ubuntu-usn

USN-4362-1: DPDK vulnerabilities dpdk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in DPDK. Software Description dpdk – set of libraries for fast packet processing Details It was discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725, CVE-2020-10726) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS dpdk – 19.11.1-0ubuntu1.1 Ubuntu 19.10 dpdk – 18.11.5-0ubuntu0.19.10.2 Ubuntu 18.04 LTS dpdk – 17.11.9-0ubuntu18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726 Source: USN-4362-1: DPDK vulnerabilities

USN-4361-1: Dovecot vulnerabilities dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Summary Several security issues were fixed in Dovecot. Software Description dovecot – IMAP and POP3 email server Details Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-10957, CVE-2020-10967) Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-10958) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS dovecot-core – 1:2.3.7.2-1ubuntu3.1 Ubuntu 19.10 dovecot-core – 1:2.3.4.1-5ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-10957 [ more… ]

USN-4360-2: json-c regression json-c regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4360-1 introduced a regression in json-c. Software Description json-c – JSON manipulation library Details USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjson-c4 – 0.13.1+dfsg-7ubuntu0.2 Ubuntu 19.10 libjson-c4 – 0.13.1+dfsg-4ubuntu0.2 Ubuntu 18.04 LTS libjson-c3 – 0.12.1-1.3ubuntu0.2 Ubuntu 16.04 LTS libjson-c2 – 0.11-4ubuntu2.5 To update your system, please [ more… ]

USN-4360-3: json-c regression json-c regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary USN-4360-1 introduced a regression in json-c. Software Description json-c – JSON manipulation library Details USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libjson-c2 – 0.11-3ubuntu1.2+esm2 libjson0 – 0.11-3ubuntu1.2+esm2 Ubuntu 12.04 ESM libjson0 – 0.9-1ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

USN-4360-1: json-c vulnerability json-c vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary json-c could be made to execute arbitrary code if it received a specially crafted JSON file. Software Description json-c – JSON manipulation library Details It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjson-c4 – 0.13.1+dfsg-7ubuntu0.1 Ubuntu 19.10 libjson-c4 – 0.13.1+dfsg-4ubuntu0.1 Ubuntu 18.04 LTS libjson-c3 – 0.12.1-1.3ubuntu0.1 Ubuntu 16.04 LTS libjson-c2 – 0.11-4ubuntu2.1 libjson0 – 0.11-4ubuntu2.1 Ubuntu 14.04 ESM libjson-c2 – 0.11-3ubuntu1.2+esm1 libjson0 – 0.11-3ubuntu1.2+esm1 Ubuntu 12.04 ESM libjson0 – 0.9-1ubuntu1.2 To update your system, [ more… ]