Assets 3

Notably, this release addresses:

USN-3741-2 USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities:

  • CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
  • CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
  • CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
  • CVE-2018-5391: Remote denial of service via improper IP fragment handling
-ii  linux-libc-dev:amd64  3.13.0-153.203  amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64  3.13.0-155.205  amd64  Linux Kernel Headers for development

@cf-buildpacks-eng cf-buildpacks-eng released this Aug 15, 2018 · 1 commit to master since this release

Assets 3

Notably, this release addresses:

USN-3739-1 USN-3739-1: libxml2 vulnerabilities:

  • CVE-2016-9318: libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
  • CVE-2017-16932: parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
  • CVE-2017-18258: The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
  • CVE-2018-14404: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
  • CVE-2018-14567: infinite loop in LZMA decompression
-ii  libxml2:amd64     2.9.1+dfsg1-3ubuntu4.12  amd64  GNOME XML library
-ii  libxml2-dev:amd64 2.9.1+dfsg1-3ubuntu4.12  amd64  Development files for the GNOME XML library
+ii  libxml2:amd64     2.9.1+dfsg1-3ubuntu4.13  amd64  GNOME XML library
+ii  libxml2-dev:amd64 2.9.1+dfsg1-3ubuntu4.13  amd64  Development files for the GNOME XML library

@cf-buildpacks-eng cf-buildpacks-eng released this Aug 14, 2018 · 2 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3736-1 USN-3736-1: libarchive vulnerabilities:

  • CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
  • CVE-2016-10349: The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
  • CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
  • CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
  • CVE-2017-14501: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
  • CVE-2017-14503: libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
-ii  libarchive13:amd64  3.1.2-7ubuntu2.4  amd64  Multi-format archive and compression library (shared library)
+ii  libarchive13:amd64  3.1.2-7ubuntu2.6  amd64  Multi-format archive and compression library (shared library)

@cf-buildpacks-eng cf-buildpacks-eng released this Aug 14, 2018 · 3 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3733-1 USN-3733-1: GnuPG vulnerability:

  • CVE-2017-7526: libgcrypt before version 1.7.8 and gnupg before version 1.4.22 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

USN-3729-1 USN-3729-1: libxcursor vulnerability:

  • CVE-2015-9262: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

USN-3721-1 USN-3721-1: Apache Ant vulnerability:

  • CVE-2018-10886: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.
-ii  gnupg                  1.4.16-1ubuntu2.5         amd64 GNU privacy guard - a free PGP replacement
-ii  gnupg-curl             1.4.16-1ubuntu2.5         amd64 GNU privacy guard - a free PGP replacement (cURL)
-ii  gpgv                   1.4.16-1ubuntu2.5         amd64 GNU privacy guard - signature verification tool
+ii  gnupg                  1.4.16-1ubuntu2.6         amd64 GNU privacy guard - a free PGP replacement
+ii  gnupg-curl             1.4.16-1ubuntu2.6         amd64 GNU privacy guard - a free PGP replacement (cURL)
+ii  gpgv                   1.4.16-1ubuntu2.6         amd64 GNU privacy guard - signature verification tool
-rc  libmysqlclient18:amd64 5.5.60-0ubuntu0.14.04.1   amd64 MySQL database client library
+rc  libmysqlclient18:amd64 5.5.61-0ubuntu0.14.04.1   amd64 MySQL database client library
-ii  libxcursor1:amd64      1:1.1.14-1ubuntu0.14.04.1 amd64 X cursor management library
+ii  libxcursor1:amd64      1:1.1.14-1ubuntu0.14.04.2 amd64 X cursor management library
-ii  mysql-common           5.5.60-0ubuntu0.14.04.1   all   MySQL database common files, e.g. /etc/mysql/my.cnf
+ii  mysql-common           5.5.61-0ubuntu0.14.04.1   all   MySQL database common files, e.g. /etc/mysql/my.cnf
-ii  zlib1g:amd64           1:1.2.8.dfsg-1ubuntu1     amd64 compression library - runtime
-ii  zlib1g-dev:amd64       1:1.2.8.dfsg-1ubuntu1     amd64 compression library - development
+ii  zlib1g:amd64           1:1.2.8.dfsg-1ubuntu1.1   amd64 compression library - runtime
+ii  zlib1g-dev:amd64       1:1.2.8.dfsg-1ubuntu1.1   amd64 compression library - development

@cf-buildpacks-eng cf-buildpacks-eng released this Jul 13, 2018 · 4 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3713-1 USN-3713-1: CUPS vulnerabilities:

  • CVE-2017-18248: The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
  • CVE-2018-4180: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
  • CVE-2018-4181: Limited Local File Reads as Root via cupsd.conf Include Directive
  • CVE-2018-6553: AppArmor cupsd Sandbox Bypass Due to Use of Hard Links
-ii  libcups2:amd64  1.7.2-0ubuntu1.9  amd64  Common UNIX Printing System(tm) - Core library
+ii  libcups2:amd64  1.7.2-0ubuntu1.10 amd64  Common UNIX Printing System(tm) - Core library

@cf-buildpacks-eng cf-buildpacks-eng released this Jul 12, 2018 · 5 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3712-1 USN-3712-1: libpng vulnerabilities:

