[USN-5310-2] GNU C Library vulnerabilities
== Ubuntu Security Notice USN-5310-2 March 07, 2022 glibc vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in GNU C Library. Software Description: - glibc: GNU C Library Details: USN-5310-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3999) It was discovered that the GNU C Library sunrpc module incorrectly handled buffer lengths. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. (CVE-2022-23218, CVE-2022-23219) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libc6 2.23-0ubuntu11.3+esm1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5310-2 https://ubuntu.com/security/notices/USN-5310-1 CVE-2021-3999, CVE-2022-23218, CVE-2022-23219 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5332-2] Bind vulnerability
== Ubuntu Security Notice USN-5332-2 March 17, 2022 bind9 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Bind could be made to manipulate cache results. Software Description: - bind9: Internet Domain Name Server Details: USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: bind9 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 Ubuntu 14.04 ESM: bind9 1:9.9.5.dfsg-3ubuntu0.19+esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5332-2 https://ubuntu.com/security/notices/USN-5332-1 CVE-2021-25220 signature.asc Description: PGP signature
[USN-5328-2] OpenSSL vulnerability
== Ubuntu Security Notice USN-5328-2 March 15, 2022 openssl vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: OpenSSL could be made to stop responding if it opened a specially crafted certificate. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libssl1.0.0 1.0.2g-1ubuntu4.20+esm2 Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5328-2 https://ubuntu.com/security/notices/USN-5328-1 CVE-2022-0778 signature.asc Description: PGP signature
[USN-5320-1] Expat vulnerabilities and regression
== Ubuntu Security Notice USN-5320-1 March 10, 2022 expat vulnerabilities and regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues and a regression were fixed in Expat. Software Description: - expat: XML parsing C library Details: USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3 Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4 Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7 Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5 Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5320-1 CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, https://launchpad.net/bugs/1963903 Package Information: https://launchpad.net/ubuntu/+source/expat/2.4.1-2ubuntu0.3 https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.4 https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.7 signature.asc Description: PGP signature
[USN-5333-2] Apache HTTP Server vulnerabilities
== Ubuntu Security Notice USN-5333-2 March 17, 2022 apache2 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5333-2 https://ubuntu.com/security/notices/USN-5333-1 CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943 signature.asc Description: PGP signature
[USN-5301-2] Cyrus SASL vulnerability
== Ubuntu Security Notice USN-5301-2 February 22, 2022 cyrus-sasl2 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Cyrus SASL could run programs if it received specially crafted network traffic. Software Description: - cyrus-sasl2: Cyrus Simple Authentication and Security Layer Details: USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libsasl2-modules-sql2.1.26.dfsg1-14ubuntu0.2+esm1 Ubuntu 14.04 ESM: libsasl2-modules-sql2.1.25.dfsg1-17ubuntu0.1~esm2 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5301-2 https://ubuntu.com/security/notices/USN-5301-1 CVE-2022-24407 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5288-1] Expat vulnerabilities
== Ubuntu Security Notice USN-5288-1 February 21, 2022 expat vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Expat. Software Description: - expat: XML parsing C library Details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.1 Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.2 Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.4 Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm2 libexpat1 2.1.0-7ubuntu0.16.04.5+esm2 Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm4 libexpat1 2.1.0-4ubuntu1.4+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5288-1 CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236 Package Information: https://launchpad.net/ubuntu/+source/expat/2.4.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.2 https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.4 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5342-1] Python vulnerabilities
== Ubuntu Security Notice USN-5342-1 March 28, 2022 python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Python. Software Description: - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426) It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189) It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: python3.8 3.8.10-0ubuntu1~20.04.4 python3.8-minimal 3.8.10-0ubuntu1~20.04.4 Ubuntu 18.04 LTS: python2.7 2.7.17-1~18.04ubuntu1.7 python2.7-minimal 2.7.17-1~18.04ubuntu1.7 python3.6 3.6.9-1~18.04ubuntu1.7 python3.6-minimal 3.6.9-1~18.04ubuntu1.7 Ubuntu 16.04 ESM: python2.7 2.7.12-1ubuntu0~16.04.18+esm1 python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm1 python3.5 3.5.2-2ubuntu0~16.04.13+esm2 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm2 Ubuntu 14.04 ESM: python3.4 3.4.3-1ubuntu1~14.04.7+esm12 python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5342-1 CVE-2021-3426, CVE-2021-4189, CVE-2022-0391 Package Information: https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.4 https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.7 https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.7 signature.asc Description: PGP signature
[USN-5355-2] zlib vulnerability
== Ubuntu Security Notice USN-5355-2 March 30, 2022 zlib vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: zlib could be made to crash or run programs if it received specially crafted input. Software Description: - zlib: compression library - 32 bit runtime Details: USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: lib32z1 1:1.2.8.dfsg-2ubuntu4.3+esm1 lib64z1 1:1.2.8.dfsg-2ubuntu4.3+esm1 libx32z11:1.2.8.dfsg-2ubuntu4.3+esm1 zlib1g 1:1.2.8.dfsg-2ubuntu4.3+esm1 Ubuntu 14.04 ESM: lib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm1 lib64z1 1:1.2.8.dfsg-1ubuntu1.1+esm1 libx32z11:1.2.8.dfsg-1ubuntu1.1+esm1 zlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5355-2 https://ubuntu.com/security/notices/USN-5355-1 CVE-2018-25032 signature.asc Description: PGP signature
[USN-5364-1] Waitress vulnerability
== Ubuntu Security Notice USN-5364-1 April 05, 2022 waitress vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS Summary: waitress could be made to expose sensitive information if it received a specially crafted request. Software Description: - waitress: production-quality pure-Python WSGI server (documentation) Details: It was discovered that Waitress incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: python3-waitress1.4.4-1.1ubuntu0.1 Ubuntu 20.04 LTS: python3-waitress1.4.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5364-1 CVE-2022-24761 Package Information: https://launchpad.net/ubuntu/+source/waitress/1.4.4-1.1ubuntu0.1 https://launchpad.net/ubuntu/+source/waitress/1.4.1-1ubuntu0.1 signature.asc Description: PGP signature
[USN-5350-1] Chromium vulnerability
== Ubuntu Security Notice USN-5350-1 March 28, 2022 chromium-browser vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Chromium could be made to execute arbitrary code if it received a specially crafted input. Software Description: - chromium-browser: Chromium web browser, open-source version of Chrome Details: It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: chromium-browser99.0.4844.84-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5350-1 CVE-2022-1096 Package Information: https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1 signature.asc Description: PGP signature
[USN-5260-3] Samba vulnerability
== Ubuntu Security Notice USN-5260-3 February 03, 2022 samba vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Samba could be made to crash when handled certain memory operations. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: USN-5260-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. (CVE-2021-44142) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: samba 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 Ubuntu 14.04 ESM: samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5260-3 https://ubuntu.com/security/notices/USN-5260-1 CVE-2021-44142 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5270-2] MySQL vulnerabilities
== Ubuntu Security Notice USN-5270-2 February 03, 2022 mysql-5.7 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in MySQL. Software Description: - mysql-5.7: MySQL database Details: USN-5270-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.37 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html https://www.oracle.com/security-alerts/cpujan2022.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: mysql-server-5.75.7.37-0ubuntu0.16.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5270-2 https://ubuntu.com/security/notices/USN-5270-1 CVE-2022-21245, CVE-2022-21270, CVE-2022-21303, CVE-2022-21304, CVE-2022-21344, CVE-2022-21367 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-4754-5] Python vulnerability
== Ubuntu Security Notice USN-4754-5 February 08, 2022 python2.7 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Python could be made to execute arbitrary code or denial of service if it received a specially crafted input. Software Description: - python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: python2.7 2.7.6-8ubuntu0.6+esm10 python2.7-minimal 2.7.6-8ubuntu0.6+esm10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4754-5 https://ubuntu.com/security/notices/USN-4754-1 CVE-2021-3177 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5269-2] Django vulnerabilities
