SECURITY

USN-4178-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libjavascriptcoregtk-4.0-18 – 2.26.1-0ubuntu0.19.04.3 libwebkit2gtk-4.0-37 – 2.26.1-0ubuntu0.19.04.3 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.26.1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

USN-4177-1: Rygel vulnerability rygel vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Summary The system could be made to expose sensitive information. Software Description rygel – GNOME UPnP/DLNA services Details It was discovered that the Rygel package automatically started the daemon by default in user sessions. In certain environments, this resulted in media being shared contrary to expectations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 rygel – 0.38.1-2ubuntu3.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References LP: 1848692 Source: USN-4177-1: Rygel vulnerability

USN-4176-1: GNU cpio vulnerability cpio vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GNU cpio could be made to expose sensitive information if it received a specially crafted input. Software Description cpio – a tool to manage archives of files Details Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 cpio – 2.12+dfsg-9ubuntu0.1 Ubuntu 19.04 cpio – 2.12+dfsg-6ubuntu0.19.04.1 Ubuntu 18.04 LTS cpio – 2.12+dfsg-6ubuntu0.18.04.1 Ubuntu 16.04 LTS cpio – 2.11+dfsg-5ubuntu1.1 Ubuntu 14.04 ESM cpio – 2.11+dfsg-1ubuntu1.2+esm1 Ubuntu 12.04 ESM cpio – 2.11-7ubuntu3.3 To update your system, please follow these [ more… ]

USN-4165-2: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4165-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – [ more… ]