ubuntu-usn

USN-4268-1: OpenSMTPD vulnerability OpenSMTPD vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary OpenSMTPD could be made to run programs as root if it received specially crafted input over the network. Software Description opensmtpd – secure, reliable, lean, and easy-to configure SMTP server Details It was discovered that OpenSMTPD incorrectly verified the sender’s or receiver’s e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 opensmtpd – 6.0.3p1-6ubuntu0.1 Ubuntu 18.04 LTS opensmtpd – 6.0.3p1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-7247 Source: USN-4268-1: OpenSMTPD vulnerability

USN-4263-2: Sudo vulnerability sudo vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Sudo could allow unintended access to the administrator account. Software Description sudo – Provide limited super user privileges to specific users Details USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM sudo – 1.8.9p5-1ubuntu1.5+esm3 sudo-ldap – 1.8.9p5-1ubuntu1.5+esm3 Ubuntu 12.04 ESM sudo – 1.8.3p1-1ubuntu3.9 sudo-ldap – 1.8.3p1-1ubuntu3.9 To update your system, please follow these [ more… ]

USN-4267-1: ARM mbed TLS vulnerabilities mbedtls vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in mbedtls. Software Description mbedtls – lightweight crypto and SSL/TLS library – crypto library Details It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. (CVE-2017-18187) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. (CVE-2018-0487) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (heap corruption) via a [ more… ]

USN-4266-1: GraphicsMagick vulnerabilities graphicsmagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in GraphicsMagick. Software Description graphicsmagick – collection of image processing tools Details It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS graphicsmagick – 1.3.23-1ubuntu0.6 libgraphicsmagick++-q16-12 – 1.3.23-1ubuntu0.6 libgraphicsmagick-q16-3 – 1.3.23-1ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 CVE-2017-18219 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 Source: USN-4266-1: GraphicsMagick vulnerabilities

USN-4265-2: SpamAssassin vulnerabilities spamassassin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in SpamAssassin. Software Description spamassassin – Perl-based spam filter using text analysis Details USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM spamassassin – 3.4.2-0ubuntu0.14.04.1+esm2 Ubuntu 12.04 ESM spamassassin – 3.4.2-0ubuntu0.12.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]