-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
14b70f1
commit a8b5762
Showing
21 changed files
with
700 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| [GLOBAL] | ||
| jellyfishversion = 2 | ||
|
|
||
| [USN-3722-5] | ||
| vuln-name = "USN-3722-5" | ||
| vuln-primary-link = "https://usn.ubuntu.com/3722-5/" | ||
| vuln-priority = 4 | ||
| vuln-additional-links = {'USN-3722-1': 'https://usn.ubuntu.com/usn/usn-3722-1', 'LP: 1792051': 'https://launchpad.net/bugs/1792051'} | ||
| vuln-short-description = "USN-3722-1 introduced a regression in ClamAV." | ||
| vuln-long-description = USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an | ||
| issue which caused dpkg-reconfigure to enter an infinite loop. This update | ||
| fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP | ||
| files. A remote attacker could use this issue to cause ClamAV to hang, | ||
| resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF | ||
| files. A remote attacker could use this issue to cause ClamAV to hang, | ||
| resulting in a denial of service. (CVE-2018-0361) Update instructions The problem can be corrected by updating your system to the following package versions: | ||
| Ubuntu 18.04 LTS | ||
| clamav - 0.100.1+dfsg-1ubuntu0.18.04.3 | ||
| Ubuntu 16.04 LTS | ||
| clamav - 0.100.1+dfsg-1ubuntu0.16.04.3 | ||
| Ubuntu 14.04 LTS | ||
| clamav - 0.100.1+dfsg-1ubuntu0.14.04.4 | ||
| To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References | ||
| USN-3722-1 | ||
| LP: 1792051 | ||
|
|
||
| comparisons = {'bionic-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['clamav', 'clamav:amd64'], 'comparison-match-value': ['0.100.1+dfsg-1ubuntu0.18.04.3', '0.100.1+dfsg-1ubuntu0.18.04.3']}, 'xenial-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['clamav', 'clamav:amd64'], 'comparison-match-value': ['0.100.1+dfsg-1ubuntu0.16.04.3', '0.100.1+dfsg-1ubuntu0.16.04.3']}, 'trusty-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['clamav', 'clamav:amd64'], 'comparison-match-value': ['0.100.1+dfsg-1ubuntu0.14.04.4', '0.100.1+dfsg-1ubuntu0.14.04.4']}} | ||
| filters = {'bionic-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['bionic']}, 'xenial-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['xenial']}, 'trusty-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['trusty']}} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| [GLOBAL] | ||
| jellyfishversion = 2 | ||
|
|
||
| [USN-3722-6] | ||
| vuln-name = "USN-3722-6" | ||
| vuln-primary-link = "https://usn.ubuntu.com/3722-6/" | ||
| vuln-priority = 4 | ||
| vuln-additional-links = {'USN-3722-1': 'https://usn.ubuntu.com/usn/usn-3722-1', 'LP: 1792051': 'https://launchpad.net/bugs/1792051'} | ||
| vuln-short-description = "USN-3722-1 introduced a regression in ClamAV." | ||
| vuln-long-description = USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an | ||
| issue which caused dpkg-reconfigure to enter an infinite loop. This update | ||
| fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP | ||
| files. A remote attacker could use this issue to cause ClamAV to hang, | ||
| resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF | ||
| files. A remote attacker could use this issue to cause ClamAV to hang, | ||
| resulting in a denial of service. (CVE-2018-0361) Update instructions The problem can be corrected by updating your system to the following package versions: | ||
| Ubuntu 12.04 ESM | ||
| clamav - 0.100.1+dfsg-1ubuntu0.12.04.4 | ||
| To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References | ||
| USN-3722-1 | ||
| LP: 1792051 | ||
|
|
||
| comparisons = {'precise-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['clamav', 'clamav:amd64'], 'comparison-match-value': ['0.100.1+dfsg-1ubuntu0.12.04.4', '0.100.1+dfsg-1ubuntu0.12.04.4']}} | ||
| filters = {'precise-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['precise']}} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| [GLOBAL] | ||
| jellyfishversion = 2 | ||
|
|
||
| [USN-3747-2] | ||
| vuln-name = "USN-3747-2" | ||
| vuln-primary-link = "https://usn.ubuntu.com/3747-2/" | ||
| vuln-priority = 4 | ||
| vuln-additional-links = {'USN-3747-1': 'https://usn.ubuntu.com/usn/usn-3747-1', 'LP: 1788250': 'https://launchpad.net/bugs/1788250'} | ||
| vuln-short-description = "USN-3747-1 introduced a regression in OpenJDK 10." | ||
