ubuntu-usn

USN-4202-2: Thunderbird regression thunderbird regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary USN-4202-1 caused a regression in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an [ more… ]

USN-4220-1: Git vulnerabilities git vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Git. Software Description git – fast, scalable, distributed revision control system Details Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 git – 1:2.20.1-2ubuntu1.19.10.1 Ubuntu 19.04 git – 1:2.20.1-2ubuntu1.19.04.1 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.5 Ubuntu 16.04 LTS git – 1:2.7.4-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1348 CVE-2019-1349 [ more… ]

USN-4219-1: libssh vulnerability libssh vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary libssh could be made to run programs under certain conditions. Software Description libssh – A tiny C SSH library Details It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libssh-4 – 0.9.0-1ubuntu1.3 Ubuntu 19.04 libssh-4 – 0.8.6-3ubuntu0.3 Ubuntu 18.04 LTS libssh-4 – 0.8.0~20170825.94fa1e38-1ubuntu0.5 Ubuntu 16.04 LTS libssh-4 – 0.6.3-4.3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-4218-1: GNU C vulnerability eglibc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GNU C could be made to execute arbitrary code or cause a crash if it received a specially crafted input. Software Description eglibc – GNU C Library Details Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libc6 – 2.19-0ubuntu6.15+esm1 Ubuntu 12.04 ESM libc6 – 2.15-0ubuntu10.22 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-6485 Source: USN-4218-1: GNU C vulnerability

USN-4217-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libsmbclient – 2:4.10.7+dfsg-0ubuntu2.3 samba – 2:4.10.7+dfsg-0ubuntu2.3 Ubuntu 19.04 libsmbclient – 2:4.10.0+dfsg-0ubuntu2.7 samba – 2:4.10.0+dfsg-0ubuntu2.7 Ubuntu 18.04 LTS libsmbclient – 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 Ubuntu 16.04 LTS libsmbclient [ more… ]