Ubuntu Secutity Notices

Subscribe to Ubuntu Secutity Notices hírcsatorna
Recent content on Ubuntu security notices
Frissítve: 2 óra 19 perc
2019. július 18.

USN-4066-1: libmspack vulnerability

libmspack vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

libmspack could be made to expose sensitive information if it received a specially crafted CHM file.

Software Description
  • libmspack - library for Microsoft compression formats
Details

It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libmspack0 - 0.6-3ubuntu0.3
Ubuntu 16.04 LTS
libmspack0 - 0.5-1ubuntu0.16.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 18.

USN-4065-1: Squid vulnerabilities

squid, squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Squid.

Software Description
  • squid - Web proxy cache server
  • squid3 - Web proxy cache server
Details

It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525)

It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-12527)

It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12529)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
squid - 4.4-1ubuntu2.2
Ubuntu 18.04 LTS
squid3 - 3.5.27-1ubuntu1.3
Ubuntu 16.04 LTS
squid3 - 3.5.12-1ubuntu7.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 18.

USN-4064-1: Thunderbird vulnerabilities

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Thunderbird.

Software Description
  • thunderbird - Mozilla Open Source mail and newsgroup client
Details

A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, spoof origin attributes, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717)

It was discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could exploit this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

It was discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly exploit this issue to cause Thunderbird to crash, resulting in a denial of service. (CVE-2019-11729)

It was discovered that Thunderbird treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
thunderbird - 1:60.8.0+build1-0ubuntu0.19.04.1
Ubuntu 18.10
thunderbird - 1:60.8.0+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
thunderbird - 1:60.8.0+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
thunderbird - 1:60.8.0+build1-0ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References
2019. július 17.

USN-4063-1: LibreOffice vulnerabilities

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in LibreOffice.

Software Description
  • libreoffice - Office productivity suite
Details

Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9848)

Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. (CVE-2019-9849)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libreoffice-core - 1:6.2.5-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
libreoffice-core - 1:6.0.7-0ubuntu0.18.04.8
Ubuntu 16.04 LTS
libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all the necessary changes.

References
2019. július 17.

USN-4059-2: Squid vulnerabilities

squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in Squid.

Software Description
  • squid3 - Web proxy cache server
Details

USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)

It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
squid3 - 3.1.19-1ubuntu3.12.04.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 16.

USN-4062-1: WavPack vulnerabilities

wavpack vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
Summary

WavPack could be made to crash if it received a specially crafted WAV file.

Software Description
  • wavpack - audio codec (lossy and lossless) - encoder and decoder
Details

Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libwavpack1 - 5.1.0-5ubuntu0.2
wavpack - 5.1.0-5ubuntu0.2
Ubuntu 18.04 LTS
libwavpack1 - 5.1.0-2ubuntu1.4
wavpack - 5.1.0-2ubuntu1.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 16.

USN-4060-2: NSS vulnerabilities

nss vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in NSS.

Software Description
  • nss - Network Security Service library
Details

USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm1
Ubuntu 12.04 ESM
libnss3 - 2:3.28.4-0ubuntu0.12.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that use NSS, such as Evolution, to make all the necessary changes.

References
2019. július 16.

USN-4061-1: Redis vulnerabilities

redis vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Redis.

Software Description
  • redis - Persistent key-value database with network interface
Details

It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
redis - 5:5.0.3-4ubuntu0.1
redis-tools - 5:5.0.3-4ubuntu0.1
Ubuntu 18.04 LTS
redis - 5:4.0.9-1ubuntu0.2
redis-tools - 5:4.0.9-1ubuntu0.2
Ubuntu 16.04 LTS
redis-tools - 2:3.0.6-1ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 16.

USN-4060-1: NSS vulnerabilities

nss vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in NSS.

Software Description
  • nss - Network Security Service library
Details

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. (CVE-2019-11727)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libnss3 - 2:3.42-1ubuntu2.1
Ubuntu 18.04 LTS
libnss3 - 2:3.35-2ubuntu2.3
Ubuntu 16.04 LTS
libnss3 - 2:3.28.4-0ubuntu0.16.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that use NSS, such as Evolution, to make all the necessary changes.

References
2019. július 15.

USN-4059-1: Squid vulnerabilities

squid, squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Squid.

Software Description
  • squid - Web proxy cache server
  • squid3 - Web proxy cache server
Details

It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19132)

It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
squid - 4.4-1ubuntu2.1
Ubuntu 18.04 LTS
squid3 - 3.5.27-1ubuntu1.2
Ubuntu 16.04 LTS
squid3 - 3.5.12-1ubuntu7.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 15.

USN-4057-1: Zipios vulnerability

Zipios vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Zipios could be made to crash or consume system resources if it received specially crafted input.

Software Description
  • zipios++ - small C++ library for reading zip files (development)
Details

Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1
Ubuntu 18.10
libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1
Ubuntu 18.04 LTS
libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1
Ubuntu 16.04 LTS
libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 15.

USN-4058-1: Bash vulnerability

bash vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

A system hardening measure could be bypassed.

Software Description
  • bash - GNU Bourne Again SHell
Details

It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
bash - 4.3-14ubuntu1.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 15.

USN-4055-1: flightcrew vulnerabilities

flightcrew vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in FlightCrew.