| vuln-long-description = USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. | ||
| Unfortunately, that update introduced a regression around accessability | ||
| support that prevented some Java applications from starting. | ||
| This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK did not properly validate types in some | ||
| situations. An attacker could use this to construct a Java class that could | ||
| possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not | ||
| properly validate arguments passed to it. An attacker could use this to | ||
| potentially construct a class that caused a denial of service (excessive | ||
| memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode | ||
| (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker | ||
| could use this to expose sensitive information. (CVE-2018-2972) Update instructions The problem can be corrected by updating your system to the following package versions: | ||
| Ubuntu 18.04 LTS | ||
| openjdk-11-jdk - 10.0.2+13-1ubuntu0.18.04.2 | ||
| openjdk-11-jdk-headless - 10.0.2+13-1ubuntu0.18.04.2 | ||
| openjdk-11-jre - 10.0.2+13-1ubuntu0.18.04.2 | ||
| openjdk-11-jre-headless - 10.0.2+13-1ubuntu0.18.04.2 | ||
| openjdk-11-jre-zero - 10.0.2+13-1ubuntu0.18.04.2 | ||
| To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug | ||
| fixes. After a standard system update you need to restart any Java | ||
| applications or applets to make all the necessary changes. References | ||
| USN-3747-1 | ||
| LP: 1788250 | ||
|
|
||
| comparisons = {'bionic-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['openjdk-11-jre-zero', 'openjdk-11-jre-zero:amd64'], 'comparison-match-value': ['10.0.2+13-1ubuntu0.18.04.2', '10.0.2+13-1ubuntu0.18.04.2']}} | ||
| filters = {'bionic-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['bionic']}} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| [GLOBAL] | ||
| jellyfishversion = 2 | ||
|
|
||
| [USN-3760-1] | ||
| vuln-name = "USN-3760-1" | ||
| vuln-primary-link = "https://usn.ubuntu.com/3760-1/" | ||
| vuln-priority = 3 | ||
| vuln-additional-links = {'CVE-2018-16140_(Medium)': 'https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16140'} | ||
| vuln-short-description = "transfig could be made to execute arbitrary code if it received a | ||
| specially crafted FIG file." | ||
| vuln-long-description = It was discovered that transfig incorrectly handled certain FIG files. | ||
| An attacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: | ||
| Ubuntu 16.04 LTS | ||
| transfig - 1:3.2.5.e-5ubuntu0.1 | ||
| Ubuntu 14.04 LTS | ||
| transfig - 1:3.2.5.e-1ubuntu1.1 | ||
| To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References | ||
| CVE-2018-16140 | ||
|
|
||
| comparisons = {'xenial-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['transfig', 'transfig:amd64'], 'comparison-match-value': ['1:3.2.5.e-5ubuntu0.1', '1:3.2.5.e-5ubuntu0.1']}, 'trusty-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['transfig', 'transfig:amd64'], 'comparison-match-value': ['1:3.2.5.e-1ubuntu1.1', '1:3.2.5.e-1ubuntu1.1']}} | ||
| filters = {'xenial-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['xenial']}, 'trusty-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['trusty']}} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| [GLOBAL] | ||
| jellyfishversion = 2 | ||
|
|
||
| [USN-3761-1] | ||
| vuln-name = "USN-3761-1" | ||
| vuln-primary-link = "https://usn.ubuntu.com/3761-1/" | ||
| vuln-priority = 3 | ||
| vuln-additional-links = {'CVE-2018-12375_(Medium)': 'https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12375', 'CVE-2018-12376_(Medium)': 'https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12376', 'CVE-2018-12377_(Medium)': 'https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12377', 'CVE-2018-12378_(Medium)': 'https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12378', 'CVE-2018-12383_(Medium)': 'https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12383'} | ||
| vuln-short-description = "Firefox could be made to crash or run programs as your login if it | ||
| opened a malicious website." | ||
| vuln-long-description = Multiple security issues were discovered in Firefox. If a user were | ||
| tricked in to opening a specially crafted website, an attacker could | ||
| potentially exploit these to cause a denial of service, or execute | ||
| arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, | ||
| CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and | ||
| then later set a master password, an unencrypted copy of these passwords | ||
| would still be accessible. A local user could exploit this to obtain | ||
| sensitive information. (CVE-2018-12383) Update instructions The problem can be corrected by updating your system to the following package versions: | ||
| Ubuntu 18.04 LTS | ||
| firefox - 62.0+build2-0ubuntu0.18.04.3 | ||
| Ubuntu 16.04 LTS | ||
| firefox - 62.0+build2-0ubuntu0.16.04.3 | ||
| Ubuntu 14.04 LTS | ||
| firefox - 62.0+build2-0ubuntu0.14.04.3 | ||
| To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to make | ||
| all the necessary changes. References | ||
| CVE-2018-12375 | ||
| CVE-2018-12376 | ||
| CVE-2018-12377 | ||
| CVE-2018-12378 | ||
| CVE-2018-12383 | ||
|
|
||
| comparisons = {'bionic-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['firefox', 'firefox:amd64'], 'comparison-match-value': ['62.0+build2-0ubuntu0.18.04.3', '62.0+build2-0ubuntu0.18.04.3']}, 'xenial-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['firefox', 'firefox:amd64'], 'comparison-match-value': ['62.0+build2-0ubuntu0.16.04.3', '62.0+build2-0ubuntu0.16.04.3']}, 'trusty-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['firefox', 'firefox:amd64'], 'comparison-match-value': ['62.0+build2-0ubuntu0.14.04.3', '62.0+build2-0ubuntu0.14.04.3']}} | ||
| filters = {'bionic-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['bionic']}, 'xenial-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['xenial']}, 'trusty-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['trusty']}} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| [GLOBAL] | ||
| jellyfishversion = 2 | ||
|
|
||
| [USN-3761-2] | ||
| vuln-name = "USN-3761-2" | ||
| vuln-primary-link = "https://usn.ubuntu.com/3761-2/" | ||
| vuln-priority = 4 | ||
| vuln-additional-links = {'USN-3761-1': 'https://usn.ubuntu.com/usn/usn-3761-1', 'LP: 1791789': 'https://launchpad.net/bugs/1791789'} | ||
| vuln-short-description = "USN-3761-1 caused several regressions in Firefox." | ||
| vuln-long-description = USN-3761-1 fixed vulnerabilities in Firefox. The update caused several | ||
| regressions affecting spellchecker dictionaries and search engines. This | ||
| update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were | ||
| tricked in to opening a specially crafted website, an attacker could | ||
| potentially exploit these to cause a denial of service, or execute | ||
| arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, | ||
| CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and | ||
| then later set a master password, an unencrypted copy of these passwords | ||
| would still be accessible. A local user could exploit this to obtain | ||
| sensitive information. (CVE-2018-12383) Update instructions The problem can be corrected by updating your system to the following package versions: | ||
| Ubuntu 18.04 LTS | ||
| firefox - 62.0+build2-0ubuntu0.18.04.4 | ||
| Ubuntu 16.04 LTS | ||
| firefox - 62.0+build2-0ubuntu0.16.04.4 | ||
| Ubuntu 14.04 LTS | ||
| firefox - 62.0+build2-0ubuntu0.14.04.4 | ||
| To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to make | ||
| all the necessary changes. References | ||
| USN-3761-1 | ||
| LP: 1791789 | ||
|
|
||
| comparisons = {'bionic-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['firefox', 'firefox:amd64'], 'comparison-match-value': ['62.0+build2-0ubuntu0.18.04.4', '62.0+build2-0ubuntu0.18.04.4']}, 'xenial-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['firefox', 'firefox:amd64'], 'comparison-match-value': ['62.0+build2-0ubuntu0.16.04.4', '62.0+build2-0ubuntu0.16.04.4']}, 'trusty-bucket': {'comparison-match': 'aptge', 'comparison-collection-type': ['packages', 'packages'], 'comparison-collection-subtype': ['firefox', 'firefox:amd64'], 'comparison-match-value': ['62.0+build2-0ubuntu0.14.04.4', '62.0+build2-0ubuntu0.14.04.4']}} | ||
| filters = {'bionic-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['bionic']}, 'xenial-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['xenial']}, 'trusty-bucket': {'filter-match': 'is', 'filter-collection-type': ['release'], 'filter-collection-subtype': ['default'], 'filter-match-value': ['trusty']}} | ||
|
|
Oops, something went wrong.