The following updates has been released for Ubuntu Linux:
USN-3710-1: curl vulnerability
USN-3711-1: ImageMagick vulnerabilities
USN-3712-1: libpng vulnerabilities
USN-3712-2: libpng vulnerability
USN-3713-1: CUPS vulnerabilities
USN-3710-1: curl vulnerability
USN-3711-1: ImageMagick vulnerabilities
USN-3712-1: libpng vulnerabilities
USN-3712-2: libpng vulnerability
USN-3713-1: CUPS vulnerabilities
USN-3710-1: curl vulnerability
==========================================================================
Ubuntu Security Notice USN-3710-1
July 11, 2018
curl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
Summary:
curl could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A
remote attacker could use this issue to cause curl to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.2
libcurl3-gnutls 7.58.0-2ubuntu3.2
libcurl3-nss 7.58.0-2ubuntu3.2
libcurl4 7.58.0-2ubuntu3.2
Ubuntu 17.10:
curl 7.55.1-1ubuntu2.6
libcurl3 7.55.1-1ubuntu2.6
libcurl3-gnutls 7.55.1-1ubuntu2.6
libcurl3-nss 7.55.1-1ubuntu2.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3710-1
CVE-2018-0500
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.2
https://launchpad.net/ubuntu/+source/curl/7.55.1-1ubuntu2.6
USN-3711-1: ImageMagick vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3711-1
July 11, 2018
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.3
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.3
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.3
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.3
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.3
Ubuntu 17.10:
imagemagick 8:6.9.7.4+dfsg-16ubuntu2.3
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu2.3
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu2.3
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu2.3
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu2.3
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.12
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.12
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.12
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.12
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.12
Ubuntu 14.04 LTS:
imagemagick 8:6.7.7.10-6ubuntu3.12
libmagick++5 8:6.7.7.10-6ubuntu3.12
libmagickcore5 8:6.7.7.10-6ubuntu3.12
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.12
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3711-1
CVE-2018-12599, CVE-2018-12600, CVE-2018-13153
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.3
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu2.3
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.12
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.12
USN-3712-1: libpng vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3712-1
July 11, 2018
libpng, libpng1.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libpng.
Software Description:
- libpng1.6: PNG library - development (version 1.6)
- libpng: PNG (Portable Network Graphics) file library
Details:
Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10087)
Thuan Pham discovered that libpng incorrectly handled certain PNG
files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.
(CVE-2018-13785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libpng16-16 1.6.34-1ubuntu0.18.04.1
Ubuntu 17.10:
libpng16-16 1.6.34-1ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libpng12-0 1.2.54-1ubuntu1.1
Ubuntu 14.04 LTS:
libpng12-0 1.2.50-1ubuntu2.14.04.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3712-1
CVE-2016-10087, CVE-2018-13785
Package Information:
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/libpng/1.2.54-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.3
USN-3712-2: libpng vulnerability
==========================================================================
Ubuntu Security Notice USN-3712-2
July 11, 2018
libpng vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
libpng could be made to crash if it received a specially crafted file.
Software Description:
- libpng: PNG (Portable Network Graphics) file library
Details:
USN-3712-1 fixed a vulnerability in libpng. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libpng12-0 1.2.46-3ubuntu4.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3712-2
https://usn.ubuntu.com/usn/usn-3712-1
CVE-2016-10087
USN-3713-1: CUPS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3713-1
July 11, 2018
cups vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in CUPS.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
It was discovered that CUPS incorrectly handled certain print jobs with
invalid usernames. A remote attacker could possibly use this issue to cause
CUPS to crash, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248)
Dan Bastone discovered that the CUPS dnssd backend incorrectly handled
certain environment variables. A local attacker could possibly use this
issue to escalate privileges. (CVE-2018-4180)
Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled
certain include directives. A local attacker could possibly use this issue
to read arbitrary files. (CVE-2018-4181)
Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined
the dnssd backend. A local attacker could possibly use this issue to escape
confinement. (CVE-2018-6553)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
cups 2.2.7-1ubuntu2.1
Ubuntu 17.10:
cups 2.2.4-7ubuntu3.1
Ubuntu 16.04 LTS:
cups 2.1.3-4ubuntu0.5
Ubuntu 14.04 LTS:
cups 1.7.2-0ubuntu1.10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3713-1
CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1
https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1
https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5
https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10
