SECURITY

USN-3918-4: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3918-1 caused a regression in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, [ more… ]

USN-3949-1: OpenJDK 11 vulnerability openjdk-lts vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-lts – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS openjdk-11-jdk – 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jre – 11.0.2+9-3ubuntu1~18.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses [ more… ]

USN-3948-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.24.1-0ubuntu0.18.10.2 libwebkit2gtk-4.0-37 – 2.24.1-0ubuntu0.18.10.2 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.24.1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

USN-3947-2: Libxslt vulnerability libxslt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Libxslt could be made to expose sensitive information if it received a specially crafted file. Software Description libxslt – XSLT processing library Details USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libxslt1.1 – 1.1.26-8ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3947-1 CVE-2019-11068 Source: USN-3947-2: Libxslt vulnerability

USN-3947-1: Libxslt vulnerability libxslt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libxslt could be made to expose sensitive information if it received a specially crafted file. Software Description libxslt – XSLT processing library Details It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libxslt1.1 – 1.1.32-2ubuntu0.1 Ubuntu 18.04 LTS libxslt1.1 – 1.1.29-5ubuntu0.1 Ubuntu 16.04 LTS libxslt1.1 – 1.1.28-2.1ubuntu0.2 Ubuntu 14.04 LTS libxslt1.1 – 1.1.28-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11068 Source: USN-3947-1: Libxslt vulnerability