ubuntu-usn

USN-3616-1: Python Crypto vulnerability python-crypto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Python Crypto could expose sensitive information. Software Description python-crypto – cryptographic algorithms and protocols for Python Details It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 python-crypto – 2.6.1-7ubuntu0.1 python3-crypto – 2.6.1-7ubuntu0.1 Ubuntu 16.04 LTS python-crypto – 2.6.1-6ubuntu0.16.04.3 python3-crypto – 2.6.1-6ubuntu0.16.04.3 Ubuntu 14.04 LTS python-crypto – 2.6.1-4ubuntu0.3 python3-crypto – 2.6.1-4ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-6594 Source: USN-3616-1: Python Crypto vulnerability

USN-3615-1: LibRaw vulnerabilities libraw vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. Software Description libraw – raw image decoder library Details It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libraw16 – 0.18.2-2ubuntu0.2 Ubuntu 16.04 LTS libraw15 – 0.17.1-1ubuntu0.2 Ubuntu 14.04 LTS libraw9 – 0.15.4-1ubuntu0.2 To update your system, please follow these instructions: [ more… ]

USN-3614-1: OpenJDK 7 vulnerabilities openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software Description openjdk-7 – Open Source Java implementation Details It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588) It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. (CVE-2018-2599) It was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource [ more… ]

USN-3613-1: OpenJDK 8 vulnerabilities openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software Description openjdk-8 – Open Source Java implementation Details It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2582) It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588) It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote [ more… ]

USN-3587-2: Dovecot vulnerabilities dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Dovecot. Software Description dovecot – IMAP and POP3 email server Details USN-3587-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2017-15130) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 [ more… ]