SECURITY

USN-3960-1: WavPack vulnerability wavpack vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary WavPack could be made to crash if it received a specially crafted file. Software Description wavpack – audio codec (lossy and lossless) – encoder and decoder Details It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwavpack1 – 5.1.0-5ubuntu0.1 wavpack – 5.1.0-5ubuntu0.1 Ubuntu 18.10 libwavpack1 – 5.1.0-4ubuntu0.2 wavpack – 5.1.0-4ubuntu0.2 Ubuntu 18.04 LTS libwavpack1 – 5.1.0-2ubuntu1.3 wavpack – 5.1.0-2ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11498 Source: USN-3960-1: [ more… ]

USN-3959-1: Evince vulnerability evince vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Evince could be made to expose sensitive information if it received a specially crafted file. Software Description evince – Document viewer Details It was discovered that Evince incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 evince – 3.32.0-1ubuntu0.1 evince-common – 3.32.0-1ubuntu0.1 Ubuntu 18.10 evince – 3.30.1-1ubuntu1.3 evince-common – 3.30.1-1ubuntu1.3 Ubuntu 18.04 LTS evince – 3.28.4-0ubuntu1.1 evince-common – 3.28.4-0ubuntu1.1 Ubuntu 16.04 LTS evince – 3.18.2-1ubuntu4.4 evince-common – 3.18.2-1ubuntu4.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3958-1: GStreamer Base Plugins vulnerability gst-plugins-base0.10, gst-plugins-base1.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic. Software Description gst-plugins-base1.0 – GStreamer plugins gst-plugins-base0.10 – GStreamer plugins Details It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gstreamer1.0-plugins-base – 1.14.4-1ubuntu1.1 Ubuntu 18.04 LTS gstreamer1.0-plugins-base – 1.14.1-1ubuntu1~ubuntu18.04.2 Ubuntu 16.04 LTS gstreamer0.10-plugins-base – 0.10.36-2ubuntu0.2 gstreamer1.0-plugins-base – 1.8.3-1ubuntu0.3 To [ more… ]

USN-3957-1: MySQL vulnerabilities mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 mysql-server-5.7 – 5.7.26-0ubuntu0.19.04.1 Ubuntu 18.10 mysql-server-5.7 – 5.7.26-0ubuntu0.18.10.1 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.26-0ubuntu0.18.04.1 Ubuntu 16.04 LTS mysql-server-5.7 [ more… ]

USN-3956-1: Bind vulnerability bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Bind could be made to consume resources if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 bind9 – 1:9.11.5.P1+dfsg-1ubuntu2.3 Ubuntu 18.10 bind9 – 1:9.11.4+dfsg-3ubuntu5.3 Ubuntu 18.04 LTS bind9 – 1:9.11.3+dfsg-1ubuntu1.7 Ubuntu 16.04 LTS bind9 – 1:9.10.3.dfsg.P4-8ubuntu1.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]