ubuntu-usn

USN-4329-1: Git vulnerability git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Git could be made to expose sensitive information. Software Description git – fast, scalable, distributed revision control system Details Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 git – 1:2.20.1-2ubuntu1.19.10.2 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.6 Ubuntu 16.04 LTS git – 1:2.7.4-0ubuntu1.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-5260 Source: USN-4329-1: Git vulnerability

USN-4328-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this [ more… ]

USN-4327-1: libssh vulnerability libssh vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary libssh could be made to crash if it received specially crafted network traffic. Software Description libssh – A tiny C SSH library Details Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libssh-4 – 0.9.0-1ubuntu1.4 Ubuntu 18.04 LTS libssh-4 – 0.8.0~20170825.94fa1e38-1ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-1730 Source: USN-4327-1: libssh vulnerability

USN-4326-1: libiberty vulnerabilities libiberty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libiberty. Software Description libiberty – library of utility functions used by GNU programs Details It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libiberty-dev – 20170913-1ubuntu0.1 Ubuntu 16.04 LTS libiberty-dev – 20160215-1ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4325-1: Linux kernel vulnerabilities linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oem-osp1 – Linux kernel for OEM processors linux-oracle-5.0 – Linux kernel for Oracle Cloud systems Details It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this [ more… ]