== Ubuntu Security Notice USN-5269-2 February 07, 2022 python-django vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Django. Software Description: - python-django: High-level Python web development framework Details: USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2022-22818) Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service. (CVE-2022-23833) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: python-django 1.8.7-1ubuntu5.15+esm4 python3-django 1.8.7-1ubuntu5.15+esm4 Ubuntu 14.04 ESM: python-django 1.6.11-0ubuntu1.3+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5269-2 https://ubuntu.com/security/notices/USN-5269-1 CVE-2022-22818, CVE-2022-23833 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5254-1] shadow vulnerabilities
== Ubuntu Security Notice USN-5254-1 January 27, 2022 shadow vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in shadow. Software Description: - shadow: system login tools Details: It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424) It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2018-7169) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: login 1:4.5-1ubuntu2.2 passwd 1:4.5-1ubuntu2.2 uidmap 1:4.5-1ubuntu2.2 Ubuntu 16.04 ESM: login 1:4.2-3.1ubuntu5.5+esm1 passwd 1:4.2-3.1ubuntu5.5+esm1 uidmap 1:4.2-3.1ubuntu5.5+esm1 Ubuntu 14.04 ESM: login 1:4.1.5.1-1ubuntu9.5+esm1 passwd 1:4.1.5.1-1ubuntu9.5+esm1 uidmap 1:4.1.5.1-1ubuntu9.5+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5254-1 CVE-2017-12424, CVE-2018-7169 Package Information: https://launchpad.net/ubuntu/+source/shadow/1:4.5-1ubuntu2.2 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5257-1] ldns vulnerabilities
== Ubuntu Security Notice USN-5257-1 January 31, 2022 ldns vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: ldns could be made to expose sensitive information if it received a specially crafted input. Software Description: - ldns: ldns library for DNS programming Details: It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-19860, CVE-2020-19861) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libldns21.7.0-3ubuntu4.1 Ubuntu 16.04 ESM: libldns11.6.17-8ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5257-1 CVE-2020-19860, CVE-2020-19861 Package Information: https://launchpad.net/ubuntu/+source/ldns/1.7.0-3ubuntu4.1 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5235-1] Ruby vulnerabilities
== Ubuntu Security Notice USN-5235-1 January 18, 2022 ruby2.3, ruby2.5, ruby2.7 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Ruby. Software Description: - ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Details: It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-41816) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a regular expression denial of service. (CVE-2021-41817) It was discovered that Ruby incorrectly handled certain cookie names. An attacker could possibly use this issue to access or expose sensitive information. (CVE-2021-41819) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: ruby2.7 2.7.4-1ubuntu3.1 Ubuntu 21.04: ruby2.7 2.7.2-4ubuntu1.3 Ubuntu 20.04 LTS: ruby2.7 2.7.0-5ubuntu1.6 Ubuntu 18.04 LTS: ruby2.5 2.5.1-1ubuntu1.11 Ubuntu 16.04 ESM: ruby2.3 2.3.1-2~ubuntu16.04.16+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5235-1 CVE-2021-41816, CVE-2021-41817, CVE-2021-41819 Package Information: https://launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.1 https://launchpad.net/ubuntu/+source/ruby2.7/2.7.2-4ubuntu1.3 https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.6 https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.11 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5233-2] ClamAV vulnerability
== Ubuntu Security Notice USN-5233-2 January 19, 2022 clamav vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: ClamAV could be made to crash if it opened a specially crafted file. Software Description: - clamav: Anti-virus utility for Unix Details: USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: clamav 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 Ubuntu 14.04 ESM: clamav 0.103.5+dfsg-0ubuntu0.14.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5233-2 https://ubuntu.com/security/notices/USN-5233-1 CVE-2022-20698 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5243-2] AIDE vulnerability
== Ubuntu Security Notice USN-5243-2 January 20, 2022 aide vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: AIDE could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description: - aide: Advanced Intrusion Detection Environment - static binary Details: USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: aide0.16~a2.git20130520-3ubuntu0.1~esm1 Ubuntu 14.04 ESM: aide0.16~a2.git20130520-2ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5243-2 https://ubuntu.com/security/notices/USN-5243-1 CVE-2021-45417 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5250-2] strongSwan vulnerability
== Ubuntu Security Notice USN-5250-2 January 24, 2022 strongswan vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: strongSwan could crash or allow unintended access to network services. Software Description: - strongswan: IPsec VPN solution Details: USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libstrongswan 5.3.5-1ubuntu3.8+esm2 strongswan 5.3.5-1ubuntu3.8+esm2 Ubuntu 14.04 ESM: libstrongswan 5.1.2-0ubuntu2.11+esm2 strongswan 5.1.2-0ubuntu2.11+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5250-2 https://ubuntu.com/security/notices/USN-5250-1 CVE-2021-45079 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5252-2] PolicyKit vulnerability
== Ubuntu Security Notice USN-5252-2 January 25, 2022 policykit-1 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: policykit-1 could be made to run programs as an administrator. Software Description: - policykit-1: framework for managing administrative policies and privileges Details: USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: policykit-1 0.105-14.1ubuntu0.5+esm1 Ubuntu 14.04 ESM: policykit-1 0.105-4ubuntu3.14.04.6+esm1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5252-2 https://ubuntu.com/security/notices/USN-5252-1 CVE-2021-4034 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5193-2] X.Org X Server vulnerabilities
== Ubuntu Security Notice USN-5193-2 January 26, 2022 xorg-server vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server Details: USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm1 Ubuntu 14.04 ESM: xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5193-2 https://ubuntu.com/security/notices/USN-5193-1 CVE-2021-4008, CVE-2021-4009, CVE-2021-4011 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5373-2] Django vulnerabilities
== Ubuntu Security Notice USN-5373-2 April 11, 2022 python-django vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Django. Software Description: - python-django: High-level Python web development framework Details: USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. (CVE-2021-32052) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: python-django 1.8.7-1ubuntu5.15+esm5 python3-django 1.8.7-1ubuntu5.15+esm5 Ubuntu 14.04 ESM: python-django 1.6.11-0ubuntu1.3+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5373-2 https://ubuntu.com/security/notices/USN-5373-1 CVE-2021-32052, CVE-2022-28346 signature.asc Description: PGP signature
[USN-5376-1] Git vulnerability
== Ubuntu Security Notice USN-5376-1 April 12, 2022 git vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Git could be made to run arbitrary commands in platforms with multiple users support. Software Description: - git: fast, scalable, distributed revision control system Details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: git 1:2.32.0-1ubuntu1.1 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.3 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-1 CVE-2022-24765 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.3 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.10 signature.asc Description: PGP signature
[USN-5369-1] oslo.utils vulnerability
== Ubuntu Security Notice USN-5369-1 April 07, 2022 python-oslo.utils vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: oslo.utils could be made to expose sensitive information if it received a specially crafted input. Software Description: - python-oslo.utils: Oslo Utility library - doc Details: It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: python3-oslo.utils 4.10.0-0ubuntu1.1 Ubuntu 20.04 LTS: python3-oslo.utils 4.1.1-0ubuntu1.1 Ubuntu 18.04 LTS: python-oslo.utils 3.35.0-0ubuntu1.1 python3-oslo.utils 3.35.0-0ubuntu1.1 Ubuntu 16.04 ESM: python-oslo.utils 3.8.0-2ubuntu0.1~esm1 python3-oslo.utils 3.8.0-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5369-1 CVE-2022-0718 Package Information: https://launchpad.net/ubuntu/+source/python-oslo.utils/4.10.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/python-oslo.utils/4.1.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/python-oslo.utils/3.35.0-0ubuntu1.1 signature.asc Description: PGP signature
[USN-5374-1] libarchive vulnerability
== Ubuntu Security Notice USN-5374-1 April 11, 2022 libarchive vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS Summary: libarchive could be made to expose sensitive information if it received a specially crafted archive file. Software Description: - libarchive: Library to read/write archive files Details: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libarchive133.4.3-2ubuntu0.2 Ubuntu 20.04 LTS: libarchive133.4.0-2ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5374-1 CVE-2022-26280 Package Information: https://launchpad.net/ubuntu/+source/libarchive/3.4.3-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.2 signature.asc Description: PGP signature
