SECURITY

USN-4279-1: PHP vulnerabilities php5, php7.0, php7.2, php7.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php7.3 – server-side, HTML-embedded scripting language (metapackage) php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly [ more… ]

USN-4278-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – 73.0+build3-0ubuntu0.19.10.1 Ubuntu 18.04 LTS firefox – 73.0+build3-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to make all the [ more… ]

USN-4277-1: libexif vulnerabilities libexif vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in libexif. Software Description libexif – library to parse EXIF files Details Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled [ more… ]

USN-4276-1: Yubico PIV Tool vulnerabilities Yubico PIV Tool vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. Software Description yubico-piv-tool – Command line tool for the YubiKey PIV applet Details It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libykpiv1 – 1.4.2-2ubuntu0.1 ykcs11 – 1.4.2-2ubuntu0.1 yubico-piv-tool – 1.4.2-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]