ubuntu-usn

USN-4205-1: SQLite vulnerabilities sqlite3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 12.04 ESM Summary Several security issues were fixed in SQLite. Software Description sqlite3 – C library that implements an SQL database engine Details It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected [ more… ]

USN-4204-1: psutil vulnerability python-psutil vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary psutil could be made to crash or run programs. Software Description python-psutil – module providing convenience functions for managing processes Details Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-psutil – 5.5.1-1ubuntu0.19.10.1 python3-psutil – 5.5.1-1ubuntu0.19.10.1 Ubuntu 19.04 python-psutil – 5.5.1-1ubuntu0.19.04.1 python3-psutil – 5.5.1-1ubuntu0.19.04.1 Ubuntu 18.04 LTS python-psutil – 5.4.2-1ubuntu0.1 python3-psutil – 5.4.2-1ubuntu0.1 Ubuntu 16.04 LTS python-psutil – 3.4.2-1ubuntu0.1 python3-psutil – 3.4.2-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4203-2: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary NSS could be made to crash or run programs if it received specially crafted input. Software Description nss – Network Security Service library Details USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libnss3 – 2:3.28.4-0ubuntu0.14.04.5+esm2 Ubuntu 12.04 ESM libnss3 – 2:3.28.4-0ubuntu0.12.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4203-1: NSS vulnerability nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary NSS could be made to crash or run programs if it received specially crafted input. Software Description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libnss3 – 2:3.45-1ubuntu2.1 Ubuntu 19.04 libnss3 – 2:3.42-1ubuntu2.3 Ubuntu 18.04 LTS libnss3 – 2:3.35-2ubuntu2.5 Ubuntu 16.04 LTS libnss3 – 2:3.28.4-0ubuntu0.16.04.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]

USN-4202-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, [ more… ]