[USN-5378-4] Gzip vulnerability
== Ubuntu Security Notice USN-5378-4 April 13, 2022 gzip vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Gzip could be made to overwrite arbitrary files. Software Description: - gzip: GNU compression utilities Details: USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: gzip1.6-4ubuntu1+esm1 Ubuntu 14.04 ESM: gzip1.6-3ubuntu1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5378-4 https://ubuntu.com/security/notices/USN-5378-1 CVE-2022-1271 signature.asc Description: PGP signature
[USN-5378-3] XZ Utils vulnerability
== Ubuntu Security Notice USN-5378-3 April 13, 2022 xz-utils vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: XZ Utils could be made to overwrite arbitrary files. Software Description: - xz-utils: XZ-format compression utilities Details: USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: xz-utils5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 Ubuntu 14.04 ESM: xz-utils5.1.1alpha+20120614-2ubuntu2.14.04.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5378-3 https://ubuntu.com/security/notices/USN-5378-1 CVE-2022-1271 signature.asc Description: PGP signature
[USN-6164-2] c-ares vulnerabilities
== Ubuntu Security Notice USN-6164-2 September 11, 2023 c-ares vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in c-ares. Software Description: - c-ares: library for asynchronous name resolution Details: USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-31130) Xiang Li discovered that c-ares incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause c-res to crash, resulting in a denial of service. (CVE-2023-32067) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): libc-ares2 1.14.0-1ubuntu0.2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libc-ares2 1.10.0-3ubuntu0.2+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6164-2 https://ubuntu.com/security/notices/USN-6164-1 CVE-2023-31130, CVE-2023-32067 signature.asc Description: PGP signature
[USN-6429-2] curl vulnerability
== Ubuntu Security Notice USN-6429-2 October 11, 2023 curl vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-6429-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections. (CVE-2023-38546) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): curl7.58.0-2ubuntu3.24+esm2 libcurl3-gnutls 7.58.0-2ubuntu3.24+esm2 libcurl3-nss7.58.0-2ubuntu3.24+esm2 libcurl47.58.0-2ubuntu3.24+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): curl7.47.0-1ubuntu2.19+esm10 libcurl37.47.0-1ubuntu2.19+esm10 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm10 libcurl3-nss7.47.0-1ubuntu2.19+esm10 Ubuntu 14.04 LTS (Available with Ubuntu Pro): curl7.35.0-1ubuntu2.20+esm17 libcurl37.35.0-1ubuntu2.20+esm17 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm17 libcurl3-nss7.35.0-1ubuntu2.20+esm17 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6429-2 https://ubuntu.com/security/notices/USN-6429-1 CVE-2023-38546 signature.asc Description: PGP signature
[USN-6394-2] Python vulnerability
== Ubuntu Security Notice USN-6394-2 October 17, 2023 python2.7 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Python could be made to execute arbitrary code if it received a specially crafted script. Software Description: - python2.7: An interactive high-level object-oriented language Details: USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): python2.7 2.7.17-1~18.04ubuntu1.13+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): python2.7 2.7.12-1ubuntu0~16.04.18+esm8 Ubuntu 14.04 LTS (Available with Ubuntu Pro): python2.7 2.7.6-8ubuntu0.6+esm17 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6394-2 https://ubuntu.com/security/notices/USN-6394-1 CVE-2022-48560 signature.asc Description: PGP signature
[USN-6453-2] X.Org X Server vulnerabilities
== Ubuntu Security Notice USN-6453-2 October 31, 2023 xorg-server vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in X.Org X Server, xwayland. Software Description: - xorg-server: X.Org X11 server Details: USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5367) Sri discovered that the X.Org X Server incorrectly handled detroying windows in certain legacy multi-screen setups. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5380) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm1 xwayland2:1.19.6-1ubuntu4.15+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm6 xwayland2:1.18.4-0ubuntu0.12+esm6 Ubuntu 14.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm8 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6453-2 https://ubuntu.com/security/notices/USN-6453-1 CVE-2023-5367, CVE-2023-5380 signature.asc Description: PGP signature
[USN-6408-2] libXpm vulnerabilities
== Ubuntu Security Notice USN-6408-2 October 23, 2023 libxpm vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in libXpm. Software Description: - libxpm: X11 pixmap library Details: USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Alan Coopersmith discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to cause libXpm to crash, leading to a denial of service. (CVE-2023-43788, CVE-2023-43789) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): libxpm4 1:3.5.12-1ubuntu0.18.04.2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libxpm4 1:3.5.11-1ubuntu0.16.04.1+esm2 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libxpm4 1:3.5.10-1ubuntu0.1+esm2 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6408-2 https://ubuntu.com/security/notices/USN-6408-1 CVE-2023-43786, CVE-2023-43787, CVE-2023-43788, CVE-2023-43789 signature.asc Description: PGP signature
[USN-6288-2] MySQL vulnerability
== Ubuntu Security Notice USN-6288-2 October 24, 2023 mysql-5.7 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in MySQL. Software Description: - mysql-5.7: MySQL database Details: USN-6288-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.43 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html https://www.oracle.com/security-alerts/cpujul2023.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): mysql-server-5.75.7.43-0ubuntu0.18.04.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): mysql-server-5.75.7.43-0ubuntu0.16.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6288-2 https://ubuntu.com/security/notices/USN-6288-1 CVE-2023-22053 signature.asc Description: PGP signature
[USN-6391-2] CUPS vulnerability
== Ubuntu Security Notice USN-6391-2 September 21, 2023 cups vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: CUPS could be made to crash or run programs if it opened a specially crafted file. Software Description: - cups: Common UNIX Printing System(tm) Details: USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): cups2.2.7-1ubuntu2.10+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): cups2.1.3-4ubuntu0.11+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6391-2 https://ubuntu.com/security/notices/USN-6391-1 CVE-2023-4504 signature.asc Description: PGP signature
[USN-6394-1] Python vulnerability
== Ubuntu Security Notice USN-6394-1 September 21, 2023 python3.5 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Python could be made to execute arbitrary code if it received a specially crafted script. Software Description: - python3.5: An interactive high-level object-oriented language Details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): python3.5 3.5.2-2ubuntu0~16.04.13+esm10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6394-1 CVE-2022-48560 signature.asc Description: PGP signature
[USN-6402-1] LibTomMath vulnerability
== Ubuntu Security Notice USN-6402-1 October 02, 2023 libtommath vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: LibTomMatch could be made to execute arbitrary code or denial of service if it received a specially crafted input. Software Description: - libtommath: multiple-precision integer library [development files] Details: It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial of service (DoS). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libtommath1 1.2.0-6ubuntu0.23.04.1 Ubuntu 22.04 LTS: libtommath1 1.2.0-6ubuntu0.22.04.1 Ubuntu 20.04 LTS: libtommath1 1.2.0-3ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libtommath1 1.0.1-1ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libtommath0 0.42.0-1.2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6402-1 CVE-2023-36328 Package Information: https://launchpad.net/ubuntu/+source/libtommath/1.2.0-6ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/libtommath/1.2.0-6ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/libtommath/1.2.0-3ubuntu0.1 signature.asc Description: PGP signature
[USN-6414-2] Django vulnerabilities
== Ubuntu Security Notice USN-6414-2 October 04, 2023 python-django vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Django. Software Description: - python-django: High-level Python web development framework Details: USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. It was discovered that Django incorrectly handled certain URIs with a very large number of Unicode characters. A remote attacker could possibly use this issue to cause Django to consume resources or crash, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): python3-django 1:1.11.11-1ubuntu1.21+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6414-2 https://ubuntu.com/security/notices/USN-6414-1 CVE-2023-41164, CVE-2023-43665 signature.asc Description: PGP signature
[USN-6382-1] Memcached vulnerability
