ubuntu-usn

USN-3878-2: Linux kernel (Azure) vulnerabilities linux-azure vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux-azure – Linux kernel for Microsoft Azure Cloud systems Details It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges [ more… ]

USN-3871-5: Linux kernel (Azure) vulnerabilities linux-azure vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-azure – Linux kernel for Microsoft Azure Cloud systems Details Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) [ more… ]

USN-3885-1: OpenSSH vulnerabilities openssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenSSH. Software Description openssh – secure shell (SSH) for secure access to remote machines Details Harry Sintonen discovered multiple issus in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 openssh-client – 1:7.7p1-4ubuntu0.2 Ubuntu 18.04 LTS openssh-client – 1:7.6p1-4ubuntu0.2 Ubuntu 16.04 LTS openssh-client – 1:7.2p2-4ubuntu2.7 Ubuntu 14.04 LTS openssh-client – 1:6.6p1-2ubuntu2.12 To update your system, please follow these instructions: [ more… ]

USN-3884-1: libarchive vulnerabilities libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libarchive. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1000019, CVE-2019-1000020) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libarchive13 – 3.2.2-5ubuntu0.2 Ubuntu 18.04 LTS libarchive13 – 3.2.2-3.1ubuntu0.3 Ubuntu 16.04 LTS libarchive13 – 3.1.2-11ubuntu0.16.04.6 Ubuntu 14.04 LTS libarchive13 – 3.1.2-7ubuntu2.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1000019 CVE-2019-1000020 Source: USN-3884-1: libarchive vulnerabilities

USN-3883-1: LibreOffice vulnerabilities libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in LibreOffice. Software Description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2018-10119, CVE-2018-10120, CVE-2018-11790) It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. (CVE-2018-10583) Alex Inführ discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly [ more… ]