ubuntu-usn

USN-3550-2: ClamAV vulnerabilities Ubuntu Security Notice USN-3550-2 5th February, 2018 clamav vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in ClamAV. Software description clamav – Anti-virus utility for Unix Details USN-3550-1 fixed several vulnerabilities in ClamAV. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12376) It was discovered that ClamAV incorrectly [ more… ]

USN-3556-2: Dovecot vulnerabilities Ubuntu Security Notice USN-3556-2 1st February, 2018 dovecot vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Dovecot. Software description dovecot – IMAP and POP3 email server Details USN-3556-1 fixed vulnerabilities in Dovecot. This updateprovides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications.An attacker could possibly use this to bypass authentication and accesssensitive information. (CVE-2013-6171) Original advisory details: It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. (CVE-2017-15132) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: dovecot-core 1:2.0.19-0ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-3556-1: Dovecot vulnerability Ubuntu Security Notice USN-3556-1 1st February, 2018 dovecot vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Dovecot could be made to crash if it received specially crafted input. Software description dovecot – IMAP and POP3 email server Details It was discovered that Dovecot incorrectly handled certain authentications.An attacker could possibly use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: dovecot-core 1:2.2.27-3ubuntu1.2 Ubuntu 16.04 LTS: dovecot-core 1:2.2.22-1ubuntu2.6 Ubuntu 14.04 LTS: dovecot-core 1:2.2.9-1ubuntu2.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-15132 Source: USN-3556-1: Dovecot vulnerability

USN-3555-2: w3m vulnerabilities Ubuntu Security Notice USN-3555-2 1st February, 2018 w3m vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in w3m. Software description w3m – WWW browsable pager with excellent tables/frames support Details USN-3555-2 fixed vulnerabilities in w3m. This updateprovides the corresponding update for Ubuntu 12.04 ESM.Original advisory details: It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6196, CVE-2018-6197) It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files. (CVE-2018-6198) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: w3m 0.5.3-5ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3555-1: w3m vulnerabilities Ubuntu Security Notice USN-3555-1 1st February, 2018 w3m vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in w3m. Software description w3m – WWW browsable pager with excellent tables/frames support Details It was discovered that w3m incorrectly handled certain inputs.An attacker could possibly use this to cause a denial of service.(CVE-2018-6196, CVE-2018-6197) It was discovered that w3m incorrectly handled temporary files.An attacker could possibly use this to overwrite arbitrary files.(CVE-2018-6198) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: w3m 0.5.3-34ubuntu0.1 Ubuntu 16.04 LTS: w3m 0.5.3-26ubuntu0.2 Ubuntu 14.04 LTS: w3m 0.5.3-15ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]