The following updates has been released for Ubuntu Linux:
USN-3726-1: Django vulnerability
USN-3727-1: Bouncy Castle vulnerabilities
USN-3728-1: libmspack vulnerabilities
USN-3726-1: Django vulnerability
USN-3727-1: Bouncy Castle vulnerabilities
USN-3728-1: libmspack vulnerabilities
USN-3726-1: Django vulnerability
==========================================================================
Ubuntu Security Notice USN-3726-1
August 01, 2018
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Django could be used as an open redirect.
Software Description:
- python-django: High-level Python web development framework
Details:
Andreas Hug discovered that Django contained an open redirect in
CommonMiddleware. A remote attacker could possibly use this issue to
perform phishing attacks.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python-django 1:1.11.11-1ubuntu1.1
python3-django 1:1.11.11-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3726-1
CVE-2018-14574
Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.1
USN-3727-1: Bouncy Castle vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3727-1
August 01, 2018
bouncycastle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Bouncy Castle.
Software Description:
- bouncycastle: Java implementation of cryptographic algorithms
Details:
It was discovered that Bouncy Castle incorrectly handled certain crypto
algorithms. A remote attacker could possibly use these issues to obtain
sensitive information, including private keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libbcmail-java 1.49+dfsg-2ubuntu0.1
libbcpg-java 1.49+dfsg-2ubuntu0.1
libbcpkix-java 1.49+dfsg-2ubuntu0.1
libbcprov-java 1.49+dfsg-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3727-1
CVE-2015-6644, CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000345,
CVE-2016-1000346
Package Information:
https://launchpad.net/ubuntu/+source/bouncycastle/1.49+dfsg-2ubuntu0.1
USN-3728-1: libmspack vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3728-1
August 01, 2018
libmspack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libmspack.
Software Description:
- libmspack: library for Microsoft compression formats
Details:
Hanno Böck discovered that libmspack incorrectly handled certain CHM
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14679, CVE-2018-14680)
Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14681)
Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14682)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libmspack0 0.6-3ubuntu0.1
Ubuntu 16.04 LTS:
libmspack0 0.5-1ubuntu0.16.04.2
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3728-1
CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682
Package Information:
https://launchpad.net/ubuntu/+source/libmspack/0.6-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.16.04.2
