ubuntu-usn

USN-3912-1: GDK-PixBuf vulnerability gdk-pixbuf vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. Software Description gdk-pixbuf – GDK Pixbuf library Details It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libgdk-pixbuf2.0-0 – 2.32.2-1ubuntu1.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your [ more… ]

USN-3906-2: LibTIFF vulnerabilities tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description tiff – Tag Image File Format (TIFF) library Details USN-3906-1 and USN-3864-1fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libtiff-tools – 3.9.5-2ubuntu1.12 libtiff4 – 3.9.5-2ubuntu1.12 [ more… ]

USN-3911-1: file vulnerabilities file vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in file. Software Description file – Tool to determine file types Details It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 file – 1:5.34-2ubuntu0.1 libmagic1 – 1:5.34-2ubuntu0.1 Ubuntu 18.04 LTS file – 1:5.32-2ubuntu0.2 libmagic1 – 1:5.32-2ubuntu0.2 Ubuntu 16.04 LTS file – 1:5.25-2ubuntu1.2 libmagic1 – 1:5.25-2ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Source: USN-3911-1: [ more… ]

USN-3910-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to [ more… ]

USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. [ more… ]