ubuntu-usn

USN-4201-1: Ruby vulnerabilities ruby2.3, ruby2.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Ruby. Software Description ruby2.5 – Interpreter of object-oriented scripting language Ruby ruby2.3 – Object-oriented scripting language Details It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. (CVE-2019-15845) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. (CVE-2019-16201) It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16254) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue [ more… ]

USN-4200-1: Redmine vulnerabilities redmine vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in redmine. Software Description redmine – flexible project management web application Details It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 redmine – 4.0.1-2ubuntu0.1 redmine-mysql – 4.0.1-2ubuntu0.1 redmine-pgsql – 4.0.1-2ubuntu0.1 redmine-sqlite – 4.0.1-2ubuntu0.1 Ubuntu 18.04 LTS redmine – 3.4.4-1ubuntu0.1 redmine-mysql – 3.4.4-1ubuntu0.1 redmine-pgsql – 3.4.4-1ubuntu0.1 redmine-sqlite – 3.4.4-1ubuntu0.1 Ubuntu 16.04 LTS redmine – [ more… ]

USN-4199-1: libvpx vulnerabilities libvpx vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libvpx. Software Description libvpx – VP8 and VP9 video codec Details It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libvpx5 – 1.7.0-3ubuntu0.19.04.1 Ubuntu 18.04 LTS libvpx5 – 1.7.0-3ubuntu0.18.04.1 Ubuntu 16.04 LTS libvpx3 – 1.5.0-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-13194 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 [ more… ]

USN-4189-2: DPDK regression dpdk regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary USN-4189-1 introduced a regression in DPDK. Software Description dpdk – set of libraries for fast packet processing Details USN-4189-1 fixed a vulnerability in DPDK. The new version introduced a regression in certain environments. This update fixes the problem. Original advisory details: Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this issue to cause DPDK to leak resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 dpdk – 18.11.5-0ubuntu0.19.10.1 Ubuntu 19.04 dpdk – 18.11.5-0ubuntu0.19.04.1 Ubuntu 18.04 LTS dpdk – 17.11.9-0ubuntu18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update [ more… ]

USN-4198-1: DjVuLibre vulnerabilities djvulibre vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in DjVuLibre. Software Description djvulibre – DjVu image format library and tools Details It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libdjvulibre21 – 3.5.27.1-13ubuntu0.1 Ubuntu 19.04 libdjvulibre21 – 3.5.27.1-10ubuntu0.1 Ubuntu 18.04 LTS libdjvulibre21 – 3.5.27.1-8ubuntu0.1 Ubuntu 16.04 LTS libdjvulibre21 – 3.5.27.1-5ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]