ubuntu-usn

USN-4359-1: APT vulnerability apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary APT could be made to crash if it opened a specially crafted file. Software Description apt – Advanced front-end for dpkg Details It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS apt – 2.0.2ubuntu0.1 Ubuntu 19.10 apt – 1.9.4ubuntu0.1 Ubuntu 18.04 LTS apt – 1.6.12ubuntu0.1 Ubuntu 16.04 LTS apt – 1.2.32ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-4358-1: libexif vulnerabilities libexif vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libexif. Software Description libexif – library to parse EXIF files Details It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libexif12 – 0.6.21-6ubuntu0.1 Ubuntu 19.10 libexif12 – 0.6.21-5.1ubuntu0.2 Ubuntu 18.04 LTS libexif12 – 0.6.21-4ubuntu0.2 Ubuntu 16.04 LTS libexif12 – 0.6.21-2ubuntu0.2 Ubuntu 14.04 ESM libexif12 – 0.6.21-1ubuntu1+esm2 [ more… ]

USN-4357-1: IPRoute vulnerability iproute2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary IPRoute could be made to execute arbitrary code if it received a specially crafted input. Software Description iproute2 – networking and traffic control tools Details It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS iproute2 – 4.15.0-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-20795 Source: USN-4357-1: IPRoute vulnerability

USN-3911-2: file regression file regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-3911-1 introduced a regression in file. Software Description file – Tool to determine file types Details USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS file – 1:5.32-2ubuntu0.4 libmagic1 – 1:5.32-2ubuntu0.4 Ubuntu 16.04 LTS file – 1:5.25-2ubuntu1.4 libmagic1 – 1:5.25-2ubuntu1.4 To update your system, [ more… ]

USN-4356-1: Squid vulnerabilities squid, squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Squid. Software Description squid – Web proxy cache server squid3 – Web proxy cache server Details Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. (CVE-2019-12519, CVE-2019-12521) It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-18860) Clément Berthaux and Florian Guilbert discovered that [ more… ]