== Ubuntu Security Notice USN-6382-1 September 19, 2023 memcached vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Memcached could be made to denial of service. Software Description: - memcached: High-performance in-memory object caching system Details: It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: memcached 1.5.22-2ubuntu0.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): memcached 1.5.6-0ubuntu1.2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): memcached 1.4.25-2ubuntu1.5+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6382-1 CVE-2022-48571 Package Information: https://launchpad.net/ubuntu/+source/memcached/1.5.22-2ubuntu0.3 signature.asc Description: PGP signature
[USN-6407-2] libx11 vulnerabilities
== Ubuntu Security Notice USN-6407-2 October 10, 2023 libx11 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in libx11. Software Description: - libx11: X11 client-side library Details: USN-6407-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-43785) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libx11 to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): libx11-62:1.6.4-3ubuntu0.4+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libx11-62:1.6.3-1ubuntu2.2+esm4 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libx11-62:1.6.2-1ubuntu2.1+esm5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6407-2 https://ubuntu.com/security/notices/USN-6407-1 CVE-2023-43785, CVE-2023-43786, CVE-2023-43787 signature.asc Description: PGP signature
[USN-6423-1] CUE vulnerability
== Ubuntu Security Notice USN-6423-1 October 09, 2023 libcue vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: CUE could be made to execute arbitrary code if it received a specially crafted file. Software Description: - libcue: CUE Sheet Parser Library - development files Details: It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libcue2 2.2.1-4ubuntu0.1 Ubuntu 22.04 LTS: libcue2 2.2.1-3ubuntu0.1 Ubuntu 20.04 LTS: libcue2 2.2.1-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6423-1 CVE-2023-43641 Package Information: https://launchpad.net/ubuntu/+source/libcue/2.2.1-4ubuntu0.1 https://launchpad.net/ubuntu/+source/libcue/2.2.1-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libcue/2.2.1-2ubuntu0.1 signature.asc Description: PGP signature
[USN-6403-2] libvpx vulnerabilities
== Ubuntu Security Notice USN-6403-2 October 23, 2023 libvpx vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in libvpx. Software Description: - libvpx: VP8 and VP9 video codec Details: USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): libvpx5 1.7.0-3ubuntu0.18.04.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6403-2 https://ubuntu.com/security/notices/USN-6403-1 CVE-2023-44488, CVE-2023-5217 signature.asc Description: PGP signature
[USN-5376-3] Git regression
== Ubuntu Security Notice USN-5376-3 April 26, 2022 git regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: UNS-5376-1 was missing patches to properly fix the addressed issues. Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.2 Ubuntu 21.10: git 1:2.32.0-1ubuntu1.2 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.4 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-3 https://ubuntu.com/security/notices/USN-5376-1 https://launchpad.net/bugs/1970260 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.11 signature.asc Description: PGP signature
[USN-5376-2] Git vulnerability
== Ubuntu Security Notice USN-5376-2 April 25, 2022 git vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Git could be made to run arbitrary commands in platforms with multiple users support. Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-2 https://ubuntu.com/security/notices/USN-5376-1 CVE-2022-24765 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.1 signature.asc Description: PGP signature
[USN-5423-2] ClamAV vulnerabilities
== Ubuntu Security Notice USN-5423-2 May 17, 2022 clamav vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770) Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771) Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785) Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792) Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 signature.asc Description: PGP signature
[USN-5424-2] OpenLDAP vulnerability
== Ubuntu Security Notice USN-5424-2 May 19, 2022 openldap vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: OpenLDAP could be made to perform arbitrary modifications to the database. Software Description: - openldap: Lightweight Directory Access Protocol Details: USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: slapd 2.4.42+dfsg-2ubuntu3.13+esm1 Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5424-2 https://ubuntu.com/security/notices/USN-5424-1 CVE-2022-29155 signature.asc Description: PGP signature
[USN-5446-2] dpkg vulnerability
== Ubuntu Security Notice USN-5446-2 May 30, 2022 dpkg vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: A malicious source package could write files outside the unpack directory. Software Description: - dpkg: Debian package management system Details: USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: dpkg1.18.4ubuntu1.7+esm1 libdpkg-perl1.18.4ubuntu1.7+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5446-2 https://ubuntu.com/security/notices/USN-5446-1 CVE-2022-1664 signature.asc Description: PGP signature
[USN-5454-2] CUPS vulnerabilities
== Ubuntu Security Notice USN-5454-2 May 31, 2022 cups vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in CUPS. Software Description: - cups: Common UNIX Printing System(tm) Details: USN-5454-1 fixed several vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: cups2.1.3-4ubuntu0.11+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5454-2 https://ubuntu.com/security/notices/USN-5454-1 CVE-2019-8842, CVE-2020-10001, CVE-2022-26691 signature.asc Description: PGP signature
[USN-5422-1] libxml2 vulnerabilities
== Ubuntu Security Notice USN-5422-1 May 16, 2022 libxml2 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in libxml2. Software Description: - libxml2: GNOME XML library Details: Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-29824) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libxml2 2.9.13+dfsg-1ubuntu0.1 libxml2-utils 2.9.13+dfsg-1ubuntu0.1 Ubuntu 21.10: libxml2 2.9.12+dfsg-4ubuntu0.2 libxml2-utils 2.9.12+dfsg-4ubuntu0.2 Ubuntu 20.04 LTS: libxml2 2.9.10+dfsg-5ubuntu0.20.04.3 libxml2-utils 2.9.10+dfsg-5ubuntu0.20.04.3 Ubuntu 18.04 LTS: libxml2 2.9.4+dfsg1-6.1ubuntu1.6 libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.6 Ubuntu 16.04 ESM: libxml2 2.9.3+dfsg1-1ubuntu0.7+esm2 libxml2-utils 2.9.3+dfsg1-1ubuntu0.7+esm2 Ubuntu 14.04 ESM: libxml2 2.9.1+dfsg1-3ubuntu4.13+esm3 libxml2-utils 2.9.1+dfsg1-3ubuntu4.13+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5422-1 CVE-2022-23308, CVE-2022-29824 Package Information: https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxml2/2.9.12+dfsg-4ubuntu0.2 https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.3 https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.6 signature.asc Description: PGP signature
[USN-5487-2] Apache HTTP Server regression
== Ubuntu Security Notice USN-5487-2 June 23, 2022 apache2 regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: USN-5487-1 introduced a regression in Apache. Software Description: - apache2: Apache HTTP server Details: USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm6 apache2-bin 2.4.7-1ubuntu4.22+esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5487-2 https://ubuntu.com/security/notices/USN-5487-1 https://launchpad.net/bugs/XX signature.asc Description: PGP signature
[USN-5487-3] Apache HTTP Server regression
== Ubuntu Security Notice USN-5487-3 June 23, 2022 apache2 regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: USN-5487-1 introduced a regression in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.25 apache2-bin 2.4.29-1ubuntu4.25 Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm7 apache2-bin 2.4.18-2ubuntu3.17+esm7 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm8 apache2-bin 2.4.7-1ubuntu4.22+esm8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5487-3 https://ubuntu.com/security/notices/USN-5487-1 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, https://launchpad.net/bugs/1979577, https://launchpad.net/bugs/1979641 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.25 signature.asc Description: PGP signature
[USN-5494-1] SpiderMonkey JavaScript Library vulnerabilities
== Ubuntu Security Notice USN-5494-1 June 27, 2022 mozjs91 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in SpiderMonkey JavaScript Library. Software Description: - mozjs91: SpiderMonkey JavaScript library Details: It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28285) It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash. (CVE-2022-31740) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libmozjs-91-0 91.10.0-0ubuntu1 After a standard system update you need to restart any application that use SpiderMonkey JavaScript Library to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5494-1 CVE-2022-28285, CVE-2022-31740, https://launchpad.net/bugs/1976260, https://launchpad.net/bugs/1978961 Package Information: https://launchpad.net/ubuntu/+source/mozjs91/91.10.0-0ubuntu1 signature.asc Description: PGP signature
[USN-5495-1] curl vulnerabilities
== Ubuntu Security Notice USN-5495-1 June 27, 2022 curl vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss7.81.0-1ubuntu1.3 libcurl47.81.0-1ubuntu1.3 Ubuntu 21.10: curl7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss7.74.0-1.3ubuntu2.3 libcurl47.74.0-1.3ubuntu2.3 Ubuntu 20.04 LTS: curl7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss7.68.0-1ubuntu2.12 libcurl47.68.0-1ubuntu2.12 Ubuntu 18.04 LTS: curl7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss7.58.0-2ubuntu3.19 libcurl47.58.0-2ubuntu3.19 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5495-1 CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208 Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19 signature.asc Description: PGP signature
[USN-5501-1] Django vulnerability
