ubuntu-usn

USN-3565-1: Exim vulnerability Ubuntu Security Notice USN-3565-1 12th February, 2018 exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Exim could be made to crash or run programs if it received specially crafted network traffic. Software description exim4 – Exim is a mail transport agent Details Meh Chang discovered that Exim incorrectly handled memory in certaindecoding operations. A remote attacker could use this issue to cause Eximto crash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: exim4-daemon-heavy 4.89-5ubuntu1.3 exim4-daemon-light 4.89-5ubuntu1.3 Ubuntu 16.04 LTS: exim4-daemon-heavy 4.86.2-2ubuntu2.3 exim4-daemon-light 4.86.2-2ubuntu2.3 Ubuntu 14.04 LTS: exim4-daemon-heavy 4.82-3ubuntu2.4 exim4-daemon-light 4.82-3ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3567-1: Puppet vulnerability Ubuntu Security Notice USN-3567-1 12th February, 2018 puppet vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Puppet could be made to crash or run programs. Software description puppet – Centralized configuration management Details It was discovered that Puppet incorrectly handled permissions whenunpacking certain tarballs. A local user could possibly use this issue toexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: puppet-common 3.4.3-1ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-10689 Source: USN-3567-1: Puppet vulnerability

USN-3564-1: PostgreSQL vulnerability Ubuntu Security Notice USN-3564-1 9th February, 2018 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary PostgreSQL could be made to expose sensitive information. Software description postgresql-9.3 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database postgresql-9.6 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled certain temp files.An attacker could possibly use this to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: postgresql-9.6 9.6.7-0ubuntu0.17.10 Ubuntu 16.04 LTS: postgresql-9.5 9.5.11-0ubuntu0.16.04 Ubuntu 14.04 LTS: postgresql-9.3 9.3.21-0ubuntu0.14.04 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart PostgreSQL tomake [ more… ]

USN-3563-1: Mailman vulnerability Ubuntu Security Notice USN-3563-1 8th February, 2018 mailman vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Mailman could be made to run arbitrary code. Software description mailman – Powerful, web-based mailing list manager Details It was discovered that Mailman incorrectly handled certain web scripts.An attacker could possibly use this to inject arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: mailman 1:2.1.23-1ubuntu0.2 Ubuntu 16.04 LTS: mailman 1:2.1.20-1ubuntu0.3 Ubuntu 14.04 LTS: mailman 1:2.1.16-2ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-5950 Source: USN-3563-1: Mailman vulnerability

USN-3562-1: MiniUPnP vulnerabilities Ubuntu Security Notice USN-3562-1 7th February, 2018 miniupnpc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. Software description miniupnpc – UPnP IGD client lightweight library Details It was discovered that MiniUPnP incorrectly handled memory. A remoteattacker could use this issue to cause a denial of service or possiblyexecute arbitrary code with privileges of the user running an applicationthat uses the MiniUPnP library. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libminiupnpc10 1.9.20140610-4ubuntu1.1 Ubuntu 16.04 LTS: libminiupnpc10 1.9.20140610-2ubuntu2.16.04.2 Ubuntu 14.04 LTS: libminiupnpc8 1.6-3ubuntu2.14.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]