Aggregator

USN-4519-1: PulseAudio vulnerability

15 hours 55 minutes ago
pulseaudio vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

PulseAudio could be made to crash or run programs as your login if it received specially crafted input.

Software Description
  • pulseaudio - PulseAudio sound server
Details

Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15710)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libpulse-mainloop-glib0 - 1:8.0-0ubuntu3.14
libpulse0 - 1:8.0-0ubuntu3.14
pulseaudio - 1:8.0-0ubuntu3.14
pulseaudio-module-bluetooth - 1:8.0-0ubuntu3.14
pulseaudio-utils - 1:8.0-0ubuntu3.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4517-1: Email-Address-List vulnerability

16 hours 43 minutes ago
libemail-address-list-perl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Email-Address-List could be made to remotely exhaust resources if it received specially crafted email data.

Software Description
  • libemail-address-list-perl - RFC close address list parsing
Details

It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. (CVE-2018-18898)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libemail-address-list-perl - 0.05-1+deb9u1build0.18.04.1
Ubuntu 16.04 LTS
libemail-address-list-perl - 0.05-1+deb9u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4518-1: xawtv vulnerability

17 hours 27 minutes ago
xawtv vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

xawtv could be made to expose sensitive information and escalate user privileges if it received specially crafted input.

Software Description
  • xawtv - X11 program for watching TV
Details

Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges. (CVE-2020-13696)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
alevtd - 3.103-3+deb8u1build0.16.04.1
fbtv - 3.103-3+deb8u1build0.16.04.1
pia - 3.103-3+deb8u1build0.16.04.1
radio - 3.103-3+deb8u1build0.16.04.1
scantv - 3.103-3+deb8u1build0.16.04.1
streamer - 3.103-3+deb8u1build0.16.04.1
ttv - 3.103-3+deb8u1build0.16.04.1
v4l-conf - 3.103-3+deb8u1build0.16.04.1
webcam - 3.103-3+deb8u1build0.16.04.1
xawtv - 3.103-3+deb8u1build0.16.04.1
xawtv-plugin-qt - 3.103-3+deb8u1build0.16.04.1
xawtv-plugins - 3.103-3+deb8u1build0.16.04.1
xawtv-tools - 3.103-3+deb8u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4516-1: GnuPG vulnerability

20 hours 22 minutes ago
gnupg2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

GnuPG could be made to expose sensitive information.

Software Description
  • gnupg2 - GNU privacy guard - a free PGP replacement
Details

It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option –allow-weak-key-signatures can be used to revert this behaviour.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
gnupg - 2.2.4-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4515-1: Pure-FTPd vulnerability

21 hours 23 minutes ago
pure-ftpd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Pure-FTPd could be made to expose sensitive information if it recieved specially crafted input.

Software Description
  • pure-ftpd - Secure and efficient FTP server
Details

Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. (CVE-2020-9274)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
pure-ftpd - 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-common - 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-ldap - 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-mysql - 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-postgresql - 1.0.36-3.2+deb8u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4514-1: libproxy vulnerability

22 hours 3 minutes ago
libproxy vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

libproxy could be made to crash if it received a specially crafted PAC file.

Software Description
  • libproxy - automatic proxy configuration management library
Details

It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
libproxy1v5 - 0.4.15-10ubuntu1.1
Ubuntu 18.04 LTS
libproxy1v5 - 0.4.15-1ubuntu0.1
Ubuntu 16.04 LTS
libproxy1v5 - 0.4.11-5ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References