Ubuntu Security Advisories

USN-3950-1: ZNC vulnerability

2 days 4 hours ago
znc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
Summary

ZNC could be made to crash or run programs if it received specially crafted network traffic.

Software Description
  • znc - advanced modular IRC bouncer
Details

It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
znc - 1.7.1-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3914-2: NTFS-3G update

3 days 4 hours ago
ntfs-3g update

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

A hardening measure was added to NTFS-3G.

Software Description
  • ntfs-3g - read/write NTFS driver for FUSE
Details

USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary.

Original advisory details:

A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
ntfs-3g - 1:2017.3.23-2ubuntu0.18.10.2
Ubuntu 18.04 LTS
ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.2
Ubuntu 16.04 LTS
ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3918-4: Firefox regressions

4 days ago
firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

USN-3918-1 caused a regression in Firefox.

Software Description
  • firefox - Mozilla Open Source web browser
Details

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809)

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)

It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle (MITM) attacks. (CVE-2019-9803)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
firefox - 66.0.3+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 66.0.3+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 66.0.3+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS
firefox - 66.0.3+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-3949-1: OpenJDK 11 vulnerability

4 days 4 hours ago
openjdk-lts vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Java applets or applications could be made to expose sensitive information.

Software Description
  • openjdk-lts - Open Source Java implementation
Details

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)

Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
openjdk-11-jdk - 11.0.2+9-3ubuntu1~18.04.3
openjdk-11-jre - 11.0.2+9-3ubuntu1~18.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References

USN-3948-1: WebKitGTK+ vulnerabilities

4 days 8 hours ago
webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in WebKitGTK+.

Software Description
  • webkit2gtk - Web content engine library for GTK+
Details

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libjavascriptcoregtk-4.0-18 - 2.24.1-0ubuntu0.18.10.2
libwebkit2gtk-4.0-37 - 2.24.1-0ubuntu0.18.10.2
Ubuntu 18.04 LTS
libjavascriptcoregtk-4.0-18 - 2.24.1-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 - 2.24.1-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References

USN-3947-2: Libxslt vulnerability

5 days 3 hours ago
libxslt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Libxslt could be made to expose sensitive information if it received a specially crafted file.

Software Description
  • libxslt - XSLT processing library
Details

USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
libxslt1.1 - 1.1.26-8ubuntu1.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3947-1: Libxslt vulnerability

5 days 4 hours ago
libxslt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Libxslt could be made to expose sensitive information if it received a specially crafted file.

Software Description
  • libxslt - XSLT processing library
Details

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libxslt1.1 - 1.1.32-2ubuntu0.1
Ubuntu 18.04 LTS
libxslt1.1 - 1.1.29-5ubuntu0.1
Ubuntu 16.04 LTS
libxslt1.1 - 1.1.28-2.1ubuntu0.2
Ubuntu 14.04 LTS
libxslt1.1 - 1.1.28-2ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3946-1: rssh vulnerabilities

1 week 2 days ago
rssh vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

rssh could be made to run arbitrary commands if it received specially crafted input.

Software Description
  • rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
Details

It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh’s command restrictions, allowing an attacker to run arbitrary commands.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
rssh - 2.3.4-8ubuntu0.2
Ubuntu 18.04 LTS
rssh - 2.3.4-7ubuntu0.1
Ubuntu 16.04 LTS
rssh - 2.3.4-4+deb8u2ubuntu0.16.04.2
Ubuntu 14.04 LTS
rssh - 2.3.4-4+deb8u2ubuntu0.14.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3945-1: Ruby vulnerabilities

1 week 2 days ago
ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in Ruby.

Software Description
  • ruby2.5 - Interpreter of object-oriented scripting language Ruby
  • ruby2.3 - Object-oriented scripting language
  • ruby1.9.1 - Object-oriented scripting language
  • ruby2.0 - Object-oriented scripting language
Details

It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320)

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libruby2.5 - 2.5.1-5ubuntu4.3
ruby2.5 - 2.5.1-5ubuntu4.3
Ubuntu 18.04 LTS
libruby2.5 - 2.5.1-1ubuntu1.2
ruby2.5 - 2.5.1-1ubuntu1.2
Ubuntu 16.04 LTS
libruby2.3 - 2.3.1-2~16.04.12
ruby2.3 - 2.3.1-2~16.04.12
Ubuntu 14.04 LTS
libruby1.9.1 - 1.9.3.484-2ubuntu1.14
libruby2.0 - 2.0.0.484-1ubuntu2.13
ruby1.9.1 - 1.9.3.484-2ubuntu1.14
ruby1.9.3 - 1.9.3.484-2ubuntu1.14
ruby2.0 - 2.0.0.484-1ubuntu2.13

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

1 week 3 days ago
wpa vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in wpa_supplicant and hostapd.

