SECURITY

USN-3943-2: Wget vulnerability wget vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Wget. Software Description wget – retrieves files from the web Details USN-3943-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM wget – 1.13.4-2ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3943-1 CVE-2019-5953 Source: USN-3943-2: Wget vulnerability

USN-3942-1: OpenJDK 7 vulnerability openjdk-7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-7 – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS icedtea-7-jre-jamvm – 7u211-2.6.17-0ubuntu0.1 openjdk-7-jdk – 7u211-2.6.17-0ubuntu0.1 openjdk-7-jre – 7u211-2.6.17-0ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References [ more… ]

USN-3943-1: Wget vulnerabilities wget vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Wget. Software Description wget – retrieves files from the web Details It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 wget – 1.19.5-1ubuntu1.1 Ubuntu 18.04 LTS wget – 1.19.4-1ubuntu2.2 Ubuntu 16.04 LTS wget – 1.17.1-1ubuntu1.5 Ubuntu 14.04 LTS wget – 1.15-1ubuntu1.14.04.5 To update your system, [ more… ]

USN-3938-1: systemd vulnerability systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The systemd PAM module could be used to gain additional PolicyKit privileges. Software Description systemd – system and service manager Details Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpam-systemd – 239-7ubuntu10.12 Ubuntu 18.04 LTS libpam-systemd – 237-3ubuntu10.19 Ubuntu 16.04 LTS libpam-systemd – 229-4ubuntu21.21 Ubuntu 14.04 LTS libpam-systemd – 204-5ubuntu20.31 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]

USN-3941-1: Lua vulnerability lua5.3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Lua could be made to crash if it received a specially crafted script. Software Description lua5.3 – Simple, extensible, embeddable programming language Details Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 lua5.3 – 5.3.3-1ubuntu0.18.10.1 Ubuntu 18.04 LTS lua5.3 – 5.3.3-1ubuntu0.18.04.1 Ubuntu 16.04 LTS lua5.3 – 5.3.1-1ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-6706 Source: USN-3941-1: Lua vulnerability