Ubuntu

USN-4109-1: OpenJPEG vulnerabilities

4 weeks 2 days ago
openjpeg2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in OpenJPEG.

Software Description
  • openjpeg2 - JPEG 2000 image compression/decompression library
Details

It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480)

It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14423)

It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-18088)

It was discovered that OpenJPEG incorrectly handled certain BMP files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5785, CVE-2018-6616)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libopenjp2-7 - 2.3.0-2build0.18.04.1
libopenjp3d7 - 2.3.0-2build0.18.04.1
libopenjpip7 - 2.3.0-2build0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4108-1: Zstandard vulnerability

4 weeks 2 days ago
libzstd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Zstandard could be made to execute arbitrary code if it received specially crafted input.

Software Description
  • libzstd - fast lossless compression algorithm – development files
Details

It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libzstd1 - 1.3.3+dfsg-2ubuntu1.1
zstd - 1.3.3+dfsg-2ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4107-1: GIFLIB vulnerabilities

1 month ago
giflib vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in GIFLIB.

Software Description
  • giflib - library for GIF images (utilities)
Details

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977)

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11490, CVE-2019-15133)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
giflib-tools - 5.1.4-3ubuntu0.1
libgif7 - 5.1.4-3ubuntu0.1
Ubuntu 18.04 LTS
giflib-tools - 5.1.4-2ubuntu0.1
libgif7 - 5.1.4-2ubuntu0.1
Ubuntu 16.04 LTS
giflib-tools - 5.1.4-0.3~16.04.1
libgif7 - 5.1.4-0.3~16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4106-1: NLTK vulnerability

1 month ago
NLTK vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

NLTK could be made to overwrite files.

Software Description
  • nltk - Python libraries for natural language processing
Details

Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
python-nltk - 3.4-1ubuntu0.1
python3-nltk - 3.4-1ubuntu0.1
Ubuntu 18.04 LTS
python-nltk - 3.2.5-1ubuntu0.1
python3-nltk - 3.2.5-1ubuntu0.1
Ubuntu 16.04 LTS
python-nltk - 3.1-1ubuntu0.1
python3-nltk - 3.1-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4105-1: CUPS vulnerabilities

1 month ago
cups vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in CUPS.

Software Description
  • cups - Common UNIX Printing System™
Details

Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675)

It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
cups - 2.2.10-4ubuntu2.1
Ubuntu 18.04 LTS
cups - 2.2.7-1ubuntu2.7
Ubuntu 16.04 LTS
cups - 2.1.3-4ubuntu0.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4104-1: Nova vulnerability

1 month ago
nova vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Nova could be made to expose sensitive information.

Software Description
  • nova - OpenStack Compute cloud infrastructure
Details

Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
nova-compute - 2:19.0.1-0ubuntu2.1
python3-nova - 2:19.0.1-0ubuntu2.1
Ubuntu 18.04 LTS
nova-compute - 2:17.0.10-0ubuntu2.1
python-nova - 2:17.0.10-0ubuntu2.1
Ubuntu 16.04 LTS
nova-compute - 2:13.1.4-0ubuntu4.5
python-nova - 2:13.1.4-0ubuntu4.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4103-2: Docker vulnerability

1 month ago
Docker vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Docker could be made to crash or run programs as your login.

Software Description
  • docker.io - Linux container runtime
Details

Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.

Original advisory details:

Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
docker.io - 18.09.7-0ubuntu1~19.04.5
Ubuntu 18.04 LTS
docker.io - 18.09.7-0ubuntu1~18.04.4
Ubuntu 16.04 LTS
docker.io - 18.09.7-0ubuntu1~16.04.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4103-1: docker-credential-helpers vulnerability

1 month ago
docker-credential-helpers vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
Summary

docker-credential-helpers could be made to crash or run programs as your login

Software Description
  • golang-github-docker-docker-credential-helpers - Use native stores to safeguard Docker credentials
Details

Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
golang-docker-credential-helpers - 0.6.1-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4078-2: OpenLDAP vulnerabilities

1 month ago
openldap vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in OpenLDAP.

Software Description
  • openldap - OpenLDAP utilities
Details

USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057)

It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
slapd - 2.4.31-1+nmu2ubuntu8.5+esm1
Ubuntu 12.04 ESM
slapd - 2.4.28-1.1ubuntu4.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4102-1: LibreOffice vulnerabilities

1 month ago
libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in LibreOffice.

Software Description
  • libreoffice - Office productivity suite
Details

It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851)

It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2019-9852)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libreoffice-core - 1:6.2.6-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
libreoffice-core - 1:6.0.7-0ubuntu0.18.04.9
Ubuntu 16.04 LTS
libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all the necessary changes.

References

USN-4100-1: KConfig and KDE libraries vulnerabilities

1 month ago
kconfig, kde4libs vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

KConfig and KDE libraries could be made to crash or run programs if it opened a specially crafted file.

Software Description
  • kconfig - configuration settings framework for Qt
  • kde4libs - KDE 4 core applications and libraries
Details

It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. (CVE-2019-14744)

It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file. (CVE-2016-6232)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libkdecore5 - 4:4.14.38-0ubuntu6.1
libkf5configcore5 - 5.56.0-0ubuntu1.1
Ubuntu 18.04 LTS
libkdecore5 - 4:4.14.38-0ubuntu3.1
libkf5configcore5 - 5.44.0-0ubuntu1.1
Ubuntu 16.04 LTS
libkdecore5 - 4:4.14.16-0ubuntu3.3
libkf5configcore5 - 5.18.0-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4101-1: Firefox vulnerability

1 month ago
firefox vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

A local attacker could obtain saved passwords.