Software Description
  • wpa - client support for WPA and WPA2
Details

It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495)

Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499)

It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn’t available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
hostapd - 2:2.6-18ubuntu1.1
wpasupplicant - 2:2.6-18ubuntu1.1
Ubuntu 18.04 LTS
hostapd - 2:2.6-15ubuntu2.2
wpasupplicant - 2:2.6-15ubuntu2.2
Ubuntu 16.04 LTS
hostapd - 2.4-0ubuntu6.4
wpasupplicant - 2.4-0ubuntu6.4
Ubuntu 14.04 LTS
hostapd - 2.1-0ubuntu1.7
wpasupplicant - 2.1-0ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

USN-3937-2: Apache vulnerabilities

1 week 3 days ago
apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in Apache.

Software Description
  • apache2 - Apache HTTP server
Details

USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217)

Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710)

Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301)

Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
apache2.2-bin - 2.2.22-1ubuntu1.15

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3943-2: Wget vulnerability

1 week 4 days ago
wget vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in Wget.

Software Description
  • wget - retrieves files from the web
Details

USN-3943-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
wget - 1.13.4-2ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3942-1: OpenJDK 7 vulnerability

1 week 4 days ago
openjdk-7 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Java applets or applications could be made to expose sensitive information.

Software Description
  • openjdk-7 - Open Source Java implementation
Details

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
icedtea-7-jre-jamvm - 7u211-2.6.17-0ubuntu0.1
openjdk-7-jdk - 7u211-2.6.17-0ubuntu0.1
openjdk-7-jre - 7u211-2.6.17-0ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References

USN-3943-1: Wget vulnerabilities

1 week 4 days ago
wget vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in Wget.

Software Description
  • wget - retrieves files from the web
Details

It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483)

Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
wget - 1.19.5-1ubuntu1.1
Ubuntu 18.04 LTS
wget - 1.19.4-1ubuntu2.2
Ubuntu 16.04 LTS
wget - 1.17.1-1ubuntu1.5
Ubuntu 14.04 LTS
wget - 1.15-1ubuntu1.14.04.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3938-1: systemd vulnerability

1 week 5 days ago
systemd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

The systemd PAM module could be used to gain additional PolicyKit privileges.

Software Description
  • systemd - system and service manager
Details

Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libpam-systemd - 239-7ubuntu10.12
Ubuntu 18.04 LTS
libpam-systemd - 237-3ubuntu10.19
Ubuntu 16.04 LTS
libpam-systemd - 229-4ubuntu21.21
Ubuntu 14.04 LTS
libpam-systemd - 204-5ubuntu20.31

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3941-1: Lua vulnerability

1 week 5 days ago
lua5.3 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Lua could be made to crash if it received a specially crafted script.

Software Description
  • lua5.3 - Simple, extensible, embeddable programming language
Details

Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
lua5.3 - 5.3.3-1ubuntu0.18.10.1
Ubuntu 18.04 LTS
lua5.3 - 5.3.3-1ubuntu0.18.04.1
Ubuntu 16.04 LTS
lua5.3 - 5.3.1-1ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3940-2: ClamAV vulnerabilities

1 week 5 days ago
clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in ClamAV.

Software Description
  • clamav - Anti-virus utility for Unix
Details

USN-3940-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787)

It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788)

It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
clamav - 0.100.3+dfsg-1ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

USN-3939-2: Samba vulnerability

1 week 5 days ago
samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Samba could be made to create files in unexpected locations.

Software Description
  • samba - SMB/CIFS file, print, and login server for Unix
Details

USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
libsmbclient - 2:3.6.25-0ubuntu0.12.04.17
samba - 2:3.6.25-0ubuntu0.12.04.17

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-3940-1: ClamAV vulnerabilities

1 week 5 days ago
clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in ClamAV.

Software Description
  • clamav - Anti-virus utility for Unix
Details

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787)

It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788)

It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
clamav - 0.100.3+dfsg-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
clamav - 0.100.3+dfsg-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
clamav - 0.100.3+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS
clamav - 0.100.3+dfsg-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

USN-3939-1: Samba vulnerability

1 week 5 days ago
samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Samba could be made to create files in unexpected locations.

Software Description
  • samba - SMB/CIFS file, print, and login server for Unix
Details

Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libsmbclient - 2:4.8.4+dfsg-2ubuntu2.3
samba - 2:4.8.4+dfsg-2ubuntu2.3
Ubuntu 18.04 LTS
libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9
samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9
Ubuntu 16.04 LTS
libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.19
samba - 2:4.3.11+dfsg-0ubuntu0.16.04.19
Ubuntu 14.04 LTS
libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20
samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
Checked
1 hour 32 minutes ago