SECURITY

USN-4051-1: Apport vulnerability apport vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Apport could be made to expose sensitive information in crash reports. Software Description apport – automatically generate crash reports for debugging Details Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-apport – 2.20.10-0ubuntu27.1 python3-apport – 2.20.10-0ubuntu27.1 Ubuntu 18.10 python-apport – 2.20.10-0ubuntu13.4 python3-apport – 2.20.10-0ubuntu13.4 Ubuntu 18.04 LTS python-apport – 2.20.9-0ubuntu7.7 python3-apport – 2.20.9-0ubuntu7.7 Ubuntu 16.04 LTS python-apport – 2.20.1-0ubuntu2.19 python3-apport – 2.20.1-0ubuntu2.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4052-1: Whoopsie vulnerability whoopsie vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Whoopsie could be made to crash or expose sensitive information if it processed a specially crafted crash report. Software Description whoopsie – Ubuntu error tracker submission Details Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwhoopsie0 – 0.2.64ubuntu0.1 whoopsie – 0.2.64ubuntu0.1 Ubuntu 18.10 libwhoopsie0 – 0.2.62ubuntu1 whoopsie – 0.2.62ubuntu1 Ubuntu 18.04 LTS libwhoopsie0 – 0.2.62ubuntu0.1 whoopsie – 0.2.62ubuntu0.1 Ubuntu 16.04 LTS libwhoopsie0 – 0.2.52.5ubuntu0.1 whoopsie – 0.2.52.5ubuntu0.1 To update your system, please follow these instructions: [ more… ]

USN-4049-2: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GLib did not properly restrict directory and file permissions. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libglib2.0-0 – 2.40.2-0ubuntu1.1+esm2 libglib2.0-bin – 2.40.2-0ubuntu1.1+esm2 Ubuntu 12.04 ESM libglib2.0-0 – 2.32.4-0ubuntu1.3 libglib2.0-bin – 2.32.4-0ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-4050-1: ZeroMQ vulnerability zeromq3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary ZeroMQ could be made to crash or run programs if it received specially crafted network traffic. Software Description zeromq3 – lightweight messaging kernel Details It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libzmq5 – 4.3.1-3ubuntu2.1 Ubuntu 18.10 libzmq5 – 4.2.5-2ubuntu0.2 Ubuntu 18.04 LTS libzmq5 – 4.2.5-1ubuntu0.2 Ubuntu 16.04 LTS libzmq5 – 4.1.4-7ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13132 Source: [ more… ]

USN-4049-1: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary GLib did not properly restrict directory and file permissions. Software Description glib2.0 – GLib Input, Output and Streaming Library (fam module) Details It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libglib2.0-0 – 2.58.1-2ubuntu0.2 libglib2.0-bin – 2.58.1-2ubuntu0.2 Ubuntu 18.04 LTS libglib2.0-0 – 2.56.4-0ubuntu0.18.04.4 libglib2.0-bin – 2.56.4-0ubuntu0.18.04.4 Ubuntu 16.04 LTS libglib2.0-0 – 2.48.2-0ubuntu4.3 libglib2.0-bin – 2.48.2-0ubuntu4.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13012 Source: USN-4049-1: GLib vulnerability