SECURITY

USN-3972-1: PostgreSQL vulnerabilities postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in PostgreSQL. Software Description postgresql-11 – object-relational SQL database postgresql-10 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129) Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 postgresql-11 – 11.3-0ubuntu0.19.04.1 Ubuntu 18.10 postgresql-10 – 10.8-0ubuntu0.18.10.1 Ubuntu 18.04 LTS postgresql-10 – 10.8-0ubuntu0.18.04.1 [ more… ]

USN-3969-2: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. Software Description wpa – client support for WPA and WPA2 Details USN-3969-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM hostapd – 2.1-0ubuntu1.7+esm1 wpasupplicant – 2.1-0ubuntu1.7+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]

USN-3956-2: Bind vulnerability bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Bind could be made to consume resources if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bind9 – 1:9.9.5.dfsg-3ubuntu0.19+esm1 Ubuntu 12.04 ESM bind9 – 1:9.8.1.dfsg.P1-4ubuntu0.28 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3971-1: Monit vulnerabilities Monit vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Several security issues were fixed in Monit Software Description monit – utility for monitoring and managing daemons or similar programs Details Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information. (CVE-2019-11455) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 monit – 1:5.25.2-3ubuntu0.1 Ubuntu 18.10 monit – 1:5.25.2-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11454 CVE-2019-11455 Source: USN-3971-1: [ more… ]

USN-3970-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ghostscript – 9.26~dfsg+0-0ubuntu7.1 libgs9 – 9.26~dfsg+0-0ubuntu7.1 Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.9 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.9 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.9 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.9 [ more… ]