Ubuntu 6590 Published by

The following updates has been released for Ubuntu Linux:

USN-3658-2: procps-ng vulnerabilities
This address two security issues: 1) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute
 arbitrary code. (CVE-2018-1124). 2) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or
 possibly execute arbitrary code. (CVE-2018-1126)

This update is available for Ubuntu Linux 12.04 ESM

USN-3671-1: Git vulnerabilities
This address twe security issues: 1) A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. (CVE-2018-11235). 2) An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233)

This update is available for Ubuntu Linux 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS

USN-3672-1: Liblouis vulnerabilities
Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.

This update is available for Ubuntu Linux 14.04 LTS, 16.04 LTS, 17.10, and 18.04 LTS



USN-3658-2: procps-ng vulnerabilities



==========================================================================
Ubuntu Security Notice USN-3658-2
June 05, 2018

procps vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in procps-ng.

Software Description:
- procps: /proc file system utilities

Details:

USN-3658-1 fixed a vulnerability in procps-ng. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that libprocps incorrectly handled the file2strvec()
 function. A local attacker could possibly use this to execute
 arbitrary code. (CVE-2018-1124)

 It was discovered that procps-ng incorrectly handled memory. A local
 attacker could use this issue to cause a denial of service, or
 possibly execute arbitrary code. (CVE-2018-1126)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  procps 1:3.2.8-11ubuntu6.5

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3658-2
  https://usn.ubuntu.com/usn/usn-3658-1
  CVE-2018-1124, CVE-2018-1126

USN-3671-1: Git vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3671-1
June 05, 2018

git vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Git.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

Etienne Stalmans discovered that git did not properly validate git
submodules files. A remote attacker could possibly use this to craft a
git repo that causes arbitrary code execution when "git clone
--recurse-submodules" is used. (CVE-2018-11235)

It was discovered that an integer overflow existed in git's pathname
sanity checking code when used on NTFS filesystems. An attacker could
use this to cause a denial of service or expose sensitive information.
(CVE-2018-11233)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
git 1:2.17.1-1ubuntu0.1

Ubuntu 17.10:
git 1:2.14.1-1ubuntu4.1

Ubuntu 16.04 LTS:
git 1:2.7.4-0ubuntu1.4

Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3671-1
CVE-2018-11233, CVE-2018-11235

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/git/1:2.14.1-1ubuntu4.1
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.4
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.8

USN-3672-1: Liblouis vulnerabilities

==========================================================================
Ubuntu Security Notice USN-3672-1
June 06, 2018

liblouis vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Liblouis.

Software Description:
- liblouis: Braille translation library - utilities

Details:

Henri Salo discovered that Liblouis incorrectly handled certain files.
An attacker could possibly use this to execute arbitrary code.
(CVE-2018-11683, CVE-2018-11684, CVE-2018-11685)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
liblouis-bin 3.5.0-1ubuntu0.2
liblouis14 3.5.0-1ubuntu0.2

Ubuntu 17.10:
liblouis-bin 3.0.0-3ubuntu1.2
liblouis12 3.0.0-3ubuntu1.2

Ubuntu 16.04 LTS:
liblouis-bin 2.6.4-2ubuntu0.3
liblouis9 2.6.4-2ubuntu0.3

Ubuntu 14.04 LTS:
liblouis-bin 2.5.3-2ubuntu1.4
liblouis2 2.5.3-2ubuntu1.4

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3672-1
CVE-2018-11683, CVE-2018-11684, CVE-2018-11685

Package Information:
https://launchpad.net/ubuntu/+source/liblouis/3.5.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/liblouis/3.0.0-3ubuntu1.2
https://launchpad.net/ubuntu/+source/liblouis/2.6.4-2ubuntu0.3
https://launchpad.net/ubuntu/+source/liblouis/2.5.3-2ubuntu1.4