Ubuntu Security Advisories

znc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10

Summary

ZNC could be made to crash or run programs if it received specially crafted network traffic.

Software Description

• znc - advanced modular IRC bouncer

Details

It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

znc - 1.7.1-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-9917

ntfs-3g update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

A hardening measure was added to NTFS-3G.

Software Description

• ntfs-3g - read/write NTFS driver for FUSE

Details

USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary.

Original advisory details:

A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

ntfs-3g - 1:2017.3.23-2ubuntu0.18.10.2

Ubuntu 18.04 LTS

ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.2

Ubuntu 16.04 LTS

ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3914-1
• LP: 1821250

firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

USN-3918-1 caused a regression in Firefox.

Software Description

• firefox - Mozilla Open Source web browser

Details

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809)

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)

It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle (MITM) attacks. (CVE-2019-9803)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

firefox - 66.0.3+build1-0ubuntu0.18.10.1

Ubuntu 18.04 LTS

firefox - 66.0.3+build1-0ubuntu0.18.04.1

Ubuntu 16.04 LTS

firefox - 66.0.3+build1-0ubuntu0.16.04.1

Ubuntu 14.04 LTS

firefox - 66.0.3+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

• USN-3918-1
• LP: 1825051

openjdk-lts vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS

Summary

Java applets or applications could be made to expose sensitive information.

Software Description

• openjdk-lts - Open Source Java implementation

Details

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)

Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

openjdk-11-jdk - 11.0.2+9-3ubuntu1~18.04.3

openjdk-11-jre - 11.0.2+9-3ubuntu1~18.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References

• CVE-2019-2422

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software Description

• webkit2gtk - Web content engine library for GTK+

Details

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

libjavascriptcoregtk-4.0-18 - 2.24.1-0ubuntu0.18.10.2

libwebkit2gtk-4.0-37 - 2.24.1-0ubuntu0.18.10.2

Ubuntu 18.04 LTS

libjavascriptcoregtk-4.0-18 - 2.24.1-0ubuntu0.18.04.1

libwebkit2gtk-4.0-37 - 2.24.1-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References

• CVE-2019-11070
• CVE-2019-6251
• CVE-2019-8375
• CVE-2019-8506
• CVE-2019-8518
• CVE-2019-8523
• CVE-2019-8524
• CVE-2019-8535
• CVE-2019-8536
• CVE-2019-8544
• CVE-2019-8551
• CVE-2019-8558
• CVE-2019-8559
• CVE-2019-8563

libxslt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Summary

Libxslt could be made to expose sensitive information if it received a specially crafted file.

Software Description

• libxslt - XSLT processing library

Details

USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

libxslt1.1 - 1.1.26-8ubuntu1.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3947-1
• CVE-2019-11068

libxslt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Libxslt could be made to expose sensitive information if it received a specially crafted file.

Software Description

• libxslt - XSLT processing library

Details

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

libxslt1.1 - 1.1.32-2ubuntu0.1

Ubuntu 18.04 LTS

libxslt1.1 - 1.1.29-5ubuntu0.1

Ubuntu 16.04 LTS

libxslt1.1 - 1.1.28-2.1ubuntu0.2

Ubuntu 14.04 LTS

libxslt1.1 - 1.1.28-2ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-11068

rssh vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

rssh could be made to run arbitrary commands if it received specially crafted input.

Software Description

• rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist

Details

It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh’s command restrictions, allowing an attacker to run arbitrary commands.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

rssh - 2.3.4-8ubuntu0.2

Ubuntu 18.04 LTS

rssh - 2.3.4-7ubuntu0.1

Ubuntu 16.04 LTS

rssh - 2.3.4-4+deb8u2ubuntu0.16.04.2

Ubuntu 14.04 LTS

rssh - 2.3.4-4+deb8u2ubuntu0.14.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-1000018
• CVE-2019-3463
• CVE-2019-3464

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Ruby.

Software Description

• ruby2.5 - Interpreter of object-oriented scripting language Ruby
• ruby2.3 - Object-oriented scripting language
• ruby1.9.1 - Object-oriented scripting language
• ruby2.0 - Object-oriented scripting language

Details

It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320)

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

libruby2.5 - 2.5.1-5ubuntu4.3

ruby2.5 - 2.5.1-5ubuntu4.3

Ubuntu 18.04 LTS

libruby2.5 - 2.5.1-1ubuntu1.2

ruby2.5 - 2.5.1-1ubuntu1.2

Ubuntu 16.04 LTS

libruby2.3 - 2.3.1-2~16.04.12

ruby2.3 - 2.3.1-2~16.04.12

Ubuntu 14.04 LTS

libruby1.9.1 - 1.9.3.484-2ubuntu1.14

libruby2.0 - 2.0.0.484-1ubuntu2.13

ruby1.9.1 - 1.9.3.484-2ubuntu1.14

ruby1.9.3 - 1.9.3.484-2ubuntu1.14

ruby2.0 - 2.0.0.484-1ubuntu2.13

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-8320
• CVE-2019-8321
• CVE-2019-8322
• CVE-2019-8323
• CVE-2019-8324
• CVE-2019-8325

wpa vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in wpa_supplicant and hostapd.

