Ubuntu Security Advisories

USN-4156-2: SDL vulnerabilities

4 hours 48 minutes ago
libsdl1.2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in SDL.

Software Description
  • libsdl1.2 - Simple DirectMedia Layer debug files
Details

USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libsdl1.2debian - 1.2.15-8ubuntu1.1+esm1
Ubuntu 12.04 ESM
libsdl1.2debian - 1.2.14-6.4ubuntu3.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4156-1: SDL vulnerabilities

1 day 2 hours ago
libsdl1.2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in SDL.

Software Description
  • libsdl1.2 - Simple DirectMedia Layer
Details

It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libsdl1.2debian - 1.2.15+dfsg2-0.1ubuntu0.1
Ubuntu 16.04 LTS
libsdl1.2debian - 1.2.15+dfsg1-3ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4155-1: Aspell vulnerability

1 day 4 hours ago
aspell vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Aspell could be made to expose sensitive information if it received a specially crafted input.

Software Description
  • aspell - GNU Aspell spell-checker
Details

It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
aspell - 0.60.7~20110707-6ubuntu0.1
libaspell15 - 0.60.7~20110707-6ubuntu0.1
Ubuntu 18.04 LTS
aspell - 0.60.7~20110707-4ubuntu0.1
libaspell15 - 0.60.7~20110707-4ubuntu0.1
Ubuntu 16.04 LTS
aspell - 0.60.7~20110707-3ubuntu0.1
libaspell15 - 0.60.7~20110707-3ubuntu0.1
Ubuntu 14.04 ESM
aspell - 0.60.7~20110707-1ubuntu1+esm1
libaspell15 - 0.60.7~20110707-1ubuntu1+esm1
Ubuntu 12.04 ESM
aspell - 0.60.7~20110707-1ubuntu0.1
libaspell15 - 0.60.7~20110707-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4154-1: Sudo vulnerability

2 days 4 hours ago
sudo vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Sudo could be made to run commands as root if it called with a specially crafted user ID.

Software Description
  • sudo - Provide limited super user privileges to specific users
Details

Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
sudo - 1.8.27-1ubuntu1.1
sudo-ldap - 1.8.27-1ubuntu1.1
Ubuntu 18.04 LTS
sudo - 1.8.21p2-3ubuntu1.1
sudo-ldap - 1.8.21p2-3ubuntu1.1
Ubuntu 16.04 LTS
sudo - 1.8.16-0ubuntu1.8
sudo-ldap - 1.8.16-0ubuntu1.8
Ubuntu 14.04 ESM
sudo - 1.8.9p5-1ubuntu1.5+esm2
sudo-ldap - 1.8.9p5-1ubuntu1.5+esm2
Ubuntu 12.04 ESM
sudo - 1.8.3p1-1ubuntu3.8
sudo-ldap - 1.8.3p1-1ubuntu3.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4151-2: Python vulnerabilities

6 days 6 hours ago
python2.7, python3.4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in Python.

Software Description
  • python2.7 - An interactive high-level object-oriented language
  • python3.4 - An interactive high-level object-oriented language
Details

USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056)

It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
python2.7 - 2.7.6-8ubuntu0.6+esm3
python2.7-minimal - 2.7.6-8ubuntu0.6+esm3
python3.4 - 3.4.3-1ubuntu1~14.04.7+esm4
python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm4
Ubuntu 12.04 ESM
python2.7 - 2.7.3-0ubuntu3.15
python2.7-minimal - 2.7.3-0ubuntu3.15

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4153-1: Octavia vulnerability

6 days 7 hours ago
octavia vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
Summary

Octavia could allow unintended access to network services.

Software Description
  • octavia - OpenStack Load Balancer Service
Details

Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
amphora-agent - 4.0.0-0ubuntu1.2
octavia-common - 4.0.0-0ubuntu1.2
python3-octavia - 4.0.0-0ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4152-1: libsoup vulnerability

1 week ago
libsoup2.4 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
Summary

libsoup could be made to crash if it received specially crafted network traffic.

Software Description
  • libsoup2.4 - HTTP client/server library for GNOME
Details

It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libsoup2.4-1 - 2.66.1-1ubuntu0.1
Ubuntu 18.04 LTS
libsoup2.4-1 - 2.62.1-1ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4151-1: Python vulnerabilities

1 week ago
python2.7, python3.5, python3.6, python3.7 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Python.

Software Description
  • python2.7 - An interactive high-level object-oriented language
  • python3.7 - An interactive high-level object-oriented language
  • python3.6 - An interactive high-level object-oriented language
  • python3.5 - An interactive high-level object-oriented language
Details

It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056)

It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
python2.7 - 2.7.16-2ubuntu0.2
python2.7-minimal - 2.7.16-2ubuntu0.2
python3.7 - 3.7.3-2ubuntu0.2
python3.7-minimal - 3.7.3-2ubuntu0.2
Ubuntu 18.04 LTS
python2.7 - 2.7.15-4ubuntu4~18.04.2
python2.7-minimal - 2.7.15-4ubuntu4~18.04.2
python3.6 - 3.6.8-1~18.04.3
python3.6-minimal - 3.6.8-1~18.04.3
Ubuntu 16.04 LTS
python2.7 - 2.7.12-1ubuntu0~16.04.9
python2.7-minimal - 2.7.12-1ubuntu0~16.04.9
python3.5 - 3.5.2-2ubuntu0~16.04.9
python3.5-minimal - 3.5.2-2ubuntu0~16.04.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4150-1: Thunderbird vulnerabilities

1 week ago
thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Thunderbird.

