ubuntu-usn

USN-3895-1: LDB vulnerability ldb vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LDB could be made to crash if it received specially crafted network traffic. Software Description ldb – LDAP-like embedded database – tools Details It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libldb1 – 2:1.4.0+really1.3.5-2ubuntu0.1 Ubuntu 18.04 LTS libldb1 – 2:1.2.3-1ubuntu0.1 Ubuntu 16.04 LTS libldb1 – 2:1.1.24-1ubuntu3.1 Ubuntu 14.04 LTS libldb1 – 1:1.1.24-0ubuntu0.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]

USN-3894-1: GNOME Keyring vulnerability gnome-keyring vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary GNOME Keyring could be made to expose sensitive information. Software Description gnome-keyring – GNOME keyring services Details It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS gnome-keyring – 3.18.3-0ubuntu2.1 libpam-gnome-keyring – 3.18.3-0ubuntu2.1 Ubuntu 14.04 LTS gnome-keyring – 3.10.1-1ubuntu4.4 libpam-gnome-keyring – 3.10.1-1ubuntu4.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References CVE-2018-20781 Source: USN-3894-1: GNOME Keyring vulnerability

USN-3866-3: Ghostscript regression ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3866-2 introduced a regression in Ghostscript. Software Description ghostscript – PostScript and PDF interpreter Details USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – [ more… ]

USN-3893-2: Bind vulnerabilities bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Bind. Software Description bind9 – Internet Domain Name Server Details USN-3893-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2018-5745) It was discovered that Bind incorrectly handled certain controls for zone transfers, contrary to expectations. (CVE-2019-6465) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM bind9 – 1:9.8.1.dfsg.P1-4ubuntu0.27 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]

USN-3893-1: Bind vulnerabilities bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Bind. Software Description bind9 – Internet Domain Name Server Details Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2018-5745) It was discovered that Bind incorrectly handled certain controls for zone transfers, contrary to expectations. (CVE-2019-6465) Update instructions The problem can [ more… ]