SECURITY

USN-3946-1: rssh vulnerabilities rssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary rssh could be made to run arbitrary commands if it received specially crafted input. Software Description rssh – Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist Details It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh’s command restrictions, allowing an attacker to run arbitrary commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 rssh – 2.3.4-8ubuntu0.2 Ubuntu 18.04 LTS rssh – 2.3.4-7ubuntu0.1 Ubuntu 16.04 LTS rssh – 2.3.4-4+deb8u2ubuntu0.16.04.2 Ubuntu 14.04 LTS rssh – 2.3.4-4+deb8u2ubuntu0.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3945-1: Ruby vulnerabilities ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Ruby. Software Description ruby2.5 – Interpreter of object-oriented scripting language Ruby ruby2.3 – Object-oriented scripting language ruby1.9.1 – Object-oriented scripting language ruby2.0 – Object-oriented scripting language Details It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libruby2.5 – 2.5.1-5ubuntu4.3 ruby2.5 – 2.5.1-5ubuntu4.3 Ubuntu 18.04 LTS libruby2.5 – 2.5.1-1ubuntu1.2 [ more… ]

USN-3944-1: wpa_supplicant and hostapd vulnerabilities wpa vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in wpa_supplicant and hostapd. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499) It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn’t available, it would fall [ more… ]

USN-3937-2: Apache vulnerabilities apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Apache. Software Description apache2 – Apache HTTP server Details USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Robert Swiecki discovered that the Apache HTTP Server incorrectly handled [ more… ]