Ubuntu security

USN-4176-1: GNU cpio vulnerability cpio vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary GNU cpio could be made to expose sensitive information if it received a specially crafted input. Software Description cpio – a tool to manage archives of files Details Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 cpio – 2.12+dfsg-9ubuntu0.1 Ubuntu 19.04 cpio – 2.12+dfsg-6ubuntu0.19.04.1 Ubuntu 18.04 LTS cpio – 2.12+dfsg-6ubuntu0.18.04.1 Ubuntu 16.04 LTS cpio – 2.11+dfsg-5ubuntu1.1 Ubuntu 14.04 ESM cpio – 2.11+dfsg-1ubuntu1.2+esm1 Ubuntu 12.04 ESM cpio – 2.11-7ubuntu3.3 To update your system, please follow these [ more… ]

USN-4165-2: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4165-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – [ more… ]

USN-4171-4: Apport regression apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary USN-4171-2 introduced a regression in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-2 fixed a vulnerability in Apport. The update caused a regression in the Python Apport library. This update fixes the problem for Ubuntu 14.04 ESM. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos [ more… ]

USN-4175-1: Nokogiri vulnerability ruby-nokogiri vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Nokogiri could be made to execute programs if it received specially crafted input. Software Description ruby-nokogiri – HTML, XML, SAX, and Reader parser for Ruby Details It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 ruby-nokogiri – 1.10.3+dfsg1-2ubuntu0.1 Ubuntu 19.04 ruby-nokogiri – 1.10.0+dfsg1-2ubuntu0.1 Ubuntu 18.04 LTS ruby-nokogiri – 1.8.2-1ubuntu0.1 Ubuntu 16.04 LTS ruby-nokogiri – 1.6.7.2-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-5477 Source: USN-4175-1: Nokogiri vulnerability

USN-4174-1: HAproxy vulnerability haproxy vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary HAproxy would allow unintended access if ii received specially crafted HTTP request. Software Description haproxy – fast and reliable load balancing reverse proxy Details It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 haproxy – 2.0.5-1ubuntu0.2 Ubuntu 19.04 haproxy – 1.8.19-1ubuntu1.2 Ubuntu 18.04 LTS haproxy – 1.8.8-1ubuntu0.7 Ubuntu 16.04 LTS haproxy – 1.6.3-1ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-18277 Source: USN-4174-1: HAproxy vulnerability