Ubuntu security

USN-4097-1: PHP vulnerabilities php7.0, php7.2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary PHP could be made to crash or execute arbitrary code if it received specially crafted image. Software Description php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libapache2-mod-php7.2 – 7.2.19-0ubuntu0.19.04.2 php7.2-cgi – 7.2.19-0ubuntu0.19.04.2 php7.2-cli – 7.2.19-0ubuntu0.19.04.2 php7.2-fpm – 7.2.19-0ubuntu0.19.04.2 php7.2-xmlrpc – 7.2.19-0ubuntu0.19.04.2 Ubuntu 18.04 LTS libapache2-mod-php7.2 – 7.2.19-0ubuntu0.18.04.2 php7.2-cgi – 7.2.19-0ubuntu0.18.04.2 php7.2-cli – 7.2.19-0ubuntu0.18.04.2 php7.2-fpm – 7.2.19-0ubuntu0.18.04.2 php7.2-xmlrpc – 7.2.19-0ubuntu0.18.04.2 Ubuntu 16.04 LTS libapache2-mod-php7.0 [ more… ]

USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN [ more… ]

USN-4096-1: Linux kernel (AWS) vulnerability linux-aws, linux-aws-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary The system could be made to expose sensitive information. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems Details Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 linux-image-5.0.0-1012-aws – 5.0.0-1012.13 linux-image-aws – 5.0.0.1012.12 Ubuntu 18.04 LTS linux-image-4.15.0-1045-aws – 4.15.0-1045.47 linux-image-aws – 4.15.0.1045.44 Ubuntu 16.04 LTS linux-image-4.15.0-1045-aws – 4.15.0-1045.47~16.04.1 linux-image-aws-hwe – 4.15.0.1045.45 To update your system, please follow these instructions: [ more… ]

USN-4095-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial [ more… ]

USN-4094-1: Linux kernel vulnerabilities linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local [ more… ]