SECURITY

USN-4241-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu [ more… ]

USN-4240-1: Kamailio vulnerability kamailio vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary kamailio could be made to crash if it opened a specially crafted file. Software Description kamailio – very fast and configurable SIP proxy Details It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS kamailio – 4.3.4-1.1ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-8828 Source: USN-4240-1: Kamailio vulnerability

USN-4235-2: nginx vulnerability nginx vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary nginx could be made to expose sensitive information over the network. Software Description nginx – small, powerful, scalable web/proxy server Details USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM nginx-common – 1.4.6-1ubuntu3.9+esm1 nginx-core – 1.4.6-1ubuntu3.9+esm1 nginx-extras – 1.4.6-1ubuntu3.9+esm1 nginx-full – 1.4.6-1ubuntu3.9+esm1 nginx-light – 1.4.6-1ubuntu3.9+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]

USN-4221-2: libpcap vulnerability libpcap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Applications using libpcap could be made to crash if given specially crafted data. Software Description libpcap – Library for for user-level network packet capture Details USN-4221-1 fixed a vulnerability in libpcap. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libpcap0.8 – 1.1.1-10ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4221-1 CVE-2019-15165 Source: USN-4221-2: libpcap [ more… ]

USN-4239-1: PHP vulnerabilities php5, php7.0, php7.2, php7.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php7.3 – server-side, HTML-embedded scripting language (metapackage) php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-11046) It was discovered that PHP incorrectly handled certain images. An attacker [ more… ]