ubuntu-usn

USN-3861-2: PolicyKit vulnerability policykit-1 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary PolicyKit could allow unintended access. Software Description policykit-1 – framework for managing administrative policies and privileges Details USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libpolkit-backend-1-0 – 0.104-1ubuntu1.4 policykit-1 – 0.104-1ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References USN-3861-1 CVE-2018-19788 Source: USN-3861-2: PolicyKit [ more… ]

USN-3861-1: PolicyKit vulnerability policykit-1 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary PolicyKit could allow unintended access. Software Description policykit-1 – framework for managing administrative policies and privileges Details It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpolkit-backend-1-0 – 0.105-21ubuntu0.3 policykit-1 – 0.105-21ubuntu0.3 Ubuntu 18.04 LTS libpolkit-backend-1-0 – 0.105-20ubuntu0.18.04.4 policykit-1 – 0.105-20ubuntu0.18.04.4 Ubuntu 16.04 LTS libpolkit-backend-1-0 – 0.105-14.1ubuntu0.4 policykit-1 – 0.105-14.1ubuntu0.4 Ubuntu 14.04 LTS libpolkit-backend-1-0 – 0.105-4ubuntu3.14.04.5 policykit-1 – 0.105-4ubuntu3.14.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to [ more… ]

USN-3860-2: libcaca vulnerabilities libcaca vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in libcaca. Software Description libcaca – text mode graphics utilities Details USN-3860-1 fixed a vulnerability in libcaca. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20546, CVE-2018-20547) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu [ more… ]

USN-3860-1: libcaca vulnerabilities libcaca vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libcaca. Software Description libcaca – text mode graphics utilities Details It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20546, CVE-2018-20547) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 caca-utils – 0.99.beta19-2ubuntu0.18.10.1 libcaca0 – 0.99.beta19-2ubuntu0.18.10.1 Ubuntu 18.04 LTS caca-utils [ more… ]

USN-3859-1: libarchive vulnerabilities libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libarchive. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 and Ubuntu 18.10 LTS. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-14502) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libarchive13 – 3.2.2-5ubuntu0.1 Ubuntu 18.04 LTS [ more… ]