No Image

USN-4349-1: EDK II vulnerabilities

2020-05-01 KENNETH 0

USN-4349-1: EDK II vulnerabilities edk2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in edk2. Software Description edk2 – UEFI firmware for 64-bit x86 virtual machines Details A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178) A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12180) A stack overflow was discovered in bmp. An unprivileged user could potentially enable denial of service or elevation of privilege [ more… ]

No Image

USN-4333-2: Python vulnerabilities

2020-04-30 KENNETH 0

USN-4333-2: Python vulnerabilities python3.8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary Several security issues were fixed in Python. Software Description python3.8 – Interactive high-level object-oriented language (version 3.8) Details USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348) It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8492) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS python3.8 – 3.8.2-1ubuntu1.1 python3.8-minimal – 3.8.2-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

No Image

USN-4341-2: Samba vulnerability

2020-04-30 KENNETH 0

USN-4341-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Samba could be made to consume resources if it received a specially crafted LDAP query. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]

No Image

USN-4348-1: Mailman vulnerabilities

2020-04-29 KENNETH 0

USN-4348-1: Mailman vulnerabilities mailman vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Mailman. Software Description mailman – Web-based mailing list manager (legacy branch) Details It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12137) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS mailman – 1:2.1.26-1ubuntu0.1 Ubuntu 16.04 LTS mailman – 1:2.1.20-1ubuntu0.4 To update [ more… ]

No Image

USN-4347-1: WebKitGTK vulnerability

2020-04-29 KENNETH 0

USN-4347-1: WebKitGTK vulnerability webkit2gtk vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.20.04.1 Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.18.04.1 To update your system, [ more… ]