Ubuntu 6589 Published by

The following updates has been released for Ubuntu Linux:

USN-3876-1: Avahi vulnerabilities
USN-3876-2: Avahi vulnerabilities
USN-3877-1: LibVNCServer vulnerabilities



USN-3876-1: Avahi vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3876-1
January 31, 2019

avahi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Avahi.

Software Description:
- avahi: Avahi IPv4LL network address configuration daemon

Details:

Chad Seaman discovered that Avahi incorrectly handled certain messages.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-6519, CVE-2018-1000845)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
avahi-daemon 0.7-4ubuntu2.1
libavahi-core7 0.7-4ubuntu2.1

Ubuntu 18.04 LTS:
avahi-daemon 0.7-3.1ubuntu1.2
libavahi-core7 0.7-3.1ubuntu1.2

Ubuntu 16.04 LTS:
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3
libavahi-core7 0.6.32~rc+dfsg-1ubuntu2.3

Ubuntu 14.04 LTS:
avahi-daemon 0.6.31-4ubuntu1.3
libavahi-core7 0.6.31-4ubuntu1.3

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3876-1
CVE-2017-6519, CVE-2018-1000845

Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu2.1
https://launchpad.net/ubuntu/+source/avahi/0.7-3.1ubuntu1.2
https://launchpad.net/ubuntu/+source/avahi/0.6.32~rc+dfsg-1ubuntu2.3
https://launchpad.net/ubuntu/+source/avahi/0.6.31-4ubuntu1.3

USN-3876-2: Avahi vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3876-2
January 31, 2019

avahi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Avahi.

Software Description:
- avahi: Avahi IPv4LL network address configuration daemon

Details:

USN-3876-1 fixed a vulnerability in Avahi. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Chad Seaman discovered that Avahi incorrectly handled certain
messages.
 An attacker could possibly use this issue to cause a denial of
service.
 (CVE-2017-6519, CVE-2018-1000845)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  avahi-daemon 0.6.30-5ubuntu2.3
  libavahi-core7 0.6.30-5ubuntu2.3

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3876-2
  https://usn.ubuntu.com/usn/usn-3876-1
  CVE-2017-6519, CVE-2018-1000845

USN-3877-1: LibVNCServer vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3877-1
January 31, 2019

libvncserver vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in LibVNCServer.

Software Description:
- libvncserver: vnc server library

Details:

It was discovered that LibVNCServer incorrectly handled certain operations.
A remote attacker able to connect to applications using LibVNCServer could
possibly use this issue to obtain sensitive information, cause a denial of
service, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
libvncclient1 0.9.11+dfsg-1.1ubuntu0.1
libvncserver1 0.9.11+dfsg-1.1ubuntu0.1

Ubuntu 18.04 LTS:
libvncclient1 0.9.11+dfsg-1ubuntu1.1
libvncserver1 0.9.11+dfsg-1ubuntu1.1

Ubuntu 16.04 LTS:
libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.3
libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.3

Ubuntu 14.04 LTS:
libvncserver0 0.9.9+dfsg-1ubuntu1.4

After a standard system update you need to restart LibVNCServer
applications to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3877-1
CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020,
CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024,
CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-6307

Package Information:
https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.4