== Ubuntu Security Notice USN-5501-1 July 04, 2022 python-django vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Django could be made to expose sensitive information if it received a specially crafted input. Software Description: - python-django: High-level Python web development framework Details: It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-django 2:3.2.12-2ubuntu1.1 Ubuntu 21.10: python3-django 2:2.2.24-1ubuntu1.5 Ubuntu 20.04 LTS: python3-django 2:2.2.12-1ubuntu0.12 Ubuntu 18.04 LTS: python-django 1:1.11.11-1ubuntu1.18 python3-django 1:1.11.11-1ubuntu1.18 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5501-1 CVE-2022-34265 Package Information: https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.1 https://launchpad.net/ubuntu/+source/python-django/2:2.2.24-1ubuntu1.5 https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.12 https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.18 signature.asc Description: PGP signature
[USN-5508-1] Python LDAP vulnerability
== Ubuntu Security Notice USN-5508-1 July 11, 2022 python-ldap vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Python LDAP could be made to denial of service if it received a specially crafted regular expression. Software Description: - python-ldap: LDAP interface module for Python3 Details: It was discovered that Python LDAP incorrectly handled certain regular expressions. An remote attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-ldap3.2.0-4ubuntu7.1 python3-pyldap 3.2.0-4ubuntu7.1 Ubuntu 21.10: python3-ldap3.2.0-4ubuntu5.1 python3-pyldap 3.2.0-4ubuntu5.1 Ubuntu 20.04 LTS: python3-ldap3.2.0-4ubuntu2.1 python3-pyldap 3.2.0-4ubuntu2.1 Ubuntu 18.04 LTS: python-ldap 3.0.0-1ubuntu0.2 python-pyldap 3.0.0-1ubuntu0.2 python3-ldap3.0.0-1ubuntu0.2 python3-pyldap 3.0.0-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5508-1 CVE-2021-46823 Package Information: https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4ubuntu7.1 https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4ubuntu5.1 https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4ubuntu2.1 https://launchpad.net/ubuntu/+source/python-ldap/3.0.0-1ubuntu0.2 signature.asc Description: PGP signature
[USN-5503-2] GnuPG vulnerability
== Ubuntu Security Notice USN-5503-2 July 12, 2022 gnupg, gnupg2 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: GnuPG could allow forged signatures. Software Description: - gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement Details: USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: gnupg 1.4.20-1ubuntu3.3+esm2 gnupg2 2.1.11-6ubuntu2.1+esm1 Ubuntu 14.04 ESM: gnupg 1.4.16-1ubuntu2.6+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5503-2 https://ubuntu.com/security/notices/USN-5503-1 CVE-2022-34903 signature.asc Description: PGP signature
[USN-5487-1] Apache HTTP Server vulnerabilities
== Ubuntu Security Notice USN-5487-1 June 21, 2022 apache2 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: apache2 2.4.52-1ubuntu4.1 apache2-bin 2.4.52-1ubuntu4.1 Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.5 apache2-bin 2.4.48-3.1ubuntu3.5 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.12 apache2-bin 2.4.41-4ubuntu3.12 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.24 apache2-bin 2.4.29-1ubuntu4.24 Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm6 apache2-bin 2.4.18-2ubuntu3.17+esm6 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm5 apache2-bin 2.4.7-1ubuntu4.22+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5487-1 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.1 https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.12 https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.24 signature.asc Description: PGP signature
[USN-5476-1] Liblouis vulnerabilities
== Ubuntu Security Notice USN-5476-1 June 13, 2022 liblouis vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in liblouis. Software Description: - liblouis: Braille translation library - utilities Details: Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981) It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-31783) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: liblouis-bin3.20.0-2ubuntu0.1 liblouis20 3.20.0-2ubuntu0.1 Ubuntu 21.10: liblouis-bin3.18.0-1ubuntu0.2 liblouis20 3.18.0-1ubuntu0.2 Ubuntu 20.04 LTS: liblouis-bin3.12.0-3ubuntu0.1 liblouis20 3.12.0-3ubuntu0.1 Ubuntu 18.04 LTS: liblouis-bin3.5.0-1ubuntu0.4 liblouis14 3.5.0-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5476-1 CVE-2022-26981, CVE-2022-31783 Package Information: https://launchpad.net/ubuntu/+source/liblouis/3.20.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/liblouis/3.18.0-1ubuntu0.2 https://launchpad.net/ubuntu/+source/liblouis/3.12.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/liblouis/3.5.0-1ubuntu0.4 signature.asc Description: PGP signature
[USN-5462-1] Ruby vulnerabilities
== Ubuntu Security Notice USN-5462-1 June 06, 2022 ruby2.5, ruby2.7, ruby3.0 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Ruby. Software Description: - ruby3.0: Interpreter of object-oriented scripting language Ruby - ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language Details: It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-28739) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libruby3.0 3.0.2-7ubuntu2.1 ruby3.0 3.0.2-7ubuntu2.1 Ubuntu 21.10: libruby2.7 2.7.4-1ubuntu3.2 ruby2.7 2.7.4-1ubuntu3.2 Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.7 ruby2.7 2.7.0-5ubuntu1.7 Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.12 ruby2.5 2.5.1-1ubuntu1.12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5462-1 CVE-2022-28738, CVE-2022-28739 Package Information: https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.1 https://launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.2 https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.7 https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.12 signature.asc Description: PGP signature
[USN-5510-2] X.Org X Server vulnerabilities
== Ubuntu Security Notice USN-5510-2 July 12, 2022 xorg-server, xorg-server-hwe-16.04 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server Details: USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm2 xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xwayland2:1.18.4-0ubuntu0.12+esm2 xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5510-2 https://ubuntu.com/security/notices/USN-5510-1 CVE-2022-2319, CVE-2022-2320 signature.asc Description: PGP signature
[USN-5520-2] HTTP-Daemon vulnerability
== Ubuntu Security Notice USN-5520-2 July 18, 2022 libhttp-daemon-perl vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: HTTP-Daemon could allow HTTP Request Smuggling attacks. Software Description: - libhttp-daemon-perl: simple http server class Details: USN-5520-1 fixed a vulnerability in HTTP-Daemon. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libhttp-daemon-perl 6.01-1ubuntu0.16.04~esm1 Ubuntu 14.04 ESM: libhttp-daemon-perl 6.01-1ubuntu0.14.04~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5520-2 https://ubuntu.com/security/notices/USN-5520-1 CVE-2022-31081 signature.asc Description: PGP signature
[USN-5519-1] Python vulnerability
== Ubuntu Security Notice USN-5519-1 July 14, 2022 python2.7, python3.10, python3.4, python3.5, python3.6, python3.8, python3.9 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Python could be made to run arbitrary code if it received a specially crafted input. Software Description: - python2.7: An interactive high-level object-oriented language - python3.10: Interactive high-level object-oriented language (version 3.10) - python3.9: Interactive high-level object-oriented language (version 3.9) - python3.8: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python2.7 2.7.18-13ubuntu1.1 python2.7-minimal 2.7.18-13ubuntu1.1 python3.10 3.10.4-3ubuntu0.1 python3.10-minimal 3.10.4-3ubuntu0.1 Ubuntu 21.10: python2.7 2.7.18-8ubuntu0.2 python2.7-minimal 2.7.18-8ubuntu0.2 python3.9 3.9.7-2ubuntu0.1 python3.9-minimal 3.9.7-2ubuntu0.1 Ubuntu 20.04 LTS: python2.7 2.7.18-1~20.04.3 python2.7-minimal 2.7.18-1~20.04.3 python3.8 3.8.10-0ubuntu1~20.04.5 python3.8-minimal 3.8.10-0ubuntu1~20.04.5 Ubuntu 18.04 LTS: python2.7 2.7.17-1~18.04ubuntu1.8 python2.7-minimal 2.7.17-1~18.04ubuntu1.8 python3.6 3.6.9-1~18.04ubuntu1.8 python3.6-minimal 3.6.9-1~18.04ubuntu1.8 Ubuntu 16.04 ESM: python2.7 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm2 python3.5 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm3 Ubuntu 14.04 ESM: python2.7 2.7.6-8ubuntu0.6+esm11 python2.7-minimal 2.7.6-8ubuntu0.6+esm11 python3.4 3.4.3-1ubuntu1~14.04.7+esm13 python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5519-1 CVE-2015-20107 Package Information: https://launchpad.net/ubuntu/+source/python2.7/2.7.18-13ubuntu1.1 https://launchpad.net/ubuntu/+source/python3.10/3.10.4-3ubuntu0.1 https://launchpad.net/ubuntu/+source/python2.7/2.7.18-8ubuntu0.2 https://launchpad.net/ubuntu/+source/python3.9/3.9.7-2ubuntu0.1 https://launchpad.net/ubuntu/+source/python2.7/2.7.18-1~20.04.3 https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.5 https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.8 https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.8 signature.asc Description: PGP signature
[USN-5473-2] ca-certificates update
== Ubuntu Security Notice USN-5473-2 July 13, 2022 ca-certificates update == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: The CA certificates in the ca-certificates package were updated. Software Description: - ca-certificates: Common CA certificates Details: USN-5473-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: ca-certificates 20211016~16.04.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5473-2 https://ubuntu.com/security/notices/USN-5473-1 https://launchpad.net/bugs/1976631 signature.asc Description: PGP signature
