SECURITY

USN-4127-2: Python vulnerabilities python2.7, python3.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.4 – An interactive high-level object-oriented language Details USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly [ more… ]

USN-4126-2: FreeType vulnerabilities freetype vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary FreeType could be made to expose sensitive information if it opened a specially crafted font file. Software Description freetype – FreeType 2 is a font engine library Details USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9381, CVE-2015-9382) Original advisory details: It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9383) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libfreetype6 – [ more… ]

USN-4127-1: Python vulnerabilities python2.7, python3.5, python3.6, python3.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.7 – An interactive high-level object-oriented language python3.6 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled [ more… ]

USN-4126-1: FreeType vulnerability freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary FreeType could be made to expose sensitive information if if it opened a specially crafted font file. Software Description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libfreetype6 – 2.6.1-0.1ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References CVE-2015-9383 Source: USN-4126-1: FreeType vulnerability

USN-4125-1: Memcached vulnerability memcached vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Memcached could be made to expose sensitive information if it received a specially crafted UNIX socket. Software Description memcached – high-performance memory object caching system Details It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 memcached – 1.5.10-0ubuntu1.19.04.2 Ubuntu 18.04 LTS memcached – 1.5.6-0ubuntu1.2 Ubuntu 16.04 LTS memcached – 1.4.25-2ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-15026 Source: USN-4125-1: Memcached vulnerability