ubuntu-usn

USN-3865-1: poppler vulnerabilities poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in poppler. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20481, CVE-2018-20650) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpoppler79 – 0.68.0-0ubuntu1.4 poppler-utils – 0.68.0-0ubuntu1.4 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.6 poppler-utils – 0.62.0-2ubuntu2.6 Ubuntu 16.04 LTS libpoppler58 – 0.41.0-0ubuntu1.11 poppler-utils – 0.41.0-0ubuntu1.11 Ubuntu 14.04 LTS libpoppler44 – 0.24.5-2ubuntu4.15 poppler-utils – 0.24.5-2ubuntu4.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3864-1: LibTIFF vulnerabilities tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libtiff-tools – 4.0.9-6ubuntu0.1 libtiff5 – 4.0.9-6ubuntu0.1 Ubuntu 18.04 LTS libtiff-tools – 4.0.9-5ubuntu0.1 libtiff5 – 4.0.9-5ubuntu0.1 Ubuntu 16.04 LTS libtiff-tools [ more… ]

USN-3863-2: APT vulnerability apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary An attacker could trick APT into installing altered packages. Software Description apt – Advanced front-end for dpkg Details USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM apt – 0.8.16~exp12ubuntu10.28 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3863-1 CVE-2019-3462 Source: USN-3863-2: APT vulnerability

USN-3863-1: APT vulnerability apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary An attacker could trick APT into installing altered packages. Software Description apt – Advanced front-end for dpkg Details Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 apt – 1.7.0ubuntu0.1 Ubuntu 18.04 LTS apt – 1.6.6ubuntu0.1 Ubuntu 16.04 LTS apt – 1.2.29ubuntu0.1 Ubuntu 14.04 LTS apt – 1.0.1ubuntu2.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3462 [ more… ]

USN-3862-1: Irssi vulnerability irssi vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Irssi could be made to crash or execute arbitrary code if it received a specially crafted input. Software Description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 irssi – 1.1.1-1ubuntu1.1 Ubuntu 18.04 LTS irssi – 1.0.5-1ubuntu4.1 Ubuntu 16.04 LTS irssi – 0.8.19-1ubuntu1.8 Ubuntu 14.04 LTS irssi – 0.8.15-5ubuntu3.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Irssi to [ more… ]