Articles by KENNETH

USN-4347-1: WebKitGTK vulnerability webkit2gtk vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.20.04.1 Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.18.04.1 To update your system, [ more… ]

USN-4341-3: Samba regression samba regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-4341-1 introduced a regression in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS samba – 2:4.3.11+dfsg-0ubuntu0.16.04.27 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-4346-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) It was discovered that the Intel Wi-Fi driver in the Linux kernel [ more… ]