SECURITY

USN-3876-2: Avahi vulnerabilities avahi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Avahi. Software Description avahi – Avahi IPv4LL network address configuration daemon Details USN-3876-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM avahi-daemon – 0.6.30-5ubuntu2.3 libavahi-core7 – 0.6.30-5ubuntu2.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3876-1 CVE-2017-6519 CVE-2018-1000845 Source: USN-3876-2: Avahi vulnerabilities

USN-3876-1: Avahi vulnerabilities avahi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Avahi. Software Description avahi – Avahi IPv4LL network address configuration daemon Details Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 avahi-daemon – 0.7-4ubuntu2.1 libavahi-core7 – 0.7-4ubuntu2.1 Ubuntu 18.04 LTS avahi-daemon – 0.7-3.1ubuntu1.2 libavahi-core7 – 0.7-3.1ubuntu1.2 Ubuntu 16.04 LTS avahi-daemon – 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-core7 – 0.6.32~rc+dfsg-1ubuntu2.3 Ubuntu 14.04 LTS avahi-daemon – 0.6.31-4ubuntu1.3 libavahi-core7 – 0.6.31-4ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-3875-1: OpenJDK vulnerability openjdk-8, openjdk-lts vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 16.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-lts – Open Source Java implementation openjdk-8 – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 openjdk-11-jdk – 11.0.1+13-3ubuntu3.18.10.1 openjdk-11-jre – 11.0.1+13-3ubuntu3.18.10.1 openjdk-11-jre-headless – 11.0.1+13-3ubuntu3.18.10.1 Ubuntu 16.04 LTS openjdk-8-jdk – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-headless – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-jamvm – 8u191-b12-2ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional [ more… ]