SECURITY

USN-4014-1: GLib vulnerability glib2.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary GLib could be made to expose sensitive information if it received a specially crafted file. Software Description glib2.0 – GLib library of C routines Details It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libglib2.0-0 – 2.60.0-1ubuntu0.1 libglib2.0-bin – 2.60.0-1ubuntu0.1 libglib2.0-dev – 2.60.0-1ubuntu0.1 Ubuntu 18.10 libglib2.0-0 – 2.58.1-2ubuntu0.1 libglib2.0-bin – 2.58.1-2ubuntu0.1 libglib2.0-dev – 2.58.1-2ubuntu0.1 Ubuntu 18.04 LTS libglib2.0-0 – 2.56.4-0ubuntu0.18.04.3 libglib2.0-bin – 2.56.4-0ubuntu0.18.04.3 libglib2.0-dev – 2.56.4-0ubuntu0.18.04.3 Ubuntu 16.04 LTS libglib2.0-0 – 2.48.2-0ubuntu4.2 libglib2.0-bin – 2.48.2-0ubuntu4.2 libglib2.0-dev – 2.48.2-0ubuntu4.2 To update your system, please follow [ more… ]

USN-4013-1: libsndfile vulnerabilities libsndfile vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in libsndfile. Software Description libsndfile – Library for reading/writing audio files Details It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsndfile1 – 1.0.28-4ubuntu0.18.10.1 Ubuntu 18.04 LTS libsndfile1 – 1.0.28-4ubuntu0.18.04.1 Ubuntu 16.04 LTS libsndfile1 – 1.0.25-10ubuntu0.16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-17456 [ more… ]

USN-4012-1: elfutils vulnerabilities elfutils vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in elfutils. Software Description elfutils – collection of utilities to handle ELF objects Details It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 elfutils – 0.170-0.5.0ubuntu1.1 libasm1 – 0.170-0.5.0ubuntu1.1 libdw1 – 0.170-0.5.0ubuntu1.1 libelf1 – 0.170-0.5.0ubuntu1.1 Ubuntu 18.04 LTS elfutils – 0.170-0.4ubuntu0.1 libasm1 – 0.170-0.4ubuntu0.1 libdw1 – 0.170-0.4ubuntu0.1 libelf1 – 0.170-0.4ubuntu0.1 Ubuntu 16.04 LTS elfutils – 0.165-3ubuntu1.2 libasm1 – 0.165-3ubuntu1.2 libdw1 – 0.165-3ubuntu1.2 [ more… ]

USN-4008-3: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a null pointer dereference [ more… ]

USN-3991-2: Firefox regression firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-3991-1 caused a regression in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, [ more… ]