Articles by KENNETH

USN-3829-1: Git vulnerabilities git vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Git. Software Description git – fast, scalable, distributed revision control system Details It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-19486) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 git – 1:2.19.1-1ubuntu1.1 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.4 [ more… ]

USN-3828-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.22.4-0ubuntu0.18.10.1 libwebkit2gtk-4.0-37 – 2.22.4-0ubuntu0.18.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.22.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.22.4-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]