SECURITY

USN-3953-1: PHP vulnerabilities php7.0, php7.2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in PHP. Software Description php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libapache2-mod-php7.2 – 7.2.17-0ubuntu0.19.04.1 php7.2-cgi – 7.2.17-0ubuntu0.19.04.1 php7.2-cli – 7.2.17-0ubuntu0.19.04.1 php7.2-fpm – 7.2.17-0ubuntu0.19.04.1 Ubuntu 18.10 libapache2-mod-php7.2 – 7.2.17-0ubuntu0.18.10.1 php7.2-cgi – 7.2.17-0ubuntu0.18.10.1 php7.2-cli – 7.2.17-0ubuntu0.18.10.1 php7.2-fpm – 7.2.17-0ubuntu0.18.10.1 Ubuntu 18.04 LTS libapache2-mod-php7.2 – 7.2.17-0ubuntu0.18.04.1 php7.2-cgi – 7.2.17-0ubuntu0.18.04.1 php7.2-cli [ more… ]

USN-3952-1: Pacemaker vulnerabilities pacemaker vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Pacemaker. Software Description pacemaker – Cluster resource manager Details Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-16877) Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. (CVE-2018-16878) Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885) Update instructions The problem can be corrected by updating your system to the following [ more… ]

USN-3951-1: Dovecot vulnerability dovecot vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Dovecot could be made to crash if it received specially crafted network traffic. Software Description dovecot – IMAP and POP3 email server Details It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 dovecot-core – 1:2.3.4.1-1ubuntu2.1 Ubuntu 18.10 dovecot-core – 1:2.3.2.1-1ubuntu3.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-10691 Source: USN-3951-1: Dovecot vulnerability

USN-3950-1: ZNC vulnerability znc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary ZNC could be made to crash or run programs if it received specially crafted network traffic. Software Description znc – advanced modular IRC bouncer Details It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 znc – 1.7.1-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-9917 Source: USN-3950-1: ZNC vulnerability

USN-3914-2: NTFS-3G update ntfs-3g update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary A hardening measure was added to NTFS-3G. Software Description ntfs-3g – read/write NTFS driver for FUSE Details USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory details: A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ntfs-3g – 1:2017.3.23-2ubuntu0.18.10.2 Ubuntu 18.04 LTS ntfs-3g – 1:2017.3.23-2ubuntu0.18.04.2 Ubuntu 16.04 LTS ntfs-3g – 1:2015.3.14AR.1-1ubuntu0.3 To update your system, please follow these [ more… ]