  • CVE-2016-10087: The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
  • CVE-2018-13785: In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
-ii  libpng12-0:amd64 1.2.50-1ubuntu2.14.04.2  amd64  PNG library - runtime
-ii  libpng12-dev     1.2.50-1ubuntu2.14.04.2  amd64  PNG library - development
+ii  libpng12-0:amd64 1.2.50-1ubuntu2.14.04.3  amd64  PNG library - runtime
+ii  libpng12-dev     1.2.50-1ubuntu2.14.04.3  amd64  PNG library - development

@cf-buildpacks-eng cf-buildpacks-eng released this Jul 11, 2018 · 6 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3711-1 USN-3711-1: ImageMagick vulnerabilities:

  • CVE-2018-12599: In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
  • CVE-2018-12600: In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
  • CVE-2018-13153: In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
-ii  imagemagick                8:6.7.7.10-6ubuntu3.11  amd64 image manipulation programs
-ii  imagemagick-common         8:6.7.7.10-6ubuntu3.11  all   image manipulation programs -- infrastructure
+ii  imagemagick                8:6.7.7.10-6ubuntu3.12  amd64 image manipulation programs
+ii  imagemagick-common         8:6.7.7.10-6ubuntu3.12  all   image manipulation programs -- infrastructure
-ii  libmagickcore-dev          8:6.7.7.10-6ubuntu3.11  amd64 low-level image manipulation library - development files
-ii  libmagickcore5:amd64       8:6.7.7.10-6ubuntu3.11  amd64 low-level image manipulation library
-ii  libmagickcore5-extra:amd64 8:6.7.7.10-6ubuntu3.11  amd64 low-level image manipulation library - extra codecs
-ii  libmagickwand-dev          8:6.7.7.10-6ubuntu3.11  amd64 image manipulation library - development files
-ii  libmagickwand5:amd64       8:6.7.7.10-6ubuntu3.11  amd64 image manipulation library
+ii  libmagickcore-dev          8:6.7.7.10-6ubuntu3.12  amd64 low-level image manipulation library - development files
+ii  libmagickcore5:amd64       8:6.7.7.10-6ubuntu3.12  amd64 low-level image manipulation library
+ii  libmagickcore5-extra:amd64 8:6.7.7.10-6ubuntu3.12  amd64 low-level image manipulation library - extra codecs
+ii  libmagickwand-dev          8:6.7.7.10-6ubuntu3.12  amd64 image manipulation library - development files
+ii  libmagickwand5:amd64       8:6.7.7.10-6ubuntu3.12  amd64 image manipulation library

@cf-buildpacks-eng cf-buildpacks-eng released this Jul 10, 2018 · 7 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3707-1 USN-3707-1: NTP vulnerabilities:

  • CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
  • CVE-2018-7183: Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
  • CVE-2018-7184: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
  • CVE-2018-7185: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

USN-3706-1 USN-3706-1: libjpeg-turbo vulnerabilities:

  • CVE-2014-9092: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
  • CVE-2016-3616: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
  • CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
  • CVE-2018-11212: An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
  • CVE-2018-11213: An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
  • CVE-2018-11214: An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
  • CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
-ii  libjpeg-turbo8:amd64     1.3.0-0ubuntu2                    amd64  IJG JPEG compliant runtime library.
-ii  libjpeg-turbo8-dev:amd64 1.3.0-0ubuntu2                    amd64  Development files for the IJG JPEG library
+ii  libjpeg-turbo8:amd64     1.3.0-0ubuntu2.1                  amd64  IJG JPEG compliant runtime library.
+ii  libjpeg-turbo8-dev:amd64 1.3.0-0ubuntu2.1                  amd64  Development files for the IJG JPEG library
-ii  ntpdate                  1:4.2.6.p5+dfsg-3ubuntu2.14.04.12 amd64  client for setting system time from NTP servers
+ii  ntpdate                  1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 amd64  client for setting system time from NTP servers

@cf-buildpacks-eng cf-buildpacks-eng released this Jul 5, 2018 · 8 commits to master since this release

Assets 3
-ii  linux-libc-dev:amd64  3.13.0-151.201  amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64  3.13.0-153.203  amd64  Linux Kernel Headers for development

@cf-buildpacks-eng cf-buildpacks-eng released this Jun 28, 2018 · 9 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3693-1 USN-3693-1: JasPer vulnerabilities:

  • CVE-2015-5203: Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
  • CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
  • CVE-2016-10248: The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
  • CVE-2016-10250: The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
  • CVE-2016-8883: The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
  • CVE-2016-8887: The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
  • CVE-2016-9262: Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
  • CVE-2016-9387: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
  • CVE-2016-9388: The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
  • CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
  • CVE-2016-9390: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
  • CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
  • CVE-2016-9392: The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
  • CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
  • CVE-2016-9394: The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
  • CVE-2016-9396: The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
  • CVE-2016-9600: JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
  • CVE-2017-1000050: JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
  • CVE-2017-6850: The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
-ii  libjasper-dev    1.900.1-14ubuntu3.4  amd64  Development files for the JasPer JPEG-2000 library
-ii  libjasper1:amd64 1.900.1-14ubuntu3.4  amd64  JasPer JPEG-2000 runtime library
+ii  libjasper-dev    1.900.1-14ubuntu3.5  amd64  Development files for the JasPer JPEG-2000 library
+ii  libjasper1:amd64 1.900.1-14ubuntu3.5  amd64  JasPer JPEG-2000 runtime library