Aggregator

znc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10

Summary

ZNC could be made to crash or run programs if it received specially crafted network traffic.

Software Description

• znc - advanced modular IRC bouncer

Details

It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

znc - 1.7.1-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-9917

Version:next-20190418 (linux-next) Released:2019-04-18

**Version 4.1.12** (2019-04-17) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas)

**Version 4.2.7** (2019-04-17) * bug #31107 [Routing] fix trailing slash redirection with non-greedy trailing vars (nicolas-grekas) * bug #31108 [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy (nicolas-grekas) * bug #31121 [HttpKernel] Fix get session when the request stack is empty (yceruto) * bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (vermeirentony) * bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (chalasr) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) ---- **Version 4.2.6** (2019-04-16) * bug #31088 [DI] fix removing non-shared definition while inlining them (nicolas-grekas) * bug #29944 [DI] Overriding services autowired by name under _defaults bind not working (przemyslaw-bogusz, renanbr) * bug #30993 [FrameworkBundle] Fix for Controller DEPRECATED when using composer --optimized (aweelex) * bug #31076 [HttpKernel] Fixed LoggerDataCollector crashing on empty file (althaus) * bug #31071 property normalizer should also pass format and context to isAllowedAttribute (dbu) * bug #31059 Show more accurate message in profiler when missing stopwatch (linaori) * bug #31026 [Serializer] Add default object class resolver (jdecool) * bug #31031 [Serializer] MetadataAwareNameConverter: Do not assume that property names are strings (soyuka) * bug #31043 [VarExporter] support PHP7.4 __serialize & __unserialize (nicolas-grekas) * bug #30423 [Security] Rework firewall's access denied rule (dimabory) * bug #31020 [VarExporter] fix exporting classes with private constructors (nicolas-grekas) * bug #31012 [Process] Fix missing $extraDirs when open_basedir returns (arsonik) * bug #30852 [Console] fix buildTableRows when Colspan is use with content too long (Raulnet) * bug #30950 [Serializer] Also validate callbacks when given in the normalizer context (dbu) * bug #30907 [Serializer] Respect ignored attributes in cache key of normalizer (dbu) * bug #30085 Fix TestRunner compatibility to PhpUnit 8 (alexander-schranz) * bug #30999 Fix dark themed componnents (ro0NL) * bug #30977 [serializer] prevent mixup in normalizer of the object to populate (dbu) * bug #30976 [Debug] Fixed error handling when an error is already handled when another error is already handled (5) (lyrixx) * bug #30979 Fix the configurability of CoreExtension deps in standalone usage (stof) * bug #30918 [Cache] fix using ProxyAdapter inside TagAwareAdapter (dmaicher) * bug #30961 [Form] fix translating file validation error message (xabbuh) * bug #30951 Handle case where no translations were found (greg0ire) * bug #29800 [Validator] Only traverse arrays that are cascaded into (corphi) * bug #30921 [Translator] Warm up the translations cache in dev (tgalopin) * bug #30922 [TwigBridge] fix horizontal spacing of inlined Bootstrap forms (xabbuh) * bug #30860 [Profiler] Fix dark theme elements color (dFayet) * bug #30895 [Form] turn failed file uploads into form errors (xabbuh) * bug #30919 [Translator] Fix wrong dump for PO files (deguif) * bug #30889 [DependencyInjection] Fix a wrong error when using a factory (Simperfit) * bug #30911 [Console] Fix table trailing backslash (maidmaid) * bug #30903 [Messenger] Uses the `SerializerStamp` when deserializing the envelope (sroze) * bug #30879 [Form] Php doc fixes and cs + optimizations (Jules Pietri) * bug #30883 [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() (Simperfit) * bug #30878 [Console] Fix inconsistent result for choice questions in non-interactive mode (chalasr) * bug #30825 [Routing] Fix: annotation loader ignores method's default values (voronkovich)

