No Image

USN-3889-1: WebKitGTK+ vulnerabilities

2019-02-13 KENNETH 0

USN-3889-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.22.6-0ubuntu0.18.10.1 libwebkit2gtk-4.0-37 – 2.22.6-0ubuntu0.18.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.22.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.22.6-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

No Image

USN-3888-1: GVfs vulnerability

2019-02-13 KENNETH 0

USN-3888-1: GVfs vulnerability gvfs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary GVfs could be made to expose sensitive information if it received a specially crafted input. Software Description gvfs – userspace virtual filesystem – GIO module Details It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gvfs – 1.38.1-0ubuntu1.2 gvfs-backends – 1.38.1-0ubuntu1.2 Ubuntu 18.04 LTS gvfs – 1.36.1-0ubuntu1.3 gvfs-backends – 1.36.1-0ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3827 Source: USN-3888-1: GVfs vulnerability

No Image

USN-3887-1: snapd vulnerability

2019-02-13 KENNETH 0

USN-3887-1: snapd vulnerability snapd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary snapd could be made to run programs as an administrator. Software Description snapd – Daemon and tooling that enable snap packages Details Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 snapd – 2.35.5+18.10.1 Ubuntu 18.04 LTS snapd – 2.34.2+18.04.1 Ubuntu 16.04 LTS [ more… ]

No Image

USN-3886-1: poppler vulnerabilities

2019-02-11 KENNETH 0

USN-3886-1: poppler vulnerabilities poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in poppler. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20551, CVE-2019-7310) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpoppler79 – 0.68.0-0ubuntu1.5 poppler-utils – 0.68.0-0ubuntu1.5 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.7 poppler-utils – 0.62.0-2ubuntu2.7 Ubuntu 16.04 LTS libpoppler58 – 0.41.0-0ubuntu1.12 poppler-utils – 0.41.0-0ubuntu1.12 Ubuntu 14.04 LTS libpoppler44 – 0.24.5-2ubuntu4.16 poppler-utils – 0.24.5-2ubuntu4.16 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

No Image

USN-3878-3: Linux kernel regression

2019-02-09 KENNETH 0

USN-3878-3: Linux kernel regression linux, linux-hwe regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary USN-3878-1 introduced a regression in the Linux kernel. Software Description linux – Linux kernel linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3878-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that could prevent systems with certain graphics chipsets from booting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of [ more… ]