SECURITY

USN-3859-1: libarchive vulnerabilities libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libarchive. Software Description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 and Ubuntu 18.10 LTS. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-14502) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libarchive13 – 3.2.2-5ubuntu0.1 Ubuntu 18.04 LTS [ more… ]

USN-3858-1: HAProxy vulnerabilities haproxy vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in HAProxy. Software Description haproxy – fast and reliable load balancing reverse proxy Details It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. (CVE-2018-20102) It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20103, CVE-2018-20615) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 haproxy – 1.8.13-2ubuntu0.1 Ubuntu 18.04 LTS haproxy – 1.8.8-1ubuntu0.3 Ubuntu 16.04 LTS haproxy – 1.6.3-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3857-1: PEAR vulnerability php-pear vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary XXX FILL ME IN: Summary for regular (non-admin) users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. Software Description php-pear – PHP Extension and Application Repository Details Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 php-pear – 1:1.10.5+submodules+notgz-1ubuntu1.18.10.1 Ubuntu 18.04 LTS php-pear – 1:1.10.5+submodules+notgz-1ubuntu1.18.04.1 Ubuntu 16.04 LTS php-pear – 1:1.10.1+submodules+notgz-6ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3856-1: GNOME Bluetooth vulnerability gnome-bluetooth vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary GNOME Bluetooth could allow unintended access to devices. Software Description gnome-bluetooth – GNOME Bluetooth tools Details Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS gnome-bluetooth – 3.28.0-2ubuntu0.1 libgnome-bluetooth13 – 3.28.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-10910 Source: USN-3856-1: GNOME Bluetooth vulnerability