ubuntu-usn

USN-3906-1: LibTIFF vulnerabilities tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libtiff-tools – 4.0.9-6ubuntu0.2 libtiff5 – 4.0.9-6ubuntu0.2 Ubuntu 18.04 LTS libtiff-tools – 4.0.9-5ubuntu0.2 libtiff5 – 4.0.9-5ubuntu0.2 Ubuntu 16.04 LTS libtiff-tools [ more… ]

USN-3905-1: poppler vulnerability poppler vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary poppler could be made to crash if it opened a specially crafted file. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpoppler79 – 0.68.0-0ubuntu1.6 poppler-utils – 0.68.0-0ubuntu1.6 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.8 poppler-utils – 0.62.0-2ubuntu2.8 Ubuntu 16.04 LTS libpoppler58 – 0.41.0-0ubuntu1.13 poppler-utils – 0.41.0-0ubuntu1.13 Ubuntu 14.04 LTS libpoppler44 – 0.24.5-2ubuntu4.17 poppler-utils – 0.24.5-2ubuntu4.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-3904-1: NVIDIA graphics drivers vulnerability nvidia-graphics-drivers-390 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary NVIDIA graphics drivers could be made to expose sensitive information. Software Description nvidia-graphics-drivers-390 – NVIDIA binary X.Org driver Details It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 xserver-xorg-video-nvidia-390 – 390.116-0ubuntu0.18.10.1 Ubuntu 18.04 LTS xserver-xorg-video-nvidia-390 – 390.116-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE‑2018‑6260 Source: USN-3904-1: NVIDIA graphics drivers vulnerability

USN-3903-2: Linux kernel (HWE) vulnerabilities linux-hwe, linux-azure vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation in the Linux kernel [ more… ]

USN-3903-1: Linux kernel vulnerabilities linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain [ more… ]