SECURITY

USN-3969-1: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 hostapd – 2:2.6-21ubuntu3.1 wpasupplicant – 2:2.6-21ubuntu3.1 Ubuntu 18.10 hostapd – 2:2.6-18ubuntu1.2 wpasupplicant – 2:2.6-18ubuntu1.2 Ubuntu 18.04 LTS hostapd – 2:2.6-15ubuntu2.3 wpasupplicant – 2:2.6-15ubuntu2.3 Ubuntu 16.04 LTS hostapd – 2.4-0ubuntu6.5 wpasupplicant – 2.4-0ubuntu6.5 To update your system, please follow these [ more… ]

USN-3967-1: FFmpeg vulnerabilities FFmpeg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary FFmpeg could be made to crash if it opened a specially crafted file. Software Description ffmpeg – Tools for transcoding, streaming and playing of multimedia files Details It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ffmpeg – 7:4.1.3-0ubuntu1 libavcodec-extra58 – 7:4.1.3-0ubuntu1 libavcodec58 – 7:4.1.3-0ubuntu1 libavdevice58 – 7:4.1.3-0ubuntu1 libavfilter-extra7 – 7:4.1.3-0ubuntu1 libavfilter7 – 7:4.1.3-0ubuntu1 libavformat58 – 7:4.1.3-0ubuntu1 libavresample4 – 7:4.1.3-0ubuntu1 libavutil56 – 7:4.1.3-0ubuntu1 libpostproc55 – 7:4.1.3-0ubuntu1 libswresample3 – 7:4.1.3-0ubuntu1 libswscale5 – [ more… ]

USN-3968-1: Sudo vulnerabilities sudo vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in Sudo. Software Description sudo – Provide limited super user privileges to specific users Details Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. (CVE-2016-7076) It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS sudo – 1.8.16-0ubuntu1.6 sudo-ldap – 1.8.16-0ubuntu1.6 To update [ more… ]

USN-3965-1: aria2 vulnerability aria2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary aria2 stores authentication information in plain text. Software Description aria2 – High speed command-line download utility Details Dhiraj Mishra discovered that aria2 incorrectly stored authentication information. A local attacker could possibly use this issue to obtain credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 aria2 – 1.34.0-3ubuntu0.1 libaria2-0 – 1.34.0-3ubuntu0.1 Ubuntu 18.10 aria2 – 1.34.0-2ubuntu0.1 libaria2-0 – 1.34.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3500 Source: USN-3965-1: aria2 vulnerability

USN-3966-1: GNOME Shell vulnerability gnome-shell vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary GNOME Shell could be made to execute keyboard shortcuts and other actions while the workstation was locked. Software Description gnome-shell – graphical shell for the GNOME desktop Details It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gnome-shell – 3.30.2-0ubuntu1.18.10.2 Ubuntu 18.04 LTS gnome-shell – 3.28.3+git20190124-0ubuntu18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2019-3820 Source: USN-3966-1: [ more… ]