[USN-5511-1] Git vulnerabilities
== Ubuntu Security Notice USN-5511-1 July 13, 2022 git vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. Software Description: - git: fast, scalable, distributed revision control system Details: Carlo Marcelo Arenas Belón discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator. (CVE-2022-29187) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.4 Ubuntu 21.10: git 1:2.32.0-1ubuntu1.3 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.5 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5511-1 CVE-2022-29187 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4 https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12 signature.asc Description: PGP signature
[USN-5538-1] libtirpc vulnerability
== Ubuntu Security Notice USN-5538-1 July 28, 2022 libtirpc vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libtirpc could be made to denial of service if it received a specially crafted input. Software Description: - libtirpc: transport-independent RPC library - common files Details: It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libtirpc3 1.3.2-2ubuntu0.1 Ubuntu 20.04 LTS: libtirpc3 1.2.5-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5538-1 CVE-2021-46828 Package Information: https://launchpad.net/ubuntu/+source/libtirpc/1.3.2-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libtirpc/1.2.5-1ubuntu0.1 signature.asc Description: PGP signature
[USN-5537-2] MySQL vulnerability
== Ubuntu Security Notice USN-5537-2 July 28, 2022 mysql-5.7 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in MySQL. Software Description: - mysql-5.7: MySQL database Details: USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.39 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-39.html https://www.oracle.com/security-alerts/cpujul2022.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: mysql-server-5.75.7.39-0ubuntu0.16.04.1+esm2 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5537-2 https://ubuntu.com/security/notices/USN-5537-1 CVE-2022-21515 signature.asc Description: PGP signature
[USN-5404-1] Rsyslog vulnerability
== Ubuntu Security Notice USN-5404-1 May 05, 2022 rsyslog vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Rsyslog could be made to crash if it received a specially crafted request. Software Description: - rsyslog: Enhanced syslogd Details: Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: rsyslog 8.2112.0-2ubuntu2.2 Ubuntu 21.10: rsyslog 8.2102.0-2ubuntu2.2 Ubuntu 20.04 LTS: rsyslog 8.2001.0-1ubuntu1.3 Ubuntu 18.04 LTS: rsyslog 8.32.0-1ubuntu4.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5404-1 CVE-2022-24903 Package Information: https://launchpad.net/ubuntu/+source/rsyslog/8.2112.0-2ubuntu2.2 https://launchpad.net/ubuntu/+source/rsyslog/8.2102.0-2ubuntu2.2 https://launchpad.net/ubuntu/+source/rsyslog/8.2001.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/rsyslog/8.32.0-1ubuntu4.2 signature.asc Description: PGP signature
[USN-5392-1] Mutt vulnerabilities
== Ubuntu Security Notice USN-5392-1 April 28, 2022 mutt vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Mutt. Software Description: - mutt: text-based mailreader supporting MIME, GPG, PGP and threading Details: It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055) It was discovered that Mutt incorrectly handled certain input. An attacker could possibly use this issue to cause a crash, or expose sensitive information. (CVE-2022-1328) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: mutt2.1.4-1ubuntu1.1 Ubuntu 21.10: mutt2.0.5-4.1ubuntu0.1 Ubuntu 20.04 LTS: mutt1.13.2-1ubuntu0.5 Ubuntu 18.04 LTS: mutt1.9.4-3ubuntu0.6 Ubuntu 16.04 ESM: mutt1.5.24-1ubuntu0.6+esm2 mutt-patched1.5.24-1ubuntu0.6+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5392-1 CVE-2021-32055, CVE-2022-1328 Package Information: https://launchpad.net/ubuntu/+source/mutt/2.1.4-1ubuntu1.1 https://launchpad.net/ubuntu/+source/mutt/2.0.5-4.1ubuntu0.1 https://launchpad.net/ubuntu/+source/mutt/1.13.2-1ubuntu0.5 https://launchpad.net/ubuntu/+source/mutt/1.9.4-3ubuntu0.6 signature.asc Description: PGP signature
[USN-5397-1] curl vulnerabilities
== Ubuntu Security Notice USN-5397-1 April 28, 2022 curl vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. (CVE-2022-22576) Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl7.81.0-1ubuntu1.1 libcurl3-gnutls 7.81.0-1ubuntu1.1 libcurl3-nss7.81.0-1ubuntu1.1 libcurl47.81.0-1ubuntu1.1 Ubuntu 21.10: curl7.74.0-1.3ubuntu2.1 libcurl3-gnutls 7.74.0-1.3ubuntu2.1 libcurl3-nss7.74.0-1.3ubuntu2.1 libcurl47.74.0-1.3ubuntu2.1 Ubuntu 20.04 LTS: curl7.68.0-1ubuntu2.10 libcurl3-gnutls 7.68.0-1ubuntu2.10 libcurl3-nss7.68.0-1ubuntu2.10 libcurl47.68.0-1ubuntu2.10 Ubuntu 18.04 LTS: curl7.58.0-2ubuntu3.17 libcurl3-gnutls 7.58.0-2ubuntu3.17 libcurl3-nss7.58.0-2ubuntu3.17 libcurl47.58.0-2ubuntu3.17 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5397-1 CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776 Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.1 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.10 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.17 signature.asc Description: PGP signature
[USN-5400-2] MySQL vulnerabilities
== Ubuntu Security Notice USN-5400-2 May 04, 2022 mysql-5.7 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in MySQL. Software Description: - mysql-5.7: MySQL database Details: USN-5400-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html https://www.oracle.com/security-alerts/cpuapr2022.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: mysql-server-5.75.7.38-0ubuntu0.16.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5400-2 https://ubuntu.com/security/notices/USN-5400-1 CVE-2022-21417, CVE-2022-21427, CVE-2022-21444, CVE-2022-21451, CVE-2022-21454, CVE-2022-21460 signature.asc Description: PGP signature
[USN-5408-1] Dnsmasq vulnerability
== Ubuntu Security Notice USN-5408-1 May 10, 2022 dnsmasq vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Dnsmasq could be made to execute arbitrary code or expose sensitive information if it received a specially crafted input. Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: dnsmasq 2.86-1.1ubuntu0.1 dnsmasq-base2.86-1.1ubuntu0.1 dnsmasq-utils 2.86-1.1ubuntu0.1 Ubuntu 21.10: dnsmasq 2.85-1ubuntu2.1 dnsmasq-base2.85-1ubuntu2.1 dnsmasq-utils 2.85-1ubuntu2.1 Ubuntu 20.04 LTS: dnsmasq 2.80-1.1ubuntu1.5 dnsmasq-base2.80-1.1ubuntu1.5 dnsmasq-utils 2.80-1.1ubuntu1.5 Ubuntu 18.04 LTS: dnsmasq 2.79-1ubuntu0.6 dnsmasq-base2.79-1ubuntu0.6 dnsmasq-utils 2.79-1ubuntu0.6 Ubuntu 16.04 ESM: dnsmasq 2.75-1ubuntu0.16.04.10+esm1 dnsmasq-base2.75-1ubuntu0.16.04.10+esm1 dnsmasq-utils 2.75-1ubuntu0.16.04.10+esm1 Ubuntu 14.04 ESM: dnsmasq 2.68-1ubuntu0.2+esm1 dnsmasq-base2.68-1ubuntu0.2+esm1 dnsmasq-utils 2.68-1ubuntu0.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5408-1 CVE-2022-0934 Package Information: https://launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu0.1 https://launchpad.net/ubuntu/+source/dnsmasq/2.85-1ubuntu2.1 https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.5 https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.6 signature.asc Description: PGP signature
[USN-5578-2] Open VM Tools vulnerability
== Ubuntu Security Notice USN-5578-2 August 24, 2022 open-vm-tools vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: open-vm-tools could be made to run programs as an administrator. Software Description: - open-vm-tools: Open VMware Tools for virtual machines hosted on VMware Details: USN-5578-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5578-2 https://ubuntu.com/security/notices/USN-5578-1 CVE-2022-31676 signature.asc Description: PGP signature
[USN-5584-1] Schroot vulnerability
== Ubuntu Security Notice USN-5584-1 August 29, 2022 schroot vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Schroot could be made to denial of service if certain schroot names are used. Software Description: - schroot: Execute commands in a chroot environment Details: It was discovered that Schroot incorrectly handled certain Schroot names. An attacker could possibly use this issue to break schroot's internal state causing a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: schroot 1.6.10-12ubuntu3.1 Ubuntu 20.04 LTS: schroot 1.6.10-9ubuntu0.1 Ubuntu 18.04 LTS: schroot 1.6.10-4ubuntu0.1 Ubuntu 16.04 ESM: schroot 1.6.10-1ubuntu3+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5584-1 CVE-2022-2787 Package Information: https://launchpad.net/ubuntu/+source/schroot/1.6.10-12ubuntu3.1 https://launchpad.net/ubuntu/+source/schroot/1.6.10-9ubuntu0.1 https://launchpad.net/ubuntu/+source/schroot/1.6.10-4ubuntu0.1 signature.asc Description: PGP signature
[USN-5574-1] Exim vulnerability
== Ubuntu Security Notice USN-5574-1 August 22, 2022 exim4 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Exim could be made to crash of execute arbitrary code if it received a specially crafted input. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: exim4-base 4.93-13ubuntu1.6 exim4-daemon-heavy 4.93-13ubuntu1.6 exim4-daemon-light 4.93-13ubuntu1.6 Ubuntu 18.04 LTS: exim4-base 4.90.1-1ubuntu1.9 exim4-daemon-heavy 4.90.1-1ubuntu1.9 exim4-daemon-light 4.90.1-1ubuntu1.9 Ubuntu 16.04 ESM: exim4-base 4.86.2-2ubuntu2.6+esm2 exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm2 exim4-daemon-light 4.86.2-2ubuntu2.6+esm2 Ubuntu 14.04 ESM: exim4-base 4.82-3ubuntu2.4+esm4 exim4-daemon-heavy 4.82-3ubuntu2.4+esm4 exim4-daemon-light 4.82-3ubuntu2.4+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5574-1 CVE-2022-37452 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.6 https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1.9 signature.asc Description: PGP signature
[USN-5575-1] Libxslt vulnerabilities
