Adobe fixes critical bugs: Patch Tuesday - Week 4, February 2019

Adobe

Adobe released a couple of security updates for Acrobat and Reader running on Windows and macOS. These updates fix issues for vulnerabilities disclosed last week. The vulnerability, CVE-2019-7089, allowed PDF documents to take in SMB requests from attackers, leading to sensitive information disclosure.

The following are the updates versions (both for Windows and Mac) of the products announced by Adobe.

• Acrobat DC - 2019.010.20098
• Acrobat Reader DC - 2019.010.20098
• Acrobat 2017 - 2017.011.30127
• Acrobat Reader DC 2017 - 2017.011.30127
• Acrobat DC - 2015.006.30482
• Acrobat Reader DC - 2015.006.30482

NVIDIA

NVIDIA patches 8 major vulnerabilities existing in the Windows GPU Display Driver. Vulnerabilities included denial of service flaw, escalation of privileges, arbitrary code execution, and information disclosure. Details are given here.

Following are the NVIDIA products covered in the security updates.

• GeForce - All R418 versions prior to 419.17 (Windows), All R418 versions prior to 418.43 (Linux), All R400 versions prior to 410.104 (FreeBSD), All R390 versions prior to 390.116 (Solaris)
• Quadro & NVS - All R418 versions prior to 419.17 (Windows), All R400 versions prior to 412.29 (Windows), All R390 versions prior to 392.37 (Windows), All R418 versions prior to 418.43 (Linux), All R400 versions prior to 410.104 (FreeBSD), All R390 versions prior to 390.116 (Solaris).
• Tesla - All R418 versions prior to 418.96 (Windows), All R400 versions prior to 412.29 (Windows), All R418 versions prior to 418.33 (Linux), All R400 versions prior to 410.104 (Linux), All R396 versions prior to 396.82 (Linux), All R390 versions prior to 390.116 (Linux), All R384 versions prior to 384.183 (Linux).

The updates can be downloaded here.

Ubuntu

A total of 6 security updates were released this week. Among these, two were browser-specific. Following are the descriptions of the updates.

• USN-3897-1: Thunderbird vulnerabilities: Multiple vulnerabilities found in Mozilla Thunderbird running on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS & Ubuntu 14.04 LTS are fixed.
• USN-3896-1: Firefox vulnerabilities: Patches flaws in Mozilla Firefox running in Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS & Ubuntu 14.04 LTS.
• USN-3895-1: LDB vulnerability: Ubuntu’s LDAP-like embedded database (LDB) wrongly used certain search expressions possibly leading to denial-of-service attacks. This update fixes the issue in Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS & Ubuntu 14.04 LTS.
• USN-3894-1: GNOME Keyring vulnerability: The GNOME Keyring could be hacked to disclose login credentials. The update fixes this issue in Ubuntu 16.04 LTS & Ubuntu 14.04 LTS.
• USN-3866-3: Ghostscript regression: PostScript files could be manipulated for arbitrary code execution. The update fixes this issue for Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS & Ubuntu 14.04 LTS.
• USN-3893-2: Bind vulnerabilities: One of the servers named Bind incorrectly handled specific instructions causing it to crash. This is fixed with an update available for Ubuntu 12.04 ESM.