The following updates has been released for Ubuntu Linux:
USN-4078-2: OpenLDAP vulnerabilities
USN-4100-1: KConfig and KDE libraries vulnerabilities
USN-4102-1: LibreOffice vulnerabilities
USN-4078-2: OpenLDAP vulnerabilities
USN-4100-1: KConfig and KDE libraries vulnerabilities
USN-4102-1: LibreOffice vulnerabilities
USN-4078-2: OpenLDAP vulnerabilities
=========================================================================
Ubuntu Security Notice USN-4078-2
August 19, 2019
openldap vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: OpenLDAP utilities
Details:
USN-4078-1 fixed several vulnerabilities in openldap. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled rootDN delegation. A
database administrator could use this issue to request authorization as an
identity from another database, contrary to expectations. (CVE-2019-13057)
It was discovered that OpenLDAP incorrectly handled SASL authentication and
session encryption. After a first SASL bind was completed, it was possible
to obtain access by performing simple binds, contrary to expectations.
(CVE-2019-13565)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
slapd 2.4.31-1+nmu2ubuntu8.5+esm1
Ubuntu 12.04 ESM:
slapd 2.4.28-1.1ubuntu4.9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4078-2
https://usn.ubuntu.com/4078-1
CVE-2019-13057, CVE-2019-13565
USN-4100-1: KConfig and KDE libraries vulnerabilities
=========================================================================
Ubuntu Security Notice USN-4100-1
August 16, 2019
kconfig, kde4libs vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
KConfig and KDE libraries could be made to crash or run programs if it
opened a specially crafted file.
Software Description:
- kconfig: configuration settings framework for Qt
- kde4libs: KDE 4 core applications and libraries
Details:
It was discovered that KConfig and KDE libraries have a vulnerability
where an attacker could hide malicious code under desktop and
configuration files. (CVE-2019-14744)
It was discovered that KConfig allows remote attackers to write to
arbitrary files via a ../ in a filename in an archive file. (CVE-2016-6232)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libkdecore5 4:4.14.38-0ubuntu6.1
libkf5configcore5 5.56.0-0ubuntu1.1
Ubuntu 18.04 LTS:
libkdecore5 4:4.14.38-0ubuntu3.1
libkf5configcore5 5.44.0-0ubuntu1.1
Ubuntu 16.04 LTS:
libkdecore5 4:4.14.16-0ubuntu3.3
libkf5configcore5 5.18.0-0ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4100-1
CVE-2016-6232, CVE-2019-14744
Package Information:
https://launchpad.net/ubuntu/+source/kconfig/5.56.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/kde4libs/4:4.14.38-0ubuntu6.1
https://launchpad.net/ubuntu/+source/kconfig/5.44.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/kde4libs/4:4.14.38-0ubuntu3.1
https://launchpad.net/ubuntu/+source/kconfig/5.18.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/kde4libs/4:4.14.16-0ubuntu3.3
USN-4102-1: LibreOffice vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4102-1
August 19, 2019
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibreOffice.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly handled LibreLogo scripts.
If a user were tricked into opening a specially crafted document, a remote
attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850,
CVE-2019-9851)
It was discovered that LibreOffice incorrectly handled embedded scripts in
document files. If a user were tricked into opening a specially crafted
document, a remote attacker could possibly execute arbitrary code.
(CVE-2019-9852)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libreoffice-core 1:6.2.6-0ubuntu0.19.04.1
Ubuntu 18.04 LTS:
libreoffice-core 1:6.0.7-0ubuntu0.18.04.9
Ubuntu 16.04 LTS:
libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial9
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
https://usn.ubuntu.com/4102-1
CVE-2019-9850, CVE-2019-9851, CVE-2019-9852
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.2.6-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libreoffice/1:6.0.7-0ubuntu0.18.04.9
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial9