Software Description

• wpa - client support for WPA and WPA2

Details

It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495)

Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499)

It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn’t available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

hostapd - 2:2.6-18ubuntu1.1

wpasupplicant - 2:2.6-18ubuntu1.1

Ubuntu 18.04 LTS

hostapd - 2:2.6-15ubuntu2.2

wpasupplicant - 2:2.6-15ubuntu2.2

Ubuntu 16.04 LTS

hostapd - 2.4-0ubuntu6.4

wpasupplicant - 2.4-0ubuntu6.4

Ubuntu 14.04 LTS

hostapd - 2.1-0ubuntu1.7

wpasupplicant - 2.1-0ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2016-10743
• CVE-2019-9495
• CVE-2019-9497
• CVE-2019-9498
• CVE-2019-9499

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Summary

Several security issues were fixed in Apache.

Software Description

• apache2 - Apache HTTP server

Details

USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217)

Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710)

Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301)

Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

apache2.2-bin - 2.2.22-1ubuntu1.15

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3937-1
• CVE-2017-15710
• CVE-2018-1301
• CVE-2018-1312
• CVE-2019-0217

wget vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Summary

Several security issues were fixed in Wget.

Software Description

• wget - retrieves files from the web

Details

USN-3943-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

wget - 1.13.4-2ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3943-1
• CVE-2019-5953

openjdk-7 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 LTS

Summary

Java applets or applications could be made to expose sensitive information.

Software Description

• openjdk-7 - Open Source Java implementation

Details

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS

icedtea-7-jre-jamvm - 7u211-2.6.17-0ubuntu0.1

openjdk-7-jdk - 7u211-2.6.17-0ubuntu0.1

openjdk-7-jre - 7u211-2.6.17-0ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References

• CVE-2019-2422

wget vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Wget.

Software Description

• wget - retrieves files from the web

Details

It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483)

Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

wget - 1.19.5-1ubuntu1.1

Ubuntu 18.04 LTS

wget - 1.19.4-1ubuntu2.2

Ubuntu 16.04 LTS

wget - 1.17.1-1ubuntu1.5

Ubuntu 14.04 LTS

wget - 1.15-1ubuntu1.14.04.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2018-20483
• CVE-2019-5953

systemd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

The systemd PAM module could be used to gain additional PolicyKit privileges.

Software Description

• systemd - system and service manager

Details

Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

libpam-systemd - 239-7ubuntu10.12

Ubuntu 18.04 LTS

libpam-systemd - 237-3ubuntu10.19

Ubuntu 16.04 LTS

libpam-systemd - 229-4ubuntu21.21

Ubuntu 14.04 LTS

libpam-systemd - 204-5ubuntu20.31

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-3842

lua5.3 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Lua could be made to crash if it received a specially crafted script.

Software Description

• lua5.3 - Simple, extensible, embeddable programming language

Details

Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

lua5.3 - 5.3.3-1ubuntu0.18.10.1

Ubuntu 18.04 LTS

lua5.3 - 5.3.3-1ubuntu0.18.04.1

Ubuntu 16.04 LTS

lua5.3 - 5.3.1-1ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-6706

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Summary

Several security issues were fixed in ClamAV.

Software Description

• clamav - Anti-virus utility for Unix

Details

USN-3940-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787)

It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788)

It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

clamav - 0.100.3+dfsg-1ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

• USN-3940-1
• CVE-2019-1787
• CVE-2019-1788
• CVE-2019-1789

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Summary

Samba could be made to create files in unexpected locations.

Software Description

• samba - SMB/CIFS file, print, and login server for Unix

Details

USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

libsmbclient - 2:3.6.25-0ubuntu0.12.04.17

samba - 2:3.6.25-0ubuntu0.12.04.17

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3939-1
• CVE-2019-3880

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in ClamAV.

Software Description

• clamav - Anti-virus utility for Unix

Details

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787)

It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788)

It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

clamav - 0.100.3+dfsg-0ubuntu0.18.10.1

Ubuntu 18.04 LTS

clamav - 0.100.3+dfsg-0ubuntu0.18.04.1

Ubuntu 16.04 LTS

clamav - 0.100.3+dfsg-0ubuntu0.16.04.1

Ubuntu 14.04 LTS

clamav - 0.100.3+dfsg-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

• CVE-2019-1787
• CVE-2019-1788
• CVE-2019-1789

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Samba could be made to create files in unexpected locations.

Software Description

• samba - SMB/CIFS file, print, and login server for Unix

Details

Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

libsmbclient - 2:4.8.4+dfsg-2ubuntu2.3

samba - 2:4.8.4+dfsg-2ubuntu2.3

Ubuntu 18.04 LTS

libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9

samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9

Ubuntu 16.04 LTS

libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.19

samba - 2:4.3.11+dfsg-0ubuntu0.16.04.19

Ubuntu 14.04 LTS

libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20

samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-3880