The following updates has been released for Ubuntu Linux:
USN-3938-1: systemd vulnerability
USN-3939-1: Samba vulnerability
USN-3939-2: Samba vulnerability
USN-3940-1: ClamAV vulnerabilities
USN-3940-2: ClamAV vulnerabilities
USN-3941-1: Lua vulnerability
USN-3942-1: OpenJDK 7 vulnerability
USN-3938-1: systemd vulnerability
USN-3939-1: Samba vulnerability
USN-3939-2: Samba vulnerability
USN-3940-1: ClamAV vulnerabilities
USN-3940-2: ClamAV vulnerabilities
USN-3941-1: Lua vulnerability
USN-3942-1: OpenJDK 7 vulnerability
USN-3938-1: systemd vulnerability
==========================================================================
Ubuntu Security Notice USN-3938-1
April 08, 2019
systemd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
The systemd PAM module could be used to gain additional PolicyKit
privileges.
Software Description:
- systemd: system and service manager
Details:
Jann Horn discovered that pam_systemd created logind sessions using some
parameters from the environment. A local attacker could exploit this in
order to spoof the active session and gain additional PolicyKit
privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libpam-systemd 239-7ubuntu10.12
Ubuntu 18.04 LTS:
libpam-systemd 237-3ubuntu10.19
Ubuntu 16.04 LTS:
libpam-systemd 229-4ubuntu21.21
Ubuntu 14.04 LTS:
libpam-systemd 204-5ubuntu20.31
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3938-1
CVE-2019-3842
Package Information:
https://launchpad.net/ubuntu/+source/systemd/239-7ubuntu10.12
https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.19
https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.21
https://launchpad.net/ubuntu/+source/systemd/204-5ubuntu20.31
USN-3939-1: Samba vulnerability
==========================================================================
Ubuntu Security Notice USN-3939-1
April 08, 2019
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Samba could be made to create files in unexpected locations.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Michael Hanselmann discovered that Samba incorrectly handled registry
files. A remote attacker could possibly use this issue to create new
registry files outside of the share, contrary to expectations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libsmbclient 2:4.8.4+dfsg-2ubuntu2.3
samba 2:4.8.4+dfsg-2ubuntu2.3
Ubuntu 18.04 LTS:
libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.9
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.9
Ubuntu 16.04 LTS:
libsmbclient 2:4.3.11+dfsg-0ubuntu0.16.04.19
samba 2:4.3.11+dfsg-0ubuntu0.16.04.19
Ubuntu 14.04 LTS:
libsmbclient 2:4.3.11+dfsg-0ubuntu0.14.04.20
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3939-1
CVE-2019-3880
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.8.4+dfsg-2ubuntu2.3
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.9
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.19
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.20
USN-3939-2: Samba vulnerability
==========================================================================
Ubuntu Security Notice USN-3939-2
April 08, 2019
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Samba could be made to create files in unexpected locations.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-3939-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Michael Hanselmann discovered that Samba incorrectly handled registry
files. A remote attacker could possibly use this issue to create new
registry files outside of the share, contrary to expectations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libsmbclient 2:3.6.25-0ubuntu0.12.04.17
samba 2:3.6.25-0ubuntu0.12.04.17
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3939-2
https://usn.ubuntu.com/usn/usn-3939-1
CVE-2019-3880
USN-3940-1: ClamAV vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3940-1
April 08, 2019
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ClamAV.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled scanning certain PDF
documents. A remote attacker could possibly use this issue to cause ClamAV
to crash, resulting in a denial of service. (CVE-2019-1787)
It was discovered that ClamAV incorrectly handled scanning certain OLE2
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2019-1788)
It was discovered that ClamAV incorrectly handled scanning certain PE
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2019-1789)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
clamav 0.100.3+dfsg-0ubuntu0.18.10.1
Ubuntu 18.04 LTS:
clamav 0.100.3+dfsg-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
clamav 0.100.3+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
clamav 0.100.3+dfsg-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3940-1
CVE-2019-1787, CVE-2019-1788, CVE-2019-1789
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.100.3+dfsg-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/clamav/0.100.3+dfsg-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/clamav/0.100.3+dfsg-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/clamav/0.100.3+dfsg-0ubuntu0.14.04.1
USN-3940-2: ClamAV vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3940-2
April 08, 2019
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
USN-3940-1 fixed several vulnerabilities in ClamAV. This update
provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled scanning certain PDF
documents. A remote attacker could possibly use this issue to cause
ClamAV to crash, resulting in a denial of service. (CVE-2019-1787)
It was discovered that ClamAV incorrectly handled scanning certain
OLE2 files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2019-1788)
It was discovered that ClamAV incorrectly handled scanning certain PE
files. A remote attacker could possibly use this issue to cause ClamAV
to crash, resulting in a denial of service. (CVE-2019-1789)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
clamav 0.100.3+dfsg-1ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3940-2
https://usn.ubuntu.com/usn/usn-3940-1
CVE-2019-1787, CVE-2019-1788, CVE-2019-1789
USN-3941-1: Lua vulnerability
==========================================================================
Ubuntu Security Notice USN-3941-1
April 08, 2019
lua5.3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Lua could be made to crash if it received a specially crafted script.
Software Description:
- lua5.3: Simple, extensible, embeddable programming language
Details:
Fady Othman discovered that Lua incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
lua5.3 5.3.3-1ubuntu0.18.10.1
Ubuntu 18.04 LTS:
lua5.3 5.3.3-1ubuntu0.18.04.1
Ubuntu 16.04 LTS:
lua5.3 5.3.1-1ubuntu2.1
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3941-1
CVE-2019-6706
Package Information:
https://launchpad.net/ubuntu/+source/lua5.3/5.3.3-1ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/lua5.3/5.3.3-1ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/lua5.3/5.3.1-1ubuntu2.1
USN-3942-1: OpenJDK 7 vulnerability
=========================================================================
Ubuntu Security Notice USN-3942-1
April 09, 2019
openjdk-7 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Java applets or applications could be made to expose sensitive
information.
Software Description:
- openjdk-7: Open Source Java implementation
Details:
It was discovered that a memory disclosure issue existed in the OpenJDK
Library subsystem. An attacker could use this to expose sensitive
information and possibly bypass Java sandbox restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
icedtea-7-jre-jamvm 7u211-2.6.17-0ubuntu0.1
openjdk-7-jdk 7u211-2.6.17-0ubuntu0.1
openjdk-7-jre 7u211-2.6.17-0ubuntu0.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3942-1
CVE-2019-2422
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u211-2.6.17-0ubuntu0.1