Ubuntu security

USN-4250-1: MySQL vulnerabilities mysql-5.7, mysql-8.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-8.0 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-19.html https://www.oracle.com/security-alerts/cpujan2020.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 mysql-server-8.0 – 8.0.19-0ubuntu0.19.10.3 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.29-0ubuntu0.18.04.1 Ubuntu [ more… ]

USN-4230-2: ClamAV vulnerability clamav vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ClamAV could be made to crash if it opened a specially crafted file. Software Description clamav – Anti-virus utility for Unix Details USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM clamav – 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM clamav – 0.102.1+dfsg-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream [ more… ]

USN-4233-2: GnuTLS update gnutls28 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround. Software Description gnutls28 – GNU TLS library Details USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libgnutls30 – 3.5.18-1ubuntu1.3 Ubuntu 16.04 LTS libgnutls30 – 3.4.10-4ubuntu1.7 To update your system, [ more… ]

USN-4247-3: python-apt vulnerabilities python-apt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in python-apt. Software Description python-apt – Python interface to libapt-pkg Details USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-apt – 0.9.3.5ubuntu3+esm2 python3-apt – 0.9.3.5ubuntu3+esm2 Ubuntu [ more… ]

USN-4249-1: e2fsprogs vulnerability e2fsprogs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary e2fsprogs could be made to execute arbitrary code if it was running in a crafted ext4 partition. Software Description e2fsprogs – ext2/ext3/ext4 file system utilities Details It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 e2fsprogs – 1.45.3-4ubuntu2.1 Ubuntu 19.04 e2fsprogs – 1.44.6-1ubuntu0.2 Ubuntu 18.04 LTS e2fsprogs – 1.44.1-1ubuntu1.3 Ubuntu 16.04 LTS e2fsprogs – 1.42.13-1ubuntu1.2 Ubuntu 14.04 ESM e2fsprogs – 1.42.9-3ubuntu1.3+esm2 Ubuntu 12.04 ESM e2fsprogs – 1.42-1ubuntu2.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]