Ubuntu 6591 Published by

The following updates has been released for Ubuntu Linux:

USN-4103-1: docker-credential-helpers vulnerability
USN-4103-2: Docker vulnerability
USN-4104-1: Nova vulnerability



USN-4103-1: docker-credential-helpers vulnerability

==========================================================================
Ubuntu Security Notice USN-4103-1
August 19, 2019

docker-credential-helpers vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04

Summary:

docker-credential-helpers could be made to crash or run programs as your login

Software Description:
- golang-github-docker-docker-credential-helpers: Use native stores to safeguard
Docker credentials

Details:

Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
golang-docker-credential-helpers 0.6.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4103-1
CVE-2019-1020014

Package Information:

https://launchpad.net/ubuntu/+source/golang-github-docker-docker-credential-helpers/0.6.1-1ubuntu0.1

USN-4103-2: Docker vulnerability

==========================================================================
Ubuntu Security Notice USN-4103-2
August 19, 2019

Docker vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Docker could be made to crash or run programs as your login.

Software Description:
- docker.io: Linux container runtime

Details:

Jasiel Spelman discovered that a double free existed in the docker-credential-
helpers dependency of Docker. A local attacker could use this to cause a denial
of service
(crash) or possibly execute arbitrary code.

Original advisory details:

Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.5

Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.4

Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4103-2
https://usn.ubuntu.com/4103-1
CVE-2019-1020014

Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.5
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.5

USN-4104-1: Nova vulnerability

=========================================================================
Ubuntu Security Notice USN-4104-1
August 19, 2019

nova vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Nova could be made to expose sensitive information.

Software Description:
- nova: OpenStack Compute cloud infrastructure

Details:

Donny Davis discovered that the Nova Compute service could return
configuration or other information in response to a failed API
request in some situations. A remote attacker could use this to expose
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
nova-compute 2:19.0.1-0ubuntu2.1
python3-nova 2:19.0.1-0ubuntu2.1

Ubuntu 18.04 LTS:
nova-compute 2:17.0.10-0ubuntu2.1
python-nova 2:17.0.10-0ubuntu2.1

Ubuntu 16.04 LTS:
nova-compute 2:13.1.4-0ubuntu4.5
python-nova 2:13.1.4-0ubuntu4.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4104-1
CVE-2019-14433

Package Information:
https://launchpad.net/ubuntu/+source/nova/2:19.0.1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nova/2:17.0.10-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nova/2:13.1.4-0ubuntu4.5