ubuntu-usn

USN-4290-2: libpam-radius-auth vulnerability libpam-radius-auth vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary libpam-radius-auth could be made to crash if it received specially crafted network traffic. Software Description libpam-radius-auth – The PAM RADIUS authentication module Details USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libpam-radius-auth – 1.3.17-0ubuntu4+esm1 Ubuntu 12.04 ESM libpam-radius-auth – 1.3.17-0ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-4294-1: OpenSMTPD vulnerabilities OpenSMTPD vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in opensmtpd. Software Description opensmtpd – secure, reliable, lean, and easy-to configure SMTP server Details It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. (CVE-2020-8794) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem. (CVE-2020-8793) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 opensmtpd – 6.0.3p1-6ubuntu0.2 Ubuntu 18.04 LTS opensmtpd – 6.0.3p1-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-4288-2: ppp vulnerability ppp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ppp could be made to crash or run programs if it received specially crafted network traffic. Software Description ppp – Point-to-Point Protocol (PPP) Details USN-4288-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM ppp – 2.4.5-5.1ubuntu2.3+esm1 Ubuntu 12.04 ESM ppp – 2.4.5-5ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4293-1: libarchive vulnerabilities libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libarchive. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. (CVE-2020-9308) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libarchive13 – 3.4.0-1ubuntu0.1 Ubuntu 18.04 LTS libarchive13 – 3.2.2-3.1ubuntu0.6 Ubuntu 16.04 LTS libarchive13 – 3.1.2-11ubuntu0.16.04.8 To update your system, [ more… ]

USN-4278-3: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary USN-4278-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-4278-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – 73.0.1+build1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS firefox – 73.0.1+build1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After [ more… ]