SECURITY

USN-4655-1: Werkzeug vulnerabilities It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-14806) It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause pishing attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2020-28724) Source: USN-4655-1: Werkzeug vulnerabilities

USN-4654-1: PEAR vulnerabilities It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code. Source: USN-4654-1: PEAR vulnerabilities

USN-4653-1: containerd vulnerability It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges. Source: USN-4653-1: containerd vulnerability

USN-4652-1: SniffIt vulnerability It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code. Source: USN-4652-1: SniffIt vulnerability

USN-4651-1: MySQL vulnerabilities Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Source: USN-4651-1: MySQL vulnerabilities