[USN-5025-1] libsndfile vulnerability
== Ubuntu Security Notice USN-5025-1 July 29, 2021 libsndfile vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: libsndfile could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - libsndfile: Library for reading/writing audio files Details: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libsndfile1 1.0.31-1ubuntu1.1 sndfile-programs1.0.31-1ubuntu1.1 Ubuntu 20.04 LTS: libsndfile1 1.0.28-7ubuntu0.1 sndfile-programs1.0.28-7ubuntu0.1 Ubuntu 18.04 LTS: libsndfile1 1.0.28-4ubuntu0.18.04.2 sndfile-programs1.0.28-4ubuntu0.18.04.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5025-1 CVE-2021-3246 Package Information: https://launchpad.net/ubuntu/+source/libsndfile/1.0.31-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libsndfile/1.0.28-7ubuntu0.1 https://launchpad.net/ubuntu/+source/libsndfile/1.0.28-4ubuntu0.18.04.2 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-4944-2] MariaDB regression
== Ubuntu Security Notice USN-4944-2 July 28, 2021 mariadb-10.3 regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: USN-4944-1 caused a regression. Software Description: - mariadb-10.3: MariaDB database Details: USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Original advisory details: Ubuntu 20.04 has been updated to MariaDB 10.3.30. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: mariadb-server 1:10.3.30-0ubuntu0.20.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4944-2 https://ubuntu.com/security/notices/USN-4944-1 https://launchpad.net/bugs/1913676 Package Information: https://launchpad.net/ubuntu/+source/mariadb-10.3/1:10.3.30-0ubuntu0.20.04.1 signature.asc Description: PGP signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[USN-5024-1] WebKitGTK vulnerabilities
== Ubuntu Security Notice USN-5024-1 July 28, 2021 webkit2gtk vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.21.04.1 libwebkit2gtk-4.0-372.32.3-0ubuntu0.21.04.1 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.20.04.1 libwebkit2gtk-4.0-372.32.3-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-372.32.3-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5024-1 CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.3-0ubuntu0.21.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.3-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.3-0ubuntu0.18.04.1 OpenPGP_signature Description: OpenPGP digital signature -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
