No Image

USN-4128-2: Tomcat vulnerabilities

2019-09-18 KENNETH 0

USN-4128-2: Tomcat vulnerabilities tomcat9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in Tomcat 9. Software Description tomcat9 – Servlet and JSP engine Details It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libtomcat9-java – 9.0.16-3ubuntu0.19.04.1 tomcat9 – 9.0.16-3ubuntu0.19.04.1 Ubuntu 18.04 LTS libtomcat9-java – 9.0.16-3ubuntu0.18.04.1 tomcat9 – 9.0.16-3ubuntu0.18.04.1 To update your system, please follow [ more… ]

No Image

USN-4136-2: wpa_supplicant and hostapd vulnerability

2019-09-18 KENNETH 0

USN-4136-2: wpa_supplicant and hostapd vulnerability wpa, wpasupplicant vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. Software Description wpa – client support for WPA and WPA2 wpasupplicant – client support for WPA and WPA2 Details USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM hostapd – 1:2.1-0ubuntu1.7+esm2 wpasupplicant – 2.1-0ubuntu1.7+esm2 Ubuntu 12.04 ESM [ more… ]

No Image

USN-4136-1: wpa_supplicant and hostapd vulnerability

2019-09-18 KENNETH 0

USN-4136-1: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 hostapd – 2:2.6-21ubuntu3.3 wpasupplicant – 2:2.6-21ubuntu3.3 Ubuntu 18.04 LTS hostapd – 2:2.6-15ubuntu2.5 wpasupplicant – 2:2.6-15ubuntu2.5 Ubuntu 16.04 LTS hostapd – 1:2.4-0ubuntu6.6 wpasupplicant – 2.4-0ubuntu6.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

No Image

USN-4135-2: Linux kernel vulnerabilities

2019-09-18 KENNETH 0

USN-4135-2: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC [ more… ]

No Image

USN-4135-1: Linux kernel vulnerabilities

2019-09-18 KENNETH 0

USN-4135-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors linux-oracle – [ more… ]