The following updates has been released for Ubuntu Linux:
USN-3786-2: libxkbcommon vulnerabilities
USN-3809-1: OpenSSH vulnerabilities
USN-3810-1: ppp vulnerability
USN-3811-1: SpamAssassin vulnerabilities
USN-3786-2: libxkbcommon vulnerabilities
USN-3809-1: OpenSSH vulnerabilities
USN-3810-1: ppp vulnerability
USN-3811-1: SpamAssassin vulnerabilities
USN-3786-2: libxkbcommon vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3786-2
November 06, 2018
libxkbcommon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libxkbcommon.
Software Description:
- libxkbcommon: library interface to the XKB compiler - development
files
Details:
USN-3786-1 fixed several vulnerabilities in libxkbcommon. This
update provides the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that libxkbcommon incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-
15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861,
CVE-2018-15862, CVE-2018-15863, CVE-2018-15864)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libxkbcommon-x11-0 0.8.0-1ubuntu0.1
libxkbcommon0 0.8.0-1ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3786-2
https://usn.ubuntu.com/usn/usn-3786-1
CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856,
CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861,
CVE-2018-15862, CVE-2018-15863, CVE-2018-15864
Package Information:
https://launchpad.net/ubuntu/+source/libxkbcommon/0.8.0-1ubuntu0.1
USN-3809-1: OpenSSH vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3809-1
November 06, 2018
openssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenSSH.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
Robert Swiecki discovered that OpenSSH incorrectly handled certain
messages. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10708)
It was discovered that OpenSSH incorrectly handled certain requests.
An attacker could possibly use this issue to access sensitive
information. (CVE-2018-15473)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
openssh-server 1:7.6p1-4ubuntu0.1
Ubuntu 16.04 LTS:
openssh-server 1:7.2p2-4ubuntu2.6
Ubuntu 14.04 LTS:
openssh-server 1:6.6p1-2ubuntu2.11
In general, a standard system update will makVe all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3809-1
CVE-2016-10708, CVE-2018-15473
Package Information:
https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1
https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6
https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11
USN-3810-1: ppp vulnerability
==========================================================================
Ubuntu Security Notice USN-3810-1
November 06, 2018
ppp vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
ppp could be made to crash or bypass authentication if it received
specially crafted network traffic.
Software Description:
- ppp: Point-to-Point Protocol (PPP)
Details:
Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS
protocol. A remote attacker could use this issue to cause ppp to crash,
resulting in a denial of service, or possibly bypass authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
ppp 2.4.7-2+2ubuntu1.1
Ubuntu 16.04 LTS:
ppp 2.4.7-1+2ubuntu1.16.04.1
Ubuntu 14.04 LTS:
ppp 2.4.5-5.1ubuntu2.3
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3810-1
CVE-2018-11574
Package Information:
https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+2ubuntu1.1
https://launchpad.net/ubuntu/+source/ppp/2.4.7-1+2ubuntu1.16.04.1
https://launchpad.net/ubuntu/+source/ppp/2.4.5-5.1ubuntu2.3
USN-3811-1: SpamAssassin vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3811-1
November 06, 2018
spamassassin vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in SpamAssassin.
Software Description:
- spamassassin: Perl-based spam filter using text analysis
Details:
It was discovered that SpamAssassin incorrectly handled certain unclosed
tags in emails. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-15705)
It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-11780)
It was discovered that SpamAssassin incorrectly handled meta rule syntax. A
local attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-11781)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
spamassassin 3.4.2-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
spamassassin 3.4.2-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
spamassassin 3.4.2-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3811-1
CVE-2017-15705, CVE-2018-11780, CVE-2018-11781
Package Information:
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.14.04.1