== Ubuntu Security Notice USN-5575-1 August 22, 2022 libxslt vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Libxslt. Software Description: - libxslt: XSLT processing library Details: Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-5815) Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2021-30560) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libxslt1.1 1.1.34-4ubuntu0.22.04.1 Ubuntu 20.04 LTS: libxslt1.1 1.1.34-4ubuntu0.20.04.1 Ubuntu 18.04 LTS: libxslt1.1 1.1.29-5ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5575-1 CVE-2019-5815, CVE-2021-30560 Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.29-5ubuntu0.3 signature.asc Description: PGP signature
[USN-4976-2] Dnsmasq vulnerability
== Ubuntu Security Notice USN-4976-2 September 07, 2022 dnsmasq vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Dnsmasq could be exposed to cache poisoning. Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Original advisory details: Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: dnsmasq 2.79-1ubuntu0.16.04.1+esm1 dnsmasq-base2.79-1ubuntu0.16.04.1+esm1 dnsmasq-utils 2.79-1ubuntu0.16.04.1+esm1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4976-2 https://ubuntu.com/security/notices/USN-4976-1 CVE-2021-3448 signature.asc Description: PGP signature
[USN-5686-1] Git vulnerabilities
== Ubuntu Security Notice USN-5686-1 October 18, 2022 git vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Git. Software Description: - git: fast, scalable, distributed revision control system Details: Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. (CVE-2022-39253) Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution. (CVE-2022-39260) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.5 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.6 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5686-1 CVE-2022-39253, CVE-2022-39260 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.5 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.6 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.13 signature.asc Description: PGP signature
[USN-5689-1] Perl vulnerability
== Ubuntu Security Notice USN-5689-1 October 19, 2022 perl vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Perl could be made to by pass signature verification. Software Description: - perl: Practical Extraction and Report Language Details: It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: perl5.34.0-3ubuntu1.1 Ubuntu 20.04 LTS: perl5.30.0-9ubuntu0.3 Ubuntu 18.04 LTS: perl5.26.1-6ubuntu0.6 Ubuntu 16.04 ESM: perl5.22.1-9ubuntu0.9+esm1 Ubuntu 14.04 ESM: perl5.18.2-2ubuntu1.7+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5689-1 CVE-2020-16156 Package Information: https://launchpad.net/ubuntu/+source/perl/5.34.0-3ubuntu1.1 https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.3 https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.6 signature.asc Description: PGP signature
[USN-5698-2] Open vSwitch vulnerability
== Ubuntu Security Notice USN-5698-2 October 25, 2022 openvswitch vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Open vSwitch could be made to crash or run programs if it received specially crafted network traffic. Software Description: - openvswitch: Ethernet virtual switch Details: USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: openvswitch-common 2.5.9-0ubuntu0.16.04.3+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5698-2 https://ubuntu.com/security/notices/USN-5698-1 CVE-2022-32166 signature.asc Description: PGP signature
[USN-5625-1] Mako vulnerability
== Ubuntu Security Notice USN-5625-1 September 21, 2022 mako vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Mako could be made to denial of service if it received a specially crafted regular expression. Software Description: - mako: documentation for the Mako Python library Details: It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-mako1.1.3+ds1-2ubuntu0.1 Ubuntu 20.04 LTS: python-mako 1.1.0+ds1-1ubuntu2.1 python3-mako1.1.0+ds1-1ubuntu2.1 Ubuntu 18.04 LTS: python-mako 1.0.7+ds1-1ubuntu0.2 python3-mako1.0.7+ds1-1ubuntu0.2 Ubuntu 16.04 ESM: python-mako 1.0.3+ds1-1ubuntu1+esm1 python3-mako1.0.3+ds1-1ubuntu1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5625-1 CVE-2022-40023 Package Information: https://launchpad.net/ubuntu/+source/mako/1.1.3+ds1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/mako/1.1.0+ds1-1ubuntu2.1 https://launchpad.net/ubuntu/+source/mako/1.0.7+ds1-1ubuntu0.2 signature.asc Description: PGP signature
[USN-5626-2] Bind vulnerabilities
== Ubuntu Security Notice USN-5626-2 September 21, 2022 bind9 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Bind. Software Description: - bind9: Internet Domain Name Server Details: USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. (CVE-2022-2795) It was discovered that Bind incorrectly handled memory when processing ECDSA DNSSEC verification. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2022-38177) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: bind9 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 Ubuntu 14.04 ESM: bind9 1:9.9.5.dfsg-3ubuntu0.19+esm7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5626-2 https://ubuntu.com/security/notices/USN-5626-1 CVE-2022-2795, CVE-2022-38177 signature.asc Description: PGP signature
[USN-5606-1] poppler vulnerability
== Ubuntu Security Notice USN-5606-1 September 12, 2022 poppler vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: poppler could be made to crash or execute arbitrary code if received a specially crafted PDF. Software Description: - poppler: PDF rendering library Details: It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libpoppler118 22.02.0-2ubuntu0.1 poppler-utils 22.02.0-2ubuntu0.1 Ubuntu 20.04 LTS: libpoppler970.86.1-0ubuntu1.1 poppler-utils 0.86.1-0ubuntu1.1 Ubuntu 18.04 LTS: libpoppler730.62.0-2ubuntu2.13 poppler-utils 0.62.0-2ubuntu2.13 Ubuntu 16.04 ESM: libpoppler580.41.0-0ubuntu1.16+esm1 poppler-utils 0.41.0-0ubuntu1.16+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5606-1 CVE-2022-38784 Package Information: https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.13 signature.asc Description: PGP signature
[USN-5636-1] SoS vulnerability
== Ubuntu Security Notice USN-5636-1 September 26, 2022 sosreport vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: SoS could be made do expose sensitive information. Software Description: - sosreport: Set of tools to gather troubleshooting data from a system Details: It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: sosreport 4.3-1ubuntu2.1 Ubuntu 20.04 LTS: sosreport 4.3-1ubuntu0.20.04.2 Ubuntu 18.04 LTS: sosreport 4.3-1ubuntu0.18.04.2 Ubuntu 16.04 ESM: sosreport 3.9.1-1ubuntu0.16.04.2+esm1 Ubuntu 14.04 ESM: sosreport 3.5-1~ubuntu14.04.3+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5636-1 CVE-2022-2806 Package Information: https://launchpad.net/ubuntu/+source/sosreport/4.3-1ubuntu2.1 https://launchpad.net/ubuntu/+source/sosreport/4.3-1ubuntu0.20.04.2 https://launchpad.net/ubuntu/+source/sosreport/4.3-1ubuntu0.18.04.2 signature.asc Description: PGP signature
[USN-5606-2] poppler regression
== Ubuntu Security Notice USN-5606-2 September 14, 2022 poppler regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: USN-5606-1 caused a regression in poppler. Software Description: - poppler: PDF rendering library Details: USN-5606-1 fixed a vulnerability in poppler. Unfortunately it was missing a commit to fix it properly. This update provides the corresponding fix for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpoppler-private-dev 0.62.0-2ubuntu2.14 libpoppler730.62.0-2ubuntu2.14 poppler-utils 0.62.0-2ubuntu2.14 Ubuntu 16.04 ESM: libpoppler-private-dev 0.41.0-0ubuntu1.16+esm2 libpoppler580.41.0-0ubuntu1.16+esm2 poppler-utils 0.41.0-0ubuntu1.16+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5606-2 https://ubuntu.com/security/notices/USN-5606-1 https://launchpad.net/bugs/1989515 Package Information: https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.14 signature.asc Description: PGP signature
[USN-5607-1] GDK-PixBuf vulnerability
== Ubuntu Security Notice USN-5607-1 September 13, 2022 gdk-pixbuf vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GDK-PixBuf could be made do execute arbitrary code or crash if it received a specially crafted image. Software Description: - gdk-pixbuf: GDK Pixbuf library Details: It was discovered that GDK-PixBuf incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.1 Ubuntu 20.04 LTS: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.4 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5607-1 CVE-2021-44648 Package Information: https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.42.8+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.40.0+dfsg-3ubuntu0.4 signature.asc Description: PGP signature
[USN-5666-1] OpenSSH vulnerability
== Ubuntu Security Notice USN-5666-1 October 10, 2022 openssh vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: OpenSSH could be made to run arbitrary code if it some non-default configuration are in use. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: openssh-server 1:7.2p2-4ubuntu2.10+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5666-1 CVE-2021-41617 signature.asc Description: PGP signature
[USN-5651-1] strongSwan vulnerability
== Ubuntu Security Notice USN-5651-1 October 03, 2022 strongswan vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: strongSwan could be made do denial of service if it received a specially crafted certificate. Software Description: - strongswan: IPsec VPN solution Details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points (CDP) in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libstrongswan 5.9.5-2ubuntu2.1 strongswan 5.9.5-2ubuntu2.1 Ubuntu 20.04 LTS: libstrongswan 5.8.2-1ubuntu3.5 strongswan 5.8.2-1ubuntu3.5 Ubuntu 18.04 LTS: libstrongswan 5.6.2-1ubuntu2.9 strongswan 5.6.2-1ubuntu2.9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5651-1 CVE-2022-40617 Package Information: https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.1 https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.5 https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.9 signature.asc Description: PGP signature
