Ubuntu Security Notices

Recent content on Ubuntu security notices

USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,
Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL
incorrectly handled ECDSA signatures. An attacker could possibly use this
issue to perform a timing side-channel attack and recover private ECDSA
keys. (CVE-2019-1547)

Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain
applications incorrectly used OpenSSL and could be exposed to a padding
oracle attack. A remote attacker could possibly use this issue to decrypt
data. (CVE-2019-1559)

Bernd Edlinger discovered that OpenSSL incorrectly handled certain
decryption functions. In certain scenarios, a remote attacker could
possibly use this issue to perform a padding oracle attack and decrypt
traffic. (CVE-2019-1563)

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, or execute arbtirary code. (CVE-2020-12405,
CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420)

It was discovered that Thunderbird would continue an unencrypted
connection when configured to use STARTTLS for IMAP if the server
responded with PREAUTH. A remote attacker could potentially exploit
this to perform a person-in-the-middle attack in order to obtain
sensitive information. (CVE-2020-12398)

It was discovered that NSS showed timing differences when performing DSA
signatures. An attacker could potentially exploit this to obtain private
keys using a timing attack. (CVE-2020-12399)

It was discovered that when performing add-on updates, certificate chains
not terminating with built-in roots were silently rejected. This could
result in add-ons becoming outdated. (CVE-2020-12421)

David Hill and Eric Harney discovered that Cinder and os-brick incorrectly
handled ScaleIO backend credentials. An attacker could possibly use this issue to
expose sensitive information.
USN-4417-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.

It was discovered that a race condition existed in the Precision Time
Protocol (PTP) implementation in the Linux kernel, leading to a use-after-
free vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-10690)

Matthew Sheets discovered that the SELinux network label handling
implementation in the Linux kernel could be coerced into de-referencing a
NULL pointer. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2020-10711)

It was discovered that the SCSI generic (sg) driver in the Linux kernel did
not properly handle certain error conditions correctly. A local privileged
attacker could use this to cause a denial of service (system crash).
(CVE-2020-12770)

It was discovered that the USB Gadget device driver in the Linux kernel did
not validate arguments passed from configfs in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash) or possibly expose sensitive information. (CVE-2020-13143)

Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)

It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code.
Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.
Felix Dörre discovered that coTURN response buffer is not initialized properly.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2020-4067)

It was discovered that coTURN web server incorrectly handled HTTP POST requests.
An attacker could possibly use this issue to cause a denial of service, obtain
sensitive information or other unspecified impact.
(CVE-2020-6061, CVE-2020-6062)

Florian Weimer discovered that the GNU C Library incorrectly handled
certain memory operations. A remote attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-12133)

It was discovered that the GNU C Library incorrectly handled certain
SSE2-optimized memmove operations. A remote attacker could use this issue
to cause the GNU C Library to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-18269)

It was discovered that the GNU C Library incorrectly handled certain
pathname operations. A remote attacker could use this issue to cause the
GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-11236)

It was discovered that the GNU C Library incorrectly handled certain
AVX-512-optimized mempcpy operations. A remote attacker could use this
issue to cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-11237)

It was discovered that the GNU C Library incorrectly handled certain
hostname loookups. A remote attacker could use this issue to cause the GNU
C Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591)

Jakub Wilk discovered that the GNU C Library incorrectly handled certain
memalign functions. A remote attacker could use this issue to cause the GNU
C Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485)

It was discovered that the GNU C Library incorrectly ignored the
LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A
local attacker could use this issue to bypass ASLR restrictions.
(CVE-2019-19126)

It was discovered that the GNU C Library incorrectly handled certain
regular expressions. A remote attacker could possibly use this issue to
cause the GNU C Library to crash, resulting in a denial of service. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169)

It was discovered that the GNU C Library incorrectly handled certain
bit patterns. A remote attacker could use this issue to cause the GNU C
Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-10029)

It was discovered that the GNU C Library incorrectly handled certain
signal trampolines on PowerPC. A remote attacker could use this issue to
cause the GNU C Library to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-1751)

It was discovered that the GNU C Library incorrectly handled tilde
expansion. A remote attacker could use this issue to cause the GNU C
Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-1752)

It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of service
(system crash). (CVE-2019-16089)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19036,
CVE-2019-19318, CVE-2019-19813, CVE-2019-19816)

It was discovered that the btrfs implementation in the Linux kernel did not
properly detect that a block was marked dirty in some situations. An
attacker could use this to specially craft a file system image that, when
unmounted, could cause a denial of service (system crash). (CVE-2019-19377)

It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly check return values in some situations. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-19462)

Matthew Sheets discovered that the SELinux network label handling
implementation in the Linux kernel could be coerced into de-referencing a
NULL pointer. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2020-10711)

It was discovered that the SCSI generic (sg) driver in the Linux kernel did
not properly handle certain error conditions correctly. A local privileged
attacker could use this to cause a denial of service (system crash).
(CVE-2020-12770)

It was discovered that the USB Gadget device driver in the Linux kernel did
not validate arguments passed from configfs in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash) or possibly expose sensitive information. (CVE-2020-13143)

It was discovered that the efi subsystem in the Linux kernel did not handle
memory allocation failures during early boot in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-12380)

It was discovered that the btrfs file system in the Linux kernel in some
error conditions could report register information to the dmesg buffer. A
local attacker could possibly use this to expose sensitive information.
(CVE-2019-19039)