ubuntu-usn

USN-4104-1: Nova vulnerability nova vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Nova could be made to expose sensitive information. Software Description nova – OpenStack Compute cloud infrastructure Details Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 nova-compute – 2:19.0.1-0ubuntu2.1 python3-nova – 2:19.0.1-0ubuntu2.1 Ubuntu 18.04 LTS nova-compute – 2:17.0.10-0ubuntu2.1 python-nova – 2:17.0.10-0ubuntu2.1 Ubuntu 16.04 LTS nova-compute – 2:13.1.4-0ubuntu4.5 python-nova – 2:13.1.4-0ubuntu4.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4103-2: Docker vulnerability Docker vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Docker could be made to crash or run programs as your login. Software Description docker.io – Linux container runtime Details Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 docker.io – 18.09.7-0ubuntu1~19.04.5 Ubuntu 18.04 LTS docker.io – 18.09.7-0ubuntu1~18.04.4 Ubuntu 16.04 LTS [ more… ]

USN-4103-1: docker-credential-helpers vulnerability docker-credential-helpers vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary docker-credential-helpers could be made to crash or run programs as your login Software Description golang-github-docker-docker-credential-helpers – Use native stores to safeguard Docker credentials Details Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 golang-docker-credential-helpers – 0.6.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1020014 Source: USN-4103-1: docker-credential-helpers vulnerability

USN-4078-2: OpenLDAP vulnerabilities openldap vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in OpenLDAP. Software Description openldap – OpenLDAP utilities Details USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 [ more… ]

USN-4102-1: LibreOffice vulnerabilities libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in LibreOffice. Software Description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2019-9852) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libreoffice-core – 1:6.2.6-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libreoffice-core – 1:6.0.7-0ubuntu0.18.04.9 Ubuntu 16.04 LTS libreoffice-core – 1:5.1.6~rc2-0ubuntu1~xenial9 To update your [ more… ]