The following security updates has been released for Ubuntu Linux:
USN-3863-1: APT vulnerability
USN-3863-2: APT vulnerability
USN-3864-1: LibTIFF vulnerabilities
USN-3865-1: poppler vulnerabilities
USN-3863-1: APT vulnerability
USN-3863-2: APT vulnerability
USN-3864-1: LibTIFF vulnerabilities
USN-3865-1: poppler vulnerabilities
USN-3863-1: APT vulnerability
==========================================================================
Ubuntu Security Notice USN-3863-1
January 22, 2019
apt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
An attacker could trick APT into installing altered packages.
Software Description:
- apt: Advanced front-end for dpkg
Details:
Max Justicz discovered that APT incorrectly handled certain parameters
during redirects. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to install
altered packages.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
apt 1.7.0ubuntu0.1
Ubuntu 18.04 LTS:
apt 1.6.6ubuntu0.1
Ubuntu 16.04 LTS:
apt 1.2.29ubuntu0.1
Ubuntu 14.04 LTS:
apt 1.0.1ubuntu2.19
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3863-1
CVE-2019-3462
Package Information:
https://launchpad.net/ubuntu/+source/apt/1.7.0ubuntu0.1
https://launchpad.net/ubuntu/+source/apt/1.6.6ubuntu0.1
https://launchpad.net/ubuntu/+source/apt/1.2.29ubuntu0.1
https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.19
USN-3863-2: APT vulnerability
==========================================================================
Ubuntu Security Notice USN-3863-2
January 22, 2019
apt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
An attacker could trick APT into installing altered packages.
Software Description:
- apt: Advanced front-end for dpkg
Details:
USN-3863-1 fixed a vulnerability in APT. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Max Justicz discovered that APT incorrectly handled certain parameters
during redirects. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to
install altered packages.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
apt 0.8.16~exp12ubuntu10.28
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3863-2
https://usn.ubuntu.com/usn/usn-3863-1
CVE-2019-3462
USN-3864-1: LibTIFF vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3864-1
January 22, 2019
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libtiff-tools 4.0.9-6ubuntu0.1
libtiff5 4.0.9-6ubuntu0.1
Ubuntu 18.04 LTS:
libtiff-tools 4.0.9-5ubuntu0.1
libtiff5 4.0.9-5ubuntu0.1
Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.5
libtiff5 4.0.6-1ubuntu0.5
Ubuntu 14.04 LTS:
libtiff-tools 4.0.3-7ubuntu0.10
libtiff5 4.0.3-7ubuntu0.10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3864-1
CVE-2018-10963, CVE-2018-17100, CVE-2018-17101, CVE-2018-18557,
CVE-2018-18661, CVE-2018-7456, CVE-2018-8905
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.9-6ubuntu0.1
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.1
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.5
https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.10
USN-3865-1: poppler vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3865-1
January 22, 2019
poppler vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in poppler.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20481, CVE-2018-20650)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libpoppler79 0.68.0-0ubuntu1.4
poppler-utils 0.68.0-0ubuntu1.4
Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.6
poppler-utils 0.62.0-2ubuntu2.6
Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.11
poppler-utils 0.41.0-0ubuntu1.11
Ubuntu 14.04 LTS:
libpoppler44 0.24.5-2ubuntu4.15
poppler-utils 0.24.5-2ubuntu4.15
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3865-1
CVE-2018-20481, CVE-2018-20650
Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.68.0-0ubuntu1.4
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.6
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.11
https://launchpad.net/ubuntu/+source/poppler/0.24.5-2ubuntu4.15