[USN-5651-2] strongSwan vulnerability
== Ubuntu Security Notice USN-5651-2 October 03, 2022 strongswan vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: strongSwan could be made do denial of service if it received a specially crafted certificate. Software Description: - strongswan: IPsec VPN solution Details: USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points (CDP) in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libstrongswan 5.3.5-1ubuntu3.8+esm3 strongswan 5.3.5-1ubuntu3.8+esm3 Ubuntu 14.04 ESM: libstrongswan 5.1.2-0ubuntu2.11+esm3 strongswan 5.1.2-0ubuntu2.11+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5651-2 https://ubuntu.com/security/notices/USN-5651-1 CVE-2022-40617 signature.asc Description: PGP signature
[USN-5563-1] http-parser vulnerability
== Ubuntu Security Notice USN-5563-1 August 10, 2022 http-parser vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: http-parser could be made to expose sensitive data if it received a specially crafted request. Software Description: - http-parser: parser for HTTP messages: development libraries and header files Details: It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libhttp-parser2.7.1 2.7.1-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5563-1 CVE-2020-8287 Package Information: https://launchpad.net/ubuntu/+source/http-parser/2.7.1-2ubuntu0.1 signature.asc Description: PGP signature
[USN-5549-1] Django vulnerability
== Ubuntu Security Notice USN-5549-1 August 04, 2022 python-django vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Django could be made to expose sensitive information if it received an specially crafted input. Software Description: - python-django: High-level Python web development framework Details: It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-django 2:3.2.12-2ubuntu1.2 Ubuntu 20.04 LTS: python3-django 2:2.2.12-1ubuntu0.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5549-1 CVE-2022-36359 Package Information: https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.2 https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.13 signature.asc Description: PGP signature
[USN-5548-1] libxml2 vulnerability
== Ubuntu Security Notice USN-5548-1 August 04, 2022 libxml2 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: libxml2 could be made to execute arbitrary code if it received a specially crafted file. Software Description: - libxml2: GNOME XML library Details: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libxml2 2.9.10+dfsg-5ubuntu0.20.04.4 libxml2-utils 2.9.10+dfsg-5ubuntu0.20.04.4 Ubuntu 18.04 LTS: libxml2 2.9.4+dfsg1-6.1ubuntu1.7 libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.7 Ubuntu 16.04 ESM: libxml2 2.9.3+dfsg1-1ubuntu0.7+esm3 libxml2-utils 2.9.3+dfsg1-1ubuntu0.7+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5548-1 CVE-2016-3709 Package Information: https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.4 https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.7 signature.asc Description: PGP signature
[USN-5555-1] GStreamer Good Plugins vulnerabilities
== Ubuntu Security Notice USN--1 August 08, 2022 gst-plugins-good1.0 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in GStreamer Plugins Good. Software Description: - gst-plugins-good1.0: GStreamer plugins Details: It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-1920, CVE-2022-1921) It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: gstreamer1.0-plugins-good 1.16.3-0ubuntu1.1 Ubuntu 18.04 LTS: gstreamer1.0-plugins-good 1.14.5-0ubuntu1~18.04.3 Ubuntu 16.04 ESM: gstreamer1.0-plugins-good 1.8.3-1ubuntu0.5+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN--1 CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.16.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.14.5-0ubuntu1~18.04.3 signature.asc Description: PGP signature
[USN-5796-2] w3m vulnerability
== Ubuntu Security Notice USN-5796-2 January 10, 2023 w3m vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: w3m could be made to crash or run programs as your login if it opened a malicious website. Software Description: - w3m: WWW browsable pager with excellent tables/frames support Details: USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: w3m 0.5.3-15ubuntu0.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5796-2 https://ubuntu.com/security/notices/USN-5796-1 CVE-2022-38223 signature.asc Description: PGP signature
[USN-5761-2] ca-certificates update
== Ubuntu Security Notice USN-5761-2 December 06, 2022 ca-certificates update == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: A distrusted certificate authority has been removed from ca-certificates. Software Description: - ca-certificates: Common CA certificates Details: USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: ca-certificates 20211016~16.04.1~esm2 Ubuntu 14.04 ESM: ca-certificates 20211016~14.04.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5761-2 https://ubuntu.com/security/notices/USN-5761-1 https://launchpad.net/bugs/XX signature.asc Description: PGP signature
[USN-5760-1] libxml2 vulnerabilities
== Ubuntu Security Notice USN-5760-1 December 05, 2022 libxml2 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in libxml2. Software Description: - libxml2: GNOME XML library Details: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. (CVE-2022-2309) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2022-40303) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libxml2 2.9.14+dfsg-1ubuntu0.1 libxml2-utils 2.9.14+dfsg-1ubuntu0.1 Ubuntu 22.04 LTS: libxml2 2.9.13+dfsg-1ubuntu0.2 libxml2-utils 2.9.13+dfsg-1ubuntu0.2 Ubuntu 20.04 LTS: libxml2 2.9.10+dfsg-5ubuntu0.20.04.5 libxml2-utils 2.9.10+dfsg-5ubuntu0.20.04.5 Ubuntu 18.04 LTS: libxml2 2.9.4+dfsg1-6.1ubuntu1.8 libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5760-1 CVE-2022-2309, CVE-2022-40303, CVE-2022-40304 Package Information: https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.5 https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.8 signature.asc Description: PGP signature
[USN-5762-1] GNU binutils vulnerability
== Ubuntu Security Notice USN-5762-1 December 05, 2022 binutils vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: GNU binutils could be made to crash or execute arbitrary code if it received a specially crafted COFF file. Software Description: - binutils: GNU assembler, linker and binary utilities Details: It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: binutils2.39-3ubuntu1.1 binutils-multiarch 2.39-3ubuntu1.1 Ubuntu 22.04 LTS: binutils2.38-4ubuntu2.1 binutils-multiarch 2.38-4ubuntu2.1 Ubuntu 20.04 LTS: binutils2.34-6ubuntu1.4 binutils-multiarch 2.34-6ubuntu1.4 Ubuntu 18.04 LTS: binutils2.30-21ubuntu1~18.04.8 binutils-multiarch 2.30-21ubuntu1~18.04.8 Ubuntu 16.04 ESM: binutils2.26.1-1ubuntu1~16.04.8+esm5 binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5762-1 CVE-2022-38533 Package Information: https://launchpad.net/ubuntu/+source/binutils/2.39-3ubuntu1.1 https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.1 https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.4 https://launchpad.net/ubuntu/+source/binutils/2.30-21ubuntu1~18.04.8 signature.asc Description: PGP signature
[USN-5686-3] Git vulnerabilities
== Ubuntu Security Notice USN-5686-3 November 21, 2022 git vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 Summary: Several security issues were fixed in Git. Software Description: - git: fast, scalable, distributed revision control system Details: USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Original advisory details: Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. (CVE-2022-39253) Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution. (CVE-2022-39260) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: git 1:2.37.2-1ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5686-3 https://ubuntu.com/security/notices/USN-5686-1 CVE-2022-39253, CVE-2022-39260 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.1 signature.asc Description: PGP signature
[USN-5625-2] Mako vulnerability
== Ubuntu Security Notice USN-5625-2 November 15, 2022 mako vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 Summary: Mako could be made to denial of service if it received a specially crafted regular expression. Software Description: - mako: fast and lightweight templating for the Python platform Details: USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding updates for Ubuntu 22.10. Original advisory details: It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: python3-mako1.1.3+ds1-3ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5625-2 https://ubuntu.com/security/notices/USN-5625-1 CVE-2022-40023 Package Information: https://launchpad.net/ubuntu/+source/mako/1.1.3+ds1-3ubuntu2.1 signature.asc Description: PGP signature
[USN-5658-3] DHCP vulnerabilities
== Ubuntu Security Notice USN-5658-3 November 21, 2022 isc-dhcp vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in DHCP. Software Description: - isc-dhcp: DHCP server and client Details: USN-5658-1 fixed several vulnerabilities in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. (CVE-2022-2928) It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service. (CVE-2022-2929) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: isc-dhcp-client 4.2.4-7ubuntu12.13+esm2 isc-dhcp-server 4.2.4-7ubuntu12.13+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5658-3 https://ubuntu.com/security/notices/USN-5658-1 CVE-2022-2928, CVE-2022-2929 signature.asc Description: PGP signature