**Version 4.2.7** (2019-04-17) * bug #31107 [Routing] fix trailing slash redirection with non-greedy trailing vars (nicolas-grekas) * bug #31108 [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy (nicolas-grekas) * bug #31121 [HttpKernel] Fix get session when the request stack is empty (yceruto) * bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (vermeirentony) * bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (chalasr) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) ---- **Version 4.2.6** (2019-04-16) * bug #31088 [DI] fix removing non-shared definition while inlining them (nicolas-grekas) * bug #29944 [DI] Overriding services autowired by name under _defaults bind not working (przemyslaw-bogusz, renanbr) * bug #30993 [FrameworkBundle] Fix for Controller DEPRECATED when using composer --optimized (aweelex) * bug #31076 [HttpKernel] Fixed LoggerDataCollector crashing on empty file (althaus) * bug #31071 property normalizer should also pass format and context to isAllowedAttribute (dbu) * bug #31059 Show more accurate message in profiler when missing stopwatch (linaori) * bug #31026 [Serializer] Add default object class resolver (jdecool) * bug #31031 [Serializer] MetadataAwareNameConverter: Do not assume that property names are strings (soyuka) * bug #31043 [VarExporter] support PHP7.4 __serialize & __unserialize (nicolas-grekas) * bug #30423 [Security] Rework firewall's access denied rule (dimabory) * bug #31020 [VarExporter] fix exporting classes with private constructors (nicolas-grekas) * bug #31012 [Process] Fix missing $extraDirs when open_basedir returns (arsonik) * bug #30852 [Console] fix buildTableRows when Colspan is use with content too long (Raulnet) * bug #30950 [Serializer] Also validate callbacks when given in the normalizer context (dbu) * bug #30907 [Serializer] Respect ignored attributes in cache key of normalizer (dbu) * bug #30085 Fix TestRunner compatibility to PhpUnit 8 (alexander-schranz) * bug #30999 Fix dark themed componnents (ro0NL) * bug #30977 [serializer] prevent mixup in normalizer of the object to populate (dbu) * bug #30976 [Debug] Fixed error handling when an error is already handled when another error is already handled (5) (lyrixx) * bug #30979 Fix the configurability of CoreExtension deps in standalone usage (stof) * bug #30918 [Cache] fix using ProxyAdapter inside TagAwareAdapter (dmaicher) * bug #30961 [Form] fix translating file validation error message (xabbuh) * bug #30951 Handle case where no translations were found (greg0ire) * bug #29800 [Validator] Only traverse arrays that are cascaded into (corphi) * bug #30921 [Translator] Warm up the translations cache in dev (tgalopin) * bug #30922 [TwigBridge] fix horizontal spacing of inlined Bootstrap forms (xabbuh) * bug #30860 [Profiler] Fix dark theme elements color (dFayet) * bug #30895 [Form] turn failed file uploads into form errors (xabbuh) * bug #30919 [Translator] Fix wrong dump for PO files (deguif) * bug #30889 [DependencyInjection] Fix a wrong error when using a factory (Simperfit) * bug #30911 [Console] Fix table trailing backslash (maidmaid) * bug #30903 [Messenger] Uses the `SerializerStamp` when deserializing the envelope (sroze) * bug #30879 [Form] Php doc fixes and cs + optimizations (Jules Pietri) * bug #30883 [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() (Simperfit) * bug #30878 [Console] Fix inconsistent result for choice questions in non-interactive mode (chalasr) * bug #30825 [Routing] Fix: annotation loader ignores method's default values (voronkovich)

**Version 3.4.26** (2019-04-17) * bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (vermeirentony) * bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (chalasr) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) ---- **Version 3.4.25** (2019-04-16) * bug #29944 [DI] Overriding services autowired by name under _defaults bind not working (przemyslaw-bogusz, renanbr) * bug #31076 [HttpKernel] Fixed LoggerDataCollector crashing on empty file (althaus) * bug #31071 property normalizer should also pass format and context to isAllowedAttribute (dbu) * bug #31059 Show more accurate message in profiler when missing stopwatch (linaori) * bug #30423 [Security] Rework firewall's access denied rule (dimabory) * bug #31012 [Process] Fix missing $extraDirs when open_basedir returns (arsonik) * bug #30907 [Serializer] Respect ignored attributes in cache key of normalizer (dbu) * bug #30085 Fix TestRunner compatibility to PhpUnit 8 (alexander-schranz) * bug #30977 [serializer] prevent mixup in normalizer of the object to populate (dbu) * bug #30976 [Debug] Fixed error handling when an error is already handled when another error is already handled (5) (lyrixx) * bug #30979 Fix the configurability of CoreExtension deps in standalone usage (stof) * bug #30918 [Cache] fix using ProxyAdapter inside TagAwareAdapter (dmaicher) * bug #30961 [Form] fix translating file validation error message (xabbuh) * bug #30951 Handle case where no translations were found (greg0ire) * bug #29800 [Validator] Only traverse arrays that are cascaded into (corphi) * bug #30921 [Translator] Warm up the translations cache in dev (tgalopin) * bug #30922 [TwigBridge] fix horizontal spacing of inlined Bootstrap forms (xabbuh) * bug #30895 [Form] turn failed file uploads into form errors (xabbuh) * bug #30919 [Translator] Fix wrong dump for PO files (deguif) * bug #30889 [DependencyInjection] Fix a wrong error when using a factory (Simperfit) * bug #30879 [Form] Php doc fixes and cs + optimizations (Jules Pietri) * bug #30883 [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() (Simperfit) * bug #30878 [Console] Fix inconsistent result for choice questions in non-interactive mode (chalasr)

