SECURITY

USN-4639-1: phpMyAdmin vulnerabilities It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. (CVE-2018-19970) It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. (CVE-2018-7260) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. (CVE-2019-11768) It was discovered that phpmyadmin incorrectly handled some requests. An attacker could possibly use this to perform a CSRF attack. (CVE-2019-12616) It was discovered that phpMyAdmin failed to sanitize [ more… ]

USN-4638-1: c-ares vulnerability It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service. Source: USN-4638-1: c-ares vulnerability

USN-4637-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting (XSS) attacks, bypass Content Security Policy (CSP) restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Source: USN-4637-1: Firefox vulnerabilities

USN-4636-1: LibVNCServer, Vino vulnerability It was discovered that LibVNCServer incorrectly handled certain internals. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Vino package ships with a LibVNCServer source and all listed releases were affected for this package. Source: USN-4636-1: LibVNCServer, Vino vulnerability

USN-4635-1: Kerberos vulnerability Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service. Source: USN-4635-1: Kerberos vulnerability