Aggregator

USN-4109-1: OpenJPEG vulnerabilities

1 day 11 hours ago
openjpeg2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in OpenJPEG.

Software Description
  • openjpeg2 - JPEG 2000 image compression/decompression library
Details

It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480)

It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14423)

It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-18088)

It was discovered that OpenJPEG incorrectly handled certain BMP files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5785, CVE-2018-6616)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libopenjp2-7 - 2.3.0-2build0.18.04.1
libopenjp3d7 - 2.3.0-2build0.18.04.1
libopenjpip7 - 2.3.0-2build0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4108-1: Zstandard vulnerability

1 day 15 hours ago
libzstd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Zstandard could be made to execute arbitrary code if it received specially crafted input.

Software Description
  • libzstd - fast lossless compression algorithm – development files
Details

It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libzstd1 - 1.3.3+dfsg-2ubuntu1.1
zstd - 1.3.3+dfsg-2ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4107-1: GIFLIB vulnerabilities

2 days 13 hours ago
giflib vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in GIFLIB.

Software Description
  • giflib - library for GIF images (utilities)
Details

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977)

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11490, CVE-2019-15133)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
giflib-tools - 5.1.4-3ubuntu0.1
libgif7 - 5.1.4-3ubuntu0.1
Ubuntu 18.04 LTS
giflib-tools - 5.1.4-2ubuntu0.1
libgif7 - 5.1.4-2ubuntu0.1
Ubuntu 16.04 LTS
giflib-tools - 5.1.4-0.3~16.04.1
libgif7 - 5.1.4-0.3~16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4106-1: NLTK vulnerability

2 days 15 hours ago
NLTK vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

NLTK could be made to overwrite files.

Software Description
  • nltk - Python libraries for natural language processing
Details

Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
python-nltk - 3.4-1ubuntu0.1
python3-nltk - 3.4-1ubuntu0.1
Ubuntu 18.04 LTS
python-nltk - 3.2.5-1ubuntu0.1
python3-nltk - 3.2.5-1ubuntu0.1
Ubuntu 16.04 LTS
python-nltk - 3.1-1ubuntu0.1
python3-nltk - 3.1-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4105-1: CUPS vulnerabilities

3 days 1 hour ago
cups vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in CUPS.

Software Description
  • cups - Common UNIX Printing System™
Details

Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675)

It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
cups - 2.2.10-4ubuntu2.1
Ubuntu 18.04 LTS
cups - 2.2.7-1ubuntu2.7
Ubuntu 16.04 LTS
cups - 2.1.3-4ubuntu0.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References