Ubuntu Secutity Notices

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

libmspack could be made to expose sensitive information if it received a specially crafted CHM file.

• libmspack - library for Microsoft compression formats

It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

libmspack0 - 0.6-3ubuntu0.3

Ubuntu 16.04 LTS

libmspack0 - 0.5-1ubuntu0.16.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-1010305

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in Squid.

• squid - Web proxy cache server
• squid3 - Web proxy cache server

It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525)

It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-12527)

It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12529)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

squid - 4.4-1ubuntu2.2

Ubuntu 18.04 LTS

squid3 - 3.5.27-1ubuntu1.3

Ubuntu 16.04 LTS

squid3 - 3.5.12-1ubuntu7.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-12525
• CVE-2019-12527
• CVE-2019-12529

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in Thunderbird.

• thunderbird - Mozilla Open Source mail and newsgroup client

A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, spoof origin attributes, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717)

It was discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could exploit this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

It was discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly exploit this issue to cause Thunderbird to crash, resulting in a denial of service. (CVE-2019-11729)

It was discovered that Thunderbird treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

thunderbird - 1:60.8.0+build1-0ubuntu0.19.04.1

Ubuntu 18.10

thunderbird - 1:60.8.0+build1-0ubuntu0.18.10.1

Ubuntu 18.04 LTS

thunderbird - 1:60.8.0+build1-0ubuntu0.18.04.1

Ubuntu 16.04 LTS

thunderbird - 1:60.8.0+build1-0ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

• CVE-2019-11709
• CVE-2019-11711
• CVE-2019-11712
• CVE-2019-11713
• CVE-2019-11715
• CVE-2019-11717
• CVE-2019-11719
• CVE-2019-11729
• CVE-2019-11730
• CVE-2019-9811

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in LibreOffice.

• libreoffice - Office productivity suite

Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9848)

Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. (CVE-2019-9849)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libreoffice-core - 1:6.2.5-0ubuntu0.19.04.1

Ubuntu 18.04 LTS

libreoffice-core - 1:6.0.7-0ubuntu0.18.04.8

Ubuntu 16.04 LTS

libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all the necessary changes.

• CVE-2019-9848
• CVE-2019-9849

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Several security issues were fixed in Squid.

• squid3 - Web proxy cache server

USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)

It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

squid3 - 3.1.19-1ubuntu3.12.04.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• USN-4059-1
• CVE-2018-1000024
• CVE-2018-1000027
• CVE-2019-13345

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS

WavPack could be made to crash if it received a specially crafted WAV file.

• wavpack - audio codec (lossy and lossless) - encoder and decoder

Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libwavpack1 - 5.1.0-5ubuntu0.2

wavpack - 5.1.0-5ubuntu0.2

Ubuntu 18.04 LTS

libwavpack1 - 5.1.0-2ubuntu1.4

wavpack - 5.1.0-2ubuntu1.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-1010315
• CVE-2019-1010317
• CVE-2019-1010318
• CVE-2019-1010319

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

Several security issues were fixed in NSS.

• nss - Network Security Service library

USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm1

Ubuntu 12.04 ESM

libnss3 - 2:3.28.4-0ubuntu0.12.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that use NSS, such as Evolution, to make all the necessary changes.

• USN-4060-1
• CVE-2019-11719
• CVE-2019-11729

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in Redis.

• redis - Persistent key-value database with network interface

It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

redis - 5:5.0.3-4ubuntu0.1

redis-tools - 5:5.0.3-4ubuntu0.1

Ubuntu 18.04 LTS

redis - 5:4.0.9-1ubuntu0.2

redis-tools - 5:4.0.9-1ubuntu0.2

Ubuntu 16.04 LTS

redis-tools - 2:3.0.6-1ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-10192
• CVE-2019-10193

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in NSS.

• nss - Network Security Service library

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. (CVE-2019-11727)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libnss3 - 2:3.42-1ubuntu2.1

Ubuntu 18.04 LTS

libnss3 - 2:3.35-2ubuntu2.3

Ubuntu 16.04 LTS

libnss3 - 2:3.28.4-0ubuntu0.16.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that use NSS, such as Evolution, to make all the necessary changes.

• CVE-2019-11719
• CVE-2019-11727
• CVE-2019-11729

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in Squid.

• squid - Web proxy cache server
• squid3 - Web proxy cache server

It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19132)

It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

squid - 4.4-1ubuntu2.1

Ubuntu 18.04 LTS

squid3 - 3.5.27-1ubuntu1.2

Ubuntu 16.04 LTS

squid3 - 3.5.12-1ubuntu7.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2018-19132
• CVE-2019-13345

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Zipios could be made to crash or consume system resources if it received specially crafted input.

• zipios++ - small C++ library for reading zip files (development)

Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1

Ubuntu 18.10

libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1

Ubuntu 18.04 LTS

libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1

Ubuntu 16.04 LTS

libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-13453

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 16.04 LTS

A system hardening measure could be bypassed.

• bash - GNU Bourne Again SHell

It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS

bash - 4.3-14ubuntu1.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-9924

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in FlightCrew.