**Version 3.4.26** (2019-04-17) * bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (vermeirentony) * bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (chalasr) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) ---- **Version 3.4.25** (2019-04-16) * bug #29944 [DI] Overriding services autowired by name under _defaults bind not working (przemyslaw-bogusz, renanbr) * bug #31076 [HttpKernel] Fixed LoggerDataCollector crashing on empty file (althaus) * bug #31071 property normalizer should also pass format and context to isAllowedAttribute (dbu) * bug #31059 Show more accurate message in profiler when missing stopwatch (linaori) * bug #30423 [Security] Rework firewall's access denied rule (dimabory) * bug #31012 [Process] Fix missing $extraDirs when open_basedir returns (arsonik) * bug #30907 [Serializer] Respect ignored attributes in cache key of normalizer (dbu) * bug #30085 Fix TestRunner compatibility to PhpUnit 8 (alexander-schranz) * bug #30977 [serializer] prevent mixup in normalizer of the object to populate (dbu) * bug #30976 [Debug] Fixed error handling when an error is already handled when another error is already handled (5) (lyrixx) * bug #30979 Fix the configurability of CoreExtension deps in standalone usage (stof) * bug #30918 [Cache] fix using ProxyAdapter inside TagAwareAdapter (dmaicher) * bug #30961 [Form] fix translating file validation error message (xabbuh) * bug #30951 Handle case where no translations were found (greg0ire) * bug #29800 [Validator] Only traverse arrays that are cascaded into (corphi) * bug #30921 [Translator] Warm up the translations cache in dev (tgalopin) * bug #30922 [TwigBridge] fix horizontal spacing of inlined Bootstrap forms (xabbuh) * bug #30895 [Form] turn failed file uploads into form errors (xabbuh) * bug #30919 [Translator] Fix wrong dump for PO files (deguif) * bug #30889 [DependencyInjection] Fix a wrong error when using a factory (Simperfit) * bug #30879 [Form] Php doc fixes and cs + optimizations (Jules Pietri) * bug #30883 [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() (Simperfit) * bug #30878 [Console] Fix inconsistent result for choice questions in non-interactive mode (chalasr)

**Version 3.4.26** (2019-04-17) * bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (vermeirentony) * bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (chalasr) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) ---- **Version 3.4.25** (2019-04-16) * bug #29944 [DI] Overriding services autowired by name under _defaults bind not working (przemyslaw-bogusz, renanbr) * bug #31076 [HttpKernel] Fixed LoggerDataCollector crashing on empty file (althaus) * bug #31071 property normalizer should also pass format and context to isAllowedAttribute (dbu) * bug #31059 Show more accurate message in profiler when missing stopwatch (linaori) * bug #30423 [Security] Rework firewall's access denied rule (dimabory) * bug #31012 [Process] Fix missing $extraDirs when open_basedir returns (arsonik) * bug #30907 [Serializer] Respect ignored attributes in cache key of normalizer (dbu) * bug #30085 Fix TestRunner compatibility to PhpUnit 8 (alexander-schranz) * bug #30977 [serializer] prevent mixup in normalizer of the object to populate (dbu) * bug #30976 [Debug] Fixed error handling when an error is already handled when another error is already handled (5) (lyrixx) * bug #30979 Fix the configurability of CoreExtension deps in standalone usage (stof) * bug #30918 [Cache] fix using ProxyAdapter inside TagAwareAdapter (dmaicher) * bug #30961 [Form] fix translating file validation error message (xabbuh) * bug #30951 Handle case where no translations were found (greg0ire) * bug #29800 [Validator] Only traverse arrays that are cascaded into (corphi) * bug #30921 [Translator] Warm up the translations cache in dev (tgalopin) * bug #30922 [TwigBridge] fix horizontal spacing of inlined Bootstrap forms (xabbuh) * bug #30895 [Form] turn failed file uploads into form errors (xabbuh) * bug #30919 [Translator] Fix wrong dump for PO files (deguif) * bug #30889 [DependencyInjection] Fix a wrong error when using a factory (Simperfit) * bug #30879 [Form] Php doc fixes and cs + optimizations (Jules Pietri) * bug #30883 [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() (Simperfit) * bug #30878 [Console] Fix inconsistent result for choice questions in non-interactive mode (chalasr)

**Version 2.8.50** (2019-04-17) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas)

**Version 2.8.50** (2019-04-17) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas)

**Version 2.8.50** (2019-04-17) * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas)

- Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst

- Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst

- Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst

ntfs-3g update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

A hardening measure was added to NTFS-3G.

Software Description

• ntfs-3g - read/write NTFS driver for FUSE

Details

USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary.

Original advisory details:

A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

ntfs-3g - 1:2017.3.23-2ubuntu0.18.10.2

Ubuntu 18.04 LTS

ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.2

Ubuntu 16.04 LTS

ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3914-1
• LP: 1821250

Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878

Security fix for CVE-2019-11026.

Security fix for CVE-2019-9903 and CVE-2019-11026.

Security fix for CVE-2019-9903 and CVE-2019-11026.

Fix an assert when configuration reload fails.