ubuntu-usn

USN-4273-1: ReportLab vulnerability python-reportlab vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary ReportLab could be made to run programs as your login if it opened a specially crafted file. Software Description python-reportlab – library to create PDF documents Details It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-reportlab – 3.5.23-1ubuntu0.1 python3-reportlab – 3.5.23-1ubuntu0.1 Ubuntu 18.04 LTS python-reportlab – 3.4.0-3ubuntu0.1 python3-reportlab – 3.4.0-3ubuntu0.1 Ubuntu 16.04 LTS python-reportlab – 3.3.0-1ubuntu0.1 python3-reportlab – 3.3.0-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-4272-1: Pillow vulnerabilities pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in Pillow. Software Description pillow – Python Imaging Library Details It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310) It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a [ more… ]

USN-4271-1: Mesa vulnerability mesa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Mesa could be made to expose sensitive information. Software Description mesa – free implementation of the EGL API Details Tim Brown discovered that Mesa incorrectly handled shared memory permissions. A local attacker could use this issue to obtain and possibly alter sensitive information belonging to another user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libd3dadapter9-mesa – 19.2.8-0ubuntu0~19.10.2 libegl-mesa0 – 19.2.8-0ubuntu0~19.10.2 libegl1-mesa – 19.2.8-0ubuntu0~19.10.2 libgbm1 – 19.2.8-0ubuntu0~19.10.2 libgl1-mesa-dri – 19.2.8-0ubuntu0~19.10.2 libgl1-mesa-glx – 19.2.8-0ubuntu0~19.10.2 libglapi-mesa – 19.2.8-0ubuntu0~19.10.2 libgles2-mesa – 19.2.8-0ubuntu0~19.10.2 libglx-mesa0 – 19.2.8-0ubuntu0~19.10.2 libosmesa6 – 19.2.8-0ubuntu0~19.10.2 libwayland-egl1-mesa – 19.2.8-0ubuntu0~19.10.2 libxatracker2 – 19.2.8-0ubuntu0~19.10.2 mesa-opencl-icd – 19.2.8-0ubuntu0~19.10.2 mesa-va-drivers – 19.2.8-0ubuntu0~19.10.2 mesa-vdpau-drivers – 19.2.8-0ubuntu0~19.10.2 mesa-vulkan-drivers – 19.2.8-0ubuntu0~19.10.2 Ubuntu 18.04 LTS libd3dadapter9-mesa – [ more… ]

USN-4270-1: Exiv2 vulnerability exiv2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Exiv2 could be made to crash if it opened a specially crafted image. Software Description exiv2 – EXIF/IPTC/XMP metadata manipulation tool Details It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 exiv2 – 0.25-4ubuntu2.2 libexiv2-14 – 0.25-4ubuntu2.2 Ubuntu 18.04 LTS exiv2 – 0.25-3.1ubuntu0.18.04.5 libexiv2-14 – 0.25-3.1ubuntu0.18.04.5 Ubuntu 16.04 LTS exiv2 – 0.25-2.1ubuntu16.04.6 libexiv2-14 – 0.25-2.1ubuntu16.04.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-20421 Source: USN-4270-1: Exiv2 vulnerability

USN-4269-1: systemd vulnerabilities systemd vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in systemd. Software Description systemd – system and service manager Details It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue [ more… ]