Articles by KENNETH

USN-3867-1: MySQL vulnerabilities mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 mysql-server-5.7 – 5.7.25-0ubuntu0.18.10.2 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.18.04.2 Ubuntu 16.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.16.04.2 To update your system, please follow these [ more… ]

USN-3866-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.4 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.4 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.4 libgs9 [ more… ]

USN-3707-2: NTP vulnerabilities ntp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in NTP. Software Description ntp – Network Time Protocol daemon and utility programs Details USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7427, CVE-2016-7428) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or [ more… ]