue to perform an amplification attack directed at a target. (CVE-2020-12662) It was discovered that Unbound incorrectly handled certain malformed answers. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. (CVE-2020-12663) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libunbound8 – 1.9.4-2ubuntu1.1 unbound – 1.9.4-2ubuntu1.1 Ubuntu 19.10 libunbound8 – 1.9.0-2ubuntu1.1 unbound – 1.9.0-2ubuntu1.1 Ubuntu 18.04 LTS libunbound2 [ more… ]

USN-4373-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12395) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly escape the HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could [ more… ]

USN-4370-2: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3341) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM [ more… ]

USN-4372-1: QEMU vulnerabilities qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in QEMU. Software Description qemu – Machine emulator and virtualizer Details It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. (CVE-2019-15034) It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-20382) It was discovered that QEMU incorrectly generated QEMU Pointer Authentication signatures [ more… ]

USN-4371-1: libvirt vulnerabilities libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in libvirt. Software Description libvirt – Libvirt virtualization toolkit Details It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2020-10703) It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2020-12430) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libvirt-clients – 5.4.0-0ubuntu5.4 libvirt-daemon – 5.4.0-0ubuntu5.4 libvirt0 – 5.4.0-0ubuntu5.4 Ubuntu 18.04 [ more… ]