ubuntu-usn

USN-3593-1: Zsh vulnerabilities zsh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Zsh. Software Description zsh – shell with lots of features Details It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071) It was discovered that Zsh incorrectly handled some symbolic links. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072) It was discovered that Zsh incorrectly handled certain errors. An attacker [ more… ]

USN-3592-1: ClamAV vulnerabilities clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ClamAV. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 clamav – 0.99.4+addedllvm-0ubuntu0.17.10.1 Ubuntu 16.04 LTS clamav – 0.99.4+addedllvm-0ubuntu0.16.04.1 Ubuntu 14.04 LTS clamav – 0.99.4+addedllvm-0ubuntu0.14.04.1 To [ more… ]

USN-3579-3: LibreOffice regression libreoffice regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary USN-3579-1 caused a regression in LibreOffice. Software Description libreoffice – Office productivity suite Details USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user’s home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. (CVE-2018-6871) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libreoffice-common – 1:5.4.5-0ubuntu0.17.10.5 To update your system, please follow these [ more… ]

USN-3591-1: Django vulnerabilities python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Django. Software Description python-django – High-level Python web development framework Details James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 python-django – 1:1.11.4-1ubuntu1.2 python3-django – 1:1.11.4-1ubuntu1.2 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.6 python3-django – 1.8.7-1ubuntu5.6 Ubuntu 14.04 LTS python-django – 1.6.11-0ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-7536 CVE-2018-7537 Source: USN-3591-1: Django vulnerabilities

USN-3590-1: Irssi vulnerabilities irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Irssi. Software Description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7050) It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. (CVE-2018-7051) It was discovered that Irssi incorrectly handled an increase in the number of windows. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7052) It was discovered that Irssi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary [ more… ]