Ubuntu 6581 Published by

The following updates has been released for Ubuntu Linux:

USN-3786-2: libxkbcommon vulnerabilities
USN-3809-1: OpenSSH vulnerabilities
USN-3810-1: ppp vulnerability
USN-3811-1: SpamAssassin vulnerabilities



USN-3786-2: libxkbcommon vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3786-2
November 06, 2018

libxkbcommon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in libxkbcommon.

Software Description:
- libxkbcommon: library interface to the XKB compiler - development
files

Details:

USN-3786-1 fixed several vulnerabilities in libxkbcommon. This
update provides the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that libxkbcommon incorrectly handled certain files.
 An attacker could possibly use this issue to cause a denial of
 service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-
 15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861,
 CVE-2018-15862, CVE-2018-15863, CVE-2018-15864)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libxkbcommon-x11-0 0.8.0-1ubuntu0.1
  libxkbcommon0 0.8.0-1ubuntu0.1

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3786-2
  https://usn.ubuntu.com/usn/usn-3786-1
  CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856,
  CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861,
  CVE-2018-15862, CVE-2018-15863, CVE-2018-15864

Package Information:
  https://launchpad.net/ubuntu/+source/libxkbcommon/0.8.0-1ubuntu0.1

USN-3809-1: OpenSSH vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3809-1
November 06, 2018

openssh vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSH.

Software Description:
- openssh: secure shell (SSH) for secure access to remote machines

Details:

Robert Swiecki discovered that OpenSSH incorrectly handled certain
messages. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10708)

It was discovered that OpenSSH incorrectly handled certain requests.
An attacker could possibly use this issue to access sensitive
information. (CVE-2018-15473)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  openssh-server 1:7.6p1-4ubuntu0.1

Ubuntu 16.04 LTS:
  openssh-server 1:7.2p2-4ubuntu2.6

Ubuntu 14.04 LTS:
  openssh-server 1:6.6p1-2ubuntu2.11

In general, a standard system update will makVe all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3809-1
  CVE-2016-10708, CVE-2018-15473

Package Information:
  https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1
  https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6
  https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11

USN-3810-1: ppp vulnerability


==========================================================================
Ubuntu Security Notice USN-3810-1
November 06, 2018

ppp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

ppp could be made to crash or bypass authentication if it received
specially crafted network traffic.

Software Description:
- ppp: Point-to-Point Protocol (PPP)

Details:

Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS
protocol. A remote attacker could use this issue to cause ppp to crash,
resulting in a denial of service, or possibly bypass authentication.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
ppp 2.4.7-2+2ubuntu1.1

Ubuntu 16.04 LTS:
ppp 2.4.7-1+2ubuntu1.16.04.1

Ubuntu 14.04 LTS:
ppp 2.4.5-5.1ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3810-1
CVE-2018-11574

Package Information:
https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+2ubuntu1.1
https://launchpad.net/ubuntu/+source/ppp/2.4.7-1+2ubuntu1.16.04.1
https://launchpad.net/ubuntu/+source/ppp/2.4.5-5.1ubuntu2.3

USN-3811-1: SpamAssassin vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3811-1
November 06, 2018

spamassassin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in SpamAssassin.

Software Description:
- spamassassin: Perl-based spam filter using text analysis

Details:

It was discovered that SpamAssassin incorrectly handled certain unclosed
tags in emails. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-15705)

It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-11780)

It was discovered that SpamAssassin incorrectly handled meta rule syntax. A
local attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-11781)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
spamassassin 3.4.2-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
spamassassin 3.4.2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
spamassassin 3.4.2-0ubuntu0.14.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3811-1
CVE-2017-15705, CVE-2018-11780, CVE-2018-11781

Package Information:
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.14.04.1