ubuntu-usn

USN-4146-2: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900) Update instructions The problem can be corrected by updating your system to the following [ more… ]

USN-4146-1: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 clamav – 0.101.4+dfsg-0ubuntu0.19.04.1 Ubuntu 18.04 LTS clamav – 0.101.4+dfsg-0ubuntu0.18.04.1 Ubuntu 16.04 LTS clamav – 0.101.4+dfsg-0ubuntu0.16.04.1 To update [ more… ]

USN-4145-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service (system crash) [ more… ]

USN-4144-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures [ more… ]

USN-4143-1: SDL 2.0 vulnerabilities SDL 2.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary SDL 2.0 could be made to crash or run programs as your login if it opened a specially crafted file. Software Description libsdl2 – Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces Details It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2017-2888) It was discovered that SDL 2.0 mishandled crafted image files. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638) Update [ more… ]