SECURITY

USN-3866-2: Ghostscript regression ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3866-1 introduced a regression in Ghostscript. Software Description ghostscript – PostScript and PDF interpreter Details USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.5 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.5 Ubuntu 18.04 LTS [ more… ]

USN-3892-1: GDM vulnerability gdm3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary GDM could give unauthorized access to a different user. Software Description gdm3 – GNOME Display Manager Details Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gdm3 – 3.30.1-1ubuntu5.1 Ubuntu 18.04 LTS gdm3 – 3.28.3-0ubuntu18.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2019-3825 Source: USN-3892-1: GDM vulnerability