Software Description
  • flightcrew - C++ epub validator and plugin for Sigil
Details

Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. (CVE-2019-13032)

Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2019-13241)

Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
flightcrew - 0.7.2+dfsg-13ubuntu0.19.04.1
libflightcrew0v5 - 0.7.2+dfsg-13ubuntu0.19.04.1
Ubuntu 18.10
flightcrew - 0.7.2+dfsg-12ubuntu0.1
libflightcrew0v5 - 0.7.2+dfsg-12ubuntu0.1
Ubuntu 18.04 LTS
flightcrew - 0.7.2+dfsg-10ubuntu0.1
libflightcrew0v5 - 0.7.2+dfsg-10ubuntu0.1
Ubuntu 16.04 LTS
flightcrew - 0.7.2+dfsg-6ubuntu0.1
libflightcrew0v5 - 0.7.2+dfsg-6ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 15.

USN-4056-1: Exiv2 vulnerabilities

exiv2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Exiv2.

Software Description
  • exiv2 - EXIF/IPTC/XMP metadata manipulation tool
Details

It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19107, CVE-2018-19108)

It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19535, CVE-2019-13112)

It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13110, CVE-2019-13113)

It was discovered that incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13114)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
exiv2 - 0.25-4ubuntu1.1
libexiv2-14 - 0.25-4ubuntu1.1
Ubuntu 18.10
exiv2 - 0.25-4ubuntu0.2
libexiv2-14 - 0.25-4ubuntu0.2
Ubuntu 18.04 LTS
exiv2 - 0.25-3.1ubuntu0.18.04.3
libexiv2-14 - 0.25-3.1ubuntu0.18.04.3
Ubuntu 16.04 LTS
exiv2 - 0.25-2.1ubuntu16.04.4
libexiv2-14 - 0.25-2.1ubuntu16.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 12.

USN-4054-1: Firefox vulnerabilities

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description
  • firefox - Mozilla Open Source web browser
Details

A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729)

It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
firefox - 68.0+build3-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 68.0+build3-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 68.0+build3-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 68.0+build3-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References
2019. július 9.

USN-4051-2: Apport vulnerability

apport vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

Apport could be made to expose sensitive information in crash reports.

Software Description
  • apport - automatically generate crash reports for debugging
Details

USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
python-apport - 2.14.1-0ubuntu3.29+esm1
python3-apport - 2.14.1-0ubuntu3.29+esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 9.

USN-4053-1: GVfs vulnerabilities

gvfs vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in GVfs.

Software Description
  • gvfs - Userspace virtual filesystem
Details

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449)

It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
gvfs - 1.40.1-1ubuntu0.1
gvfs-backends - 1.40.1-1ubuntu0.1
Ubuntu 18.10
gvfs - 1.38.1-0ubuntu1.3.2
gvfs-backends - 1.38.1-0ubuntu1.3.2
Ubuntu 18.04 LTS
gvfs - 1.36.1-0ubuntu1.3.3
gvfs-backends - 1.36.1-0ubuntu1.3.3
Ubuntu 16.04 LTS
gvfs - 1.28.2-1ubuntu1~16.04.3
gvfs-backends - 1.28.2-1ubuntu1~16.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 9.

USN-4051-1: Apport vulnerability

apport vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Apport could be made to expose sensitive information in crash reports.

Software Description
  • apport - automatically generate crash reports for debugging
Details

Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
python-apport - 2.20.10-0ubuntu27.1
python3-apport - 2.20.10-0ubuntu27.1
Ubuntu 18.10
python-apport - 2.20.10-0ubuntu13.4
python3-apport - 2.20.10-0ubuntu13.4
Ubuntu 18.04 LTS
python-apport - 2.20.9-0ubuntu7.7
python3-apport - 2.20.9-0ubuntu7.7
Ubuntu 16.04 LTS
python-apport - 2.20.1-0ubuntu2.19
python3-apport - 2.20.1-0ubuntu2.19

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 9.

USN-4052-1: Whoopsie vulnerability

whoopsie vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Whoopsie could be made to crash or expose sensitive information if it processed a specially crafted crash report.

Software Description
  • whoopsie - Ubuntu error tracker submission
Details

Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libwhoopsie0 - 0.2.64ubuntu0.1
whoopsie - 0.2.64ubuntu0.1
Ubuntu 18.10
libwhoopsie0 - 0.2.62ubuntu1
whoopsie - 0.2.62ubuntu1
Ubuntu 18.04 LTS
libwhoopsie0 - 0.2.62ubuntu0.1
whoopsie - 0.2.62ubuntu0.1
Ubuntu 16.04 LTS
libwhoopsie0 - 0.2.52.5ubuntu0.1
whoopsie - 0.2.52.5ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
2019. július 8.

USN-4049-2: GLib vulnerability

glib2.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

GLib did not properly restrict directory and file permissions.

Software Description
  • glib2.0 - GLib Input, Output and Streaming Library (fam module)
Details

USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libglib2.0-0 - 2.40.2-0ubuntu1.1+esm2
libglib2.0-bin - 2.40.2-0ubuntu1.1+esm2
Ubuntu 12.04 ESM
libglib2.0-0 - 2.32.4-0ubuntu1.3
libglib2.0-bin - 2.32.4-0ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References