ubuntu-usn

USN-4138-1: LibreOffice vulnerability libreoffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary LibreOffice could be made to run programs as your login if it opened a specially crafted file. Software Description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libreoffice-core – 1:6.2.7-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libreoffice-core – 1:6.0.7-0ubuntu0.18.04.10 Ubuntu 16.04 LTS libreoffice-core – 1:5.1.6~rc2-0ubuntu1~xenial10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice to make all the necessary changes. References [ more… ]

USN-4137-1: Mosquitto vulnerability Mosquitto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Mosquitto could be made to crash or run programs if it received specially crafted network traffic. Software Description mosquitto – MQTT version 3.1⁄3.1.1 compatible message broker Details It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libmosquitto1 – 1.5.7-1ubuntu0.1 libmosquittopp1 – 1.5.7-1ubuntu0.1 mosquitto – 1.5.7-1ubuntu0.1 mosquitto-clients – 1.5.7-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11779 Source: USN-4137-1: Mosquitto vulnerability

USN-4134-2: IBus regression ibus regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN 4134-1 introduced a regression in IBus. Software Description ibus – Intelligent Input Bus – core Details USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ibus – 1.5.19-1ubuntu2.2 Ubuntu 18.04 LTS ibus – 1.5.17-3ubuntu5.2 [ more… ]

USN-4128-2: Tomcat vulnerabilities tomcat9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in Tomcat 9. Software Description tomcat9 – Servlet and JSP engine Details It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libtomcat9-java – 9.0.16-3ubuntu0.19.04.1 tomcat9 – 9.0.16-3ubuntu0.19.04.1 Ubuntu 18.04 LTS libtomcat9-java – 9.0.16-3ubuntu0.18.04.1 tomcat9 – 9.0.16-3ubuntu0.18.04.1 To update your system, please follow [ more… ]

USN-4136-2: wpa_supplicant and hostapd vulnerability wpa, wpasupplicant vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. Software Description wpa – client support for WPA and WPA2 wpasupplicant – client support for WPA and WPA2 Details USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM hostapd – 1:2.1-0ubuntu1.7+esm2 wpasupplicant – 2.1-0ubuntu1.7+esm2 Ubuntu 12.04 ESM [ more… ]