SECURITY

USN-3977-2: Intel Microcode update intel-microcode update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary The system could be made to expose sensitive information. Software Description intel-microcode – Processor microcode for Intel CPUs Details USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an [ more… ]

USN-3993-2: curl vulnerability curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary curl could be made to crash if it received a specially crafted data. Software Description curl – HTTP, HTTPS, and FTP client and client libraries Details USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM curl – 7.35.0-1ubuntu2.20+esm2 libcurl3 – 7.35.0-1ubuntu2.20+esm2 libcurl3-gnutls – 7.35.0-1ubuntu2.20+esm2 libcurl3-nss [ more… ]

USN-3993-1: curl vulnerabilities curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in curl. Software Description curl – HTTP, HTTPS, and FTP client and client libraries Details Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update instructions The problem can be corrected by updating your system to [ more… ]

USN-3992-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libjavascriptcoregtk-4.0-18 – 2.24.2-0ubuntu0.19.04.1 libwebkit2gtk-4.0-37 – 2.24.2-0ubuntu0.19.04.1 Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.24.2-0ubuntu0.18.10.1 libwebkit2gtk-4.0-37 – 2.24.2-0ubuntu0.18.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.24.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.24.2-0ubuntu0.18.04.1 To update your system, please follow [ more… ]

USN-3566-2: PHP vulnerabilities php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php5 – HTML-embedded scripting language interpreter Details USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20783) It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. (CVE-2019-11036) Original advisory details: It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting [ more… ]