• flightcrew - C++ epub validator and plugin for Sigil

Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. (CVE-2019-13032)

Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2019-13241)

Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

flightcrew - 0.7.2+dfsg-13ubuntu0.19.04.1

libflightcrew0v5 - 0.7.2+dfsg-13ubuntu0.19.04.1

Ubuntu 18.10

flightcrew - 0.7.2+dfsg-12ubuntu0.1

libflightcrew0v5 - 0.7.2+dfsg-12ubuntu0.1

Ubuntu 18.04 LTS

flightcrew - 0.7.2+dfsg-10ubuntu0.1

libflightcrew0v5 - 0.7.2+dfsg-10ubuntu0.1

Ubuntu 16.04 LTS

flightcrew - 0.7.2+dfsg-6ubuntu0.1

libflightcrew0v5 - 0.7.2+dfsg-6ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-13032
• CVE-2019-13241
• CVE-2019-13453

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in Exiv2.

• exiv2 - EXIF/IPTC/XMP metadata manipulation tool

It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19107, CVE-2018-19108)

It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19535, CVE-2019-13112)

It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13110, CVE-2019-13113)

It was discovered that incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13114)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

exiv2 - 0.25-4ubuntu1.1

libexiv2-14 - 0.25-4ubuntu1.1

Ubuntu 18.10

exiv2 - 0.25-4ubuntu0.2

libexiv2-14 - 0.25-4ubuntu0.2

Ubuntu 18.04 LTS

exiv2 - 0.25-3.1ubuntu0.18.04.3

libexiv2-14 - 0.25-3.1ubuntu0.18.04.3

Ubuntu 16.04 LTS

exiv2 - 0.25-2.1ubuntu16.04.4

libexiv2-14 - 0.25-2.1ubuntu16.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2018-19107
• CVE-2018-19108
• CVE-2018-19535
• CVE-2019-13110
• CVE-2019-13112
• CVE-2019-13113
• CVE-2019-13114

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Firefox could be made to crash or run programs as your login if it opened a malicious website.

• firefox - Mozilla Open Source web browser

A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729)

It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

firefox - 68.0+build3-0ubuntu0.19.04.1

Ubuntu 18.10

firefox - 68.0+build3-0ubuntu0.18.10.1

Ubuntu 18.04 LTS

firefox - 68.0+build3-0ubuntu0.18.04.1

Ubuntu 16.04 LTS

firefox - 68.0+build3-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

• CVE-2019-11709
• CVE-2019-11710
• CVE-2019-11711
• CVE-2019-11712
• CVE-2019-11713
• CVE-2019-11714
• CVE-2019-11715
• CVE-2019-11716
• CVE-2019-11717
• CVE-2019-11718
• CVE-2019-11719
• CVE-2019-11720
• CVE-2019-11721
• CVE-2019-11723
• CVE-2019-11724
• CVE-2019-11725
• CVE-2019-11727
• CVE-2019-11728
• CVE-2019-11729
• CVE-2019-11730
• CVE-2019-9811

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM

Apport could be made to expose sensitive information in crash reports.

• apport - automatically generate crash reports for debugging

USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

python-apport - 2.14.1-0ubuntu3.29+esm1

python3-apport - 2.14.1-0ubuntu3.29+esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• USN-4051-1
• CVE-2019-7307

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Several security issues were fixed in GVfs.

• gvfs - Userspace virtual filesystem

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449)

It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795)

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

gvfs - 1.40.1-1ubuntu0.1

gvfs-backends - 1.40.1-1ubuntu0.1

Ubuntu 18.10

gvfs - 1.38.1-0ubuntu1.3.2

gvfs-backends - 1.38.1-0ubuntu1.3.2

Ubuntu 18.04 LTS

gvfs - 1.36.1-0ubuntu1.3.3

gvfs-backends - 1.36.1-0ubuntu1.3.3

Ubuntu 16.04 LTS

gvfs - 1.28.2-1ubuntu1~16.04.3

gvfs-backends - 1.28.2-1ubuntu1~16.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-12447
• CVE-2019-12448
• CVE-2019-12449
• CVE-2019-12795

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Apport could be made to expose sensitive information in crash reports.

• apport - automatically generate crash reports for debugging

Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

python-apport - 2.20.10-0ubuntu27.1

python3-apport - 2.20.10-0ubuntu27.1

Ubuntu 18.10

python-apport - 2.20.10-0ubuntu13.4

python3-apport - 2.20.10-0ubuntu13.4

Ubuntu 18.04 LTS

python-apport - 2.20.9-0ubuntu7.7

python3-apport - 2.20.9-0ubuntu7.7

Ubuntu 16.04 LTS

python-apport - 2.20.1-0ubuntu2.19

python3-apport - 2.20.1-0ubuntu2.19

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-7307

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Whoopsie could be made to crash or expose sensitive information if it processed a specially crafted crash report.

• whoopsie - Ubuntu error tracker submission

Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libwhoopsie0 - 0.2.64ubuntu0.1

whoopsie - 0.2.64ubuntu0.1

Ubuntu 18.10

libwhoopsie0 - 0.2.62ubuntu1

whoopsie - 0.2.62ubuntu1

Ubuntu 18.04 LTS

libwhoopsie0 - 0.2.62ubuntu0.1

whoopsie - 0.2.62ubuntu0.1

Ubuntu 16.04 LTS

libwhoopsie0 - 0.2.52.5ubuntu0.1

whoopsie - 0.2.52.5ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• CVE-2019-11476

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

GLib did not properly restrict directory and file permissions.

• glib2.0 - GLib Input, Output and Streaming Library (fam module)

USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information.

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

libglib2.0-0 - 2.40.2-0ubuntu1.1+esm2

libglib2.0-bin - 2.40.2-0ubuntu1.1+esm2

Ubuntu 12.04 ESM

libglib2.0-0 - 2.32.4-0ubuntu1.3

libglib2.0-bin - 2.32.4-0ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

• USN-4049-1
• CVE-2019-13012