Ubuntu 6589 Published by

The following updates has been released for Ubuntu Linux:

USN-4055-1: flightcrew vulnerabilities
USN-4056-1: Exiv2 vulnerabilities
USN-4057-1: Zipios vulnerability



USN-4055-1: flightcrew vulnerabilities


==========================================================================
Ubuntu Security Notice USN-4055-1
July 15, 2019

flightcrew vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in FlightCrew.

Software Description:
- flightcrew: C++ epub validator and plugin for Sigil

Details:

Mike Salvatore discovered that FlightCrew improperly handled certain
malformed EPUB files. An attacker could potentially use this vulnerability
to cause a denial of service. (CVE-2019-13032)

Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB
files. An attacker could use this vulnerability to write arbitrary files to
the filesystem. (CVE-2019-13241)

Mike Salvatore discovered that the version of Zipios included in FlightCrew
mishandled certain malformed ZIP files. An attacker could use this vulnerability
to cause a denial of service or consume system resources. (CVE-2019-13453)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
flightcrew 0.7.2+dfsg-13ubuntu0.19.04.1
libflightcrew0v5 0.7.2+dfsg-13ubuntu0.19.04.1

Ubuntu 18.10:
flightcrew 0.7.2+dfsg-12ubuntu0.1
libflightcrew0v5 0.7.2+dfsg-12ubuntu0.1

Ubuntu 18.04 LTS:
flightcrew 0.7.2+dfsg-10ubuntu0.1
libflightcrew0v5 0.7.2+dfsg-10ubuntu0.1

Ubuntu 16.04 LTS:
flightcrew 0.7.2+dfsg-6ubuntu0.1
libflightcrew0v5 0.7.2+dfsg-6ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4055-1
CVE-2019-13032, CVE-2019-13241, CVE-2019-13453

Package Information:
https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-13ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-12ubuntu0.1
https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-10ubuntu0.1
https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-6ubuntu0.1

USN-4056-1: Exiv2 vulnerabilities


=========================================================================
Ubuntu Security Notice USN-4056-1
July 15, 2019

exiv2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Exiv2.

Software Description:
- exiv2: EXIF/IPTC/XMP metadata manipulation tool

Details:

It was discovered that Exiv2 incorrectly handled certain PSD files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-19107, CVE-2018-19108)

It was discovered that Exiv2 incorrectly handled certain PNG files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-19535, CVE-2019-13112)

It was discovered that Exiv2 incorrectly handled certain CRW files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2019-13110, CVE-2019-13113)

It was discovered that incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2019-13114)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
exiv2 0.25-4ubuntu1.1
libexiv2-14 0.25-4ubuntu1.1

Ubuntu 18.10:
exiv2 0.25-4ubuntu0.2
libexiv2-14 0.25-4ubuntu0.2

Ubuntu 18.04 LTS:
exiv2 0.25-3.1ubuntu0.18.04.3
libexiv2-14 0.25-3.1ubuntu0.18.04.3

Ubuntu 16.04 LTS:
exiv2 0.25-2.1ubuntu16.04.4
libexiv2-14 0.25-2.1ubuntu16.04.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4056-1
CVE-2018-19107, CVE-2018-19108, CVE-2018-19535, CVE-2019-13110,
CVE-2019-13112, CVE-2019-13113, CVE-2019-13114

Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.25-4ubuntu1.1
https://launchpad.net/ubuntu/+source/exiv2/0.25-4ubuntu0.2
https://launchpad.net/ubuntu/+source/exiv2/0.25-3.1ubuntu0.18.04.3
https://launchpad.net/ubuntu/+source/exiv2/0.25-2.1ubuntu16.04.4

USN-4057-1: Zipios vulnerability


==========================================================================
Ubuntu Security Notice USN-4057-1
July 15, 2019

Zipios vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Zipios could be made to crash or consume system resources if it received
specially crafted input.

Software Description:
- zipios++: small C++ library for reading zip files (development)

Details:

Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An
attacker could use this vulnerability to cause a denial of service or consume
system resources. (CVE-2019-13453)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libzipios++0v5 0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1

Ubuntu 18.10:
libzipios++0v5 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1

Ubuntu 18.04 LTS:
libzipios++0v5 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1

Ubuntu 16.04 LTS:
libzipios++0v5 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4057-1
CVE-2019-13453

Package Information:

https://launchpad.net/ubuntu/+source/zipios++/0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1

https://launchpad.net/ubuntu/+source/zipios++/0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1

https://launchpad.net/ubuntu/+source/zipios++/0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1

https://launchpad.net/ubuntu/+source/zipios++/0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1