SECURITY

USN-4167-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. [ more… ]

USN-4166-2: PHP vulnerability php5 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary PHP could be made to run programs if it received specially crafted network traffic. Software Description php5 – HTML-embedded scripting language interpreter Details USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm6 php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm6 php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm6 php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm6 Ubuntu 12.04 ESM libapache2-mod-php5 – 5.3.10-1ubuntu3.40 php5-cgi – 5.3.10-1ubuntu3.40 php5-cli – 5.3.10-1ubuntu3.40 php5-fpm [ more… ]

USN-4166-1: PHP vulnerability php7.0, php7.2, php7.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary PHP could be made to run programs if it received specially crafted network traffic. Software Description php7.3 – HTML-embedded scripting language interpreter php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libapache2-mod-php7.3 – 7.3.11-0ubuntu0.19.10.1 php7.3-cgi – 7.3.11-0ubuntu0.19.10.1 php7.3-cli – 7.3.11-0ubuntu0.19.10.1 php7.3-fpm – 7.3.11-0ubuntu0.19.10.1 Ubuntu 19.04 libapache2-mod-php7.2 – 7.2.24-0ubuntu0.19.04.1 php7.2-cgi – 7.2.24-0ubuntu0.19.04.1 php7.2-cli – 7.2.24-0ubuntu0.19.04.1 php7.2-fpm – 7.2.24-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libapache2-mod-php7.2 – [ more… ]