ubuntu-usn

USN-4277-1: libexif vulnerabilities libexif vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libexif. Software Description libexif – library to parse EXIF files Details Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled [ more… ]

USN-4276-1: Yubico PIV Tool vulnerabilities Yubico PIV Tool vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. Software Description yubico-piv-tool – Command line tool for the YubiKey PIV applet Details It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libykpiv1 – 1.4.2-2ubuntu0.1 ykcs11 – 1.4.2-2ubuntu0.1 yubico-piv-tool – 1.4.2-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4274-1: libxml2 vulnerabilities libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libxml2. Software Description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libxml2 – 2.9.4+dfsg1-7ubuntu3.1 libxml2-utils – 2.9.4+dfsg1-7ubuntu3.1 Ubuntu 18.04 LTS libxml2 – 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-utils – 2.9.4+dfsg1-6.1ubuntu1.3 Ubuntu 16.04 LTS libxml2 – 2.9.3+dfsg1-1ubuntu0.7 libxml2-utils – 2.9.3+dfsg1-1ubuntu0.7 Ubuntu 14.04 ESM libxml2 – 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-utils – 2.9.1+dfsg1-3ubuntu4.13+esm1 Ubuntu 12.04 ESM libxml2 – 2.7.8.dfsg-5.1ubuntu4.22 libxml2-utils – 2.7.8.dfsg-5.1ubuntu4.22 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4275-1: Qt vulnerabilities qtbase-opensource-src vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Qt. Software Description qtbase-opensource-src – Qt 5 libraries Details It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2019-18281) It was discovered [ more… ]

USN-4250-2: MariaDB vulnerability mariadb-10.1, mariadb-10.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary MariaDB clients could be made to crash if they received specially crafted input. Software Description mariadb-10.3 – MariaDB database mariadb-10.1 – MariaDB database Details It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libmariadb3 – 1:10.3.22-0ubuntu0.19.10.1 libmariadbd19 – 1:10.3.22-0ubuntu0.19.10.1 mariadb-client – 1:10.3.22-0ubuntu0.19.10.1 mariadb-client-10.3 – 1:10.3.22-0ubuntu0.19.10.1 mariadb-client-core-10.3 – [ more… ]