Software Description
  • thunderbird - Mozilla Open Source mail and newsgroup client
Details

It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to obtain sensitive information, conduct cross-site scripting (XSS) attack, scause a denial of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
thunderbird - 1:60.9.0+build1-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
thunderbird - 1:60.9.0+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
thunderbird - 1:60.9.0+build1-0ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

USN-4122-2: Firefox regression

1 week ago
firefox regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

USN-4122-1 caused a regression in Firefox.

Software Description
  • firefox - Mozilla Open Source web browser
Details

USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)

It was discovered that a compromised content process could log in to a malicious Firefox Sync account. An attacker could potentially exploit this, in combination with another vulnerability, to disable the sandbox. (CVE-2019-9812)

It was discovered that addons.mozilla.org and accounts.firefox.com could be loaded in to the same content process. An attacker could potentially exploit this, in combination with another vulnerability that allowed a cross-site scripting (XSS) attack, to modify browser settings. (CVE-2019-11741)

It was discovered that the "Forget about this site" feature in the history pane removes HTTP Strict Transport Security (HSTS) settings for sites on the pre-load list. An attacker could potentially exploit this to bypass the protections offered by HSTS. (CVE-2019-11747)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
firefox - 69.0.2+build1-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
firefox - 69.0.2+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 69.0.2+build1-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-4149-1: Unbound vulnerability

1 week 1 day ago
unbound vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
Summary

Unbound could be made to crash if it received a specially crafted NOTIFY query.

Software Description
  • unbound - validating, recursive, caching DNS resolver
Details

It was discovered that Unbound incorrectly handled certain NOTIFY queries. An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libunbound8 - 1.9.0-2ubuntu0.1
unbound - 1.9.0-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4148-1: OpenEXR vulnerabilities

1 week 2 days ago
openexr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in OpenEXR.

Software Description
  • openexr - command-line tools for the OpenEXR image format
Details

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596)

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-9110, CVE-2017-9112, CVE-2017-9116)

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)

Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2018-18444)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libopenexr23 - 2.2.1-4.1ubuntu0.1
openexr - 2.2.1-4.1ubuntu0.1
Ubuntu 18.04 LTS
libopenexr22 - 2.2.0-11.1ubuntu1.1
openexr - 2.2.0-11.1ubuntu1.1
Ubuntu 16.04 LTS
libopenexr22 - 2.2.0-10ubuntu2.1
openexr - 2.2.0-10ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4147-1: Linux kernel vulnerabilities

1 week 5 days ago
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
  • linux-gke-5.0 - Linux kernel for Google Container Engine (GKE) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
Details

It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)

It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)

It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)

Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117)

Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118)

It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220)

Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538)

It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925)

It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506)

It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217)

It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)

It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
linux-image-5.0.0-1018-aws - 5.0.0-1018.20
linux-image-5.0.0-1019-kvm - 5.0.0-1019.20
linux-image-5.0.0-1019-raspi2 - 5.0.0-1019.19
linux-image-5.0.0-1020-gcp - 5.0.0-1020.20
linux-image-5.0.0-1022-azure - 5.0.0-1022.23
linux-image-5.0.0-1023-snapdragon - 5.0.0-1023.24
linux-image-5.0.0-31-generic - 5.0.0-31.33
linux-image-5.0.0-31-generic-lpae - 5.0.0-31.33
linux-image-5.0.0-31-lowlatency - 5.0.0-31.33
linux-image-aws - 5.0.0.1018.19
linux-image-azure - 5.0.0.1022.21
linux-image-gcp - 5.0.0.1020.46
linux-image-generic - 5.0.0.31.32
linux-image-generic-lpae - 5.0.0.31.32
linux-image-gke - 5.0.0.1020.46
linux-image-kvm - 5.0.0.1019.19
linux-image-lowlatency - 5.0.0.31.32
linux-image-raspi2 - 5.0.0.1019.16
linux-image-snapdragon - 5.0.0.1023.16
linux-image-virtual - 5.0.0.31.32
Ubuntu 18.04 LTS
linux-image-5.0.0-1020-gke - 5.0.0-1020.20~18.04.1
linux-image-5.0.0-31-generic - 5.0.0-31.33~18.04.1
linux-image-5.0.0-31-generic-lpae - 5.0.0-31.33~18.04.1
linux-image-5.0.0-31-lowlatency - 5.0.0-31.33~18.04.1
linux-image-generic-hwe-18.04 - 5.0.0.31.88
linux-image-generic-lpae-hwe-18.04 - 5.0.0.31.88
linux-image-gke-5.0 - 5.0.0.1020.9
linux-image-lowlatency-hwe-18.04 - 5.0.0.31.88
linux-image-snapdragon-hwe-18.04 - 5.0.0.31.88
linux-image-virtual-hwe-18.04 - 5.0.0.31.88

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4146-2: ClamAV vulnerabilities

1 week 6 days ago
clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in ClamAV.

Software Description
  • clamav - Anti-virus utility for Unix
Details

USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625)

It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
clamav - 0.101.4+dfsg-0ubuntu0.14.04.1+esm1
Ubuntu 12.04 ESM
clamav - 0.101.4+dfsg-0ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References
Checked
8 minutes 25 seconds ago