Software Description
  • firefox - Mozilla Open Source web browser
Details

It was discovered that passwords could be copied to the clipboard from the "Saved Logins" dialog without entering the master password, even when a master password has been set. A local attacker could potentially exploit this to obtain saved passwords.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
firefox - 68.0.2+build1-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
firefox - 68.0.2+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 68.0.2+build1-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-4099-1: nginx vulnerabilities

1 month ago
nginx vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

nginx could be made to crash if it received specially crafted network traffic.

Software Description
  • nginx - small, powerful, scalable web/proxy server
Details

Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
nginx-common - 1.15.9-0ubuntu1.1
nginx-core - 1.15.9-0ubuntu1.1
nginx-extras - 1.15.9-0ubuntu1.1
nginx-full - 1.15.9-0ubuntu1.1
nginx-light - 1.15.9-0ubuntu1.1
Ubuntu 18.04 LTS
nginx-common - 1.14.0-0ubuntu1.4
nginx-core - 1.14.0-0ubuntu1.4
nginx-extras - 1.14.0-0ubuntu1.4
nginx-full - 1.14.0-0ubuntu1.4
nginx-light - 1.14.0-0ubuntu1.4
Ubuntu 16.04 LTS
nginx-common - 1.10.3-0ubuntu0.16.04.4
nginx-core - 1.10.3-0ubuntu0.16.04.4
nginx-extras - 1.10.3-0ubuntu0.16.04.4
nginx-full - 1.10.3-0ubuntu0.16.04.4
nginx-light - 1.10.3-0ubuntu0.16.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4098-1: wpa_supplicant and hostapd vulnerability

1 month ago
wpa vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
Summary

wpa_supplicant and hostapd could be made to expose sensitive information over the network.

Software Description
  • wpa - client support for WPA and WPA2
Details

It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
hostapd - 2:2.6-21ubuntu3.2
wpasupplicant - 2:2.6-21ubuntu3.2
Ubuntu 18.04 LTS
hostapd - 2:2.6-15ubuntu2.4
wpasupplicant - 2:2.6-15ubuntu2.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

USN-4097-2: PHP vulnerabilities

1 month 1 week ago
php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

PHP could be made to crash or execute arbitrary code if it received specially crafted image.

Software Description
  • php5 - HTML-embedded scripting language interpreter
Details

USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm5
Ubuntu 12.04 ESM
libapache2-mod-php5 - 5.3.10-1ubuntu3.39
php5-cgi - 5.3.10-1ubuntu3.39
php5-cli - 5.3.10-1ubuntu3.39
php5-fpm - 5.3.10-1ubuntu3.39
php5-xmlrpc - 5.3.10-1ubuntu3.39

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4097-1: PHP vulnerabilities

1 month 1 week ago
php7.0, php7.2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

PHP could be made to crash or execute arbitrary code if it received specially crafted image.

Software Description
  • php7.2 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter
Details

It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libapache2-mod-php7.2 - 7.2.19-0ubuntu0.19.04.2
php7.2-cgi - 7.2.19-0ubuntu0.19.04.2
php7.2-cli - 7.2.19-0ubuntu0.19.04.2
php7.2-fpm - 7.2.19-0ubuntu0.19.04.2
php7.2-xmlrpc - 7.2.19-0ubuntu0.19.04.2
Ubuntu 18.04 LTS
libapache2-mod-php7.2 - 7.2.19-0ubuntu0.18.04.2
php7.2-cgi - 7.2.19-0ubuntu0.18.04.2
php7.2-cli - 7.2.19-0ubuntu0.18.04.2
php7.2-fpm - 7.2.19-0ubuntu0.18.04.2
php7.2-xmlrpc - 7.2.19-0ubuntu0.18.04.2
Ubuntu 16.04 LTS
libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.6
php7.0-cgi - 7.0.33-0ubuntu0.16.04.6
php7.0-cli - 7.0.33-0ubuntu0.16.04.6
php7.0-fpm - 7.0.33-0ubuntu0.16.04.6
php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3997-1: Thunderbird vulnerabilities

3 months 3 weeks ago
thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Thunderbird.

Software Description
  • thunderbird - Mozilla Open Source mail and newsgroup client
Details

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317)

A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816)

It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
Ubuntu 18.10
thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

USN-3995-2: Keepalived vulnerability

3 months 3 weeks ago
keepalived vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Keepalived could be made to crash or run programs if it received specially crafted network traffic.

Software Description
  • keepalived - Failover and monitoring daemon for LVS clusters
Details

USN-3995-1 fixed a vulnerability in keepalived. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
keepalived - 1:1.2.7-1ubuntu1+esm1
Ubuntu 12.04 ESM
keepalived - 1:1.2.2-3ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3845-2: FreeRDP vulnerabilities

3 months 3 weeks ago
freerdp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in FreeRDP.

Software Description
  • freerdp - RDP client for Windows Terminal Services
Details

USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10.

Original advisory details:

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)

Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787)

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788)

Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1
Ubuntu 18.04 LTS
libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3995-1: Keepalived vulnerability

3 months 3 weeks ago
keepalived vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Keepalived could be made to crash or run programs if it received specially crafted network traffic.

Software Description
  • keepalived - Failover and monitoring daemon for LVS clusters
Details

It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
keepalived - 1:1.3.9-1ubuntu1.1
Ubuntu 18.04 LTS
keepalived - 1:1.3.9-1ubuntu0.18.04.2
Ubuntu 16.04 LTS
keepalived - 1:1.2.24-1ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
Checked
3 months 3 weeks ago
Recent content on Ubuntu security notices
Subscribe to Ubuntu feed
Categrory