SECURITY

USN-4045-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. (CVE-2019-11707) It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. (CVE-2019-11708) Update instructions The problem can be corrected by updating your system to the following package versions: [ more… ]

USN-4044-1: ZNC vulnerability znc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary znc could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description znc – advanced modular IRC bouncer Details Fix vulnerability where an authenticated non-admin users could load a module with a crafted name, then escalate privileges and run arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 znc – 1.7.2-2ubuntu0.1 Ubuntu 18.10 znc – 1.7.1-2ubuntu0.2 Ubuntu 18.04 LTS znc – 1.6.6-1ubuntu0.2 Ubuntu 16.04 LTS znc – 1.6.3-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart znc to make all the necessary changes. [ more… ]

USN-4043-1: Django vulnerabilities python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Django. Software Description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-12308) Gavin Wahl discovered that Django incorrectly handled certain requests. An attacker could possibly use this issue to bypass credentials and access administrator interface. (CVE-2019-12781) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-django – 1:1.11.20-1ubuntu0.1 python3-django – 1:1.11.20-1ubuntu0.1 Ubuntu 18.10 python-django – 1:1.11.15-1ubuntu1.3 python3-django – 1:1.11.15-1ubuntu1.3 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.4 python3-django [ more… ]

USN-4041-2: Linux kernel (HWE) update linux-lts-xenial, linux-aws, linux-azure update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4041-1 provided updates for the Linux kernel in Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM. USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A [ more… ]