Ubuntu security

USN-4093-1: Linux kernel vulnerabilities linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that [ more… ]

USN-4070-3: MariaDB vulnerabilities MariaDB vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Several security issues were fixed in MariaDB. Software Description mariadb-10.3 – MariaDB database Details USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3. Ubuntu 19.04 LTS has been updated to MariaDB 10.3.17. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10317-changelog/ https://mariadb.com/kb/en/library/mariadb-10317-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug [ more… ]

USN-4070-2: MariaDB vulnerabilities MariaDB vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in MariaDB Software Description mariadb-10.1 – MariaDB database Details USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.41. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10141-changelog/ https://mariadb.com/kb/en/library/mariadb-10141-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, [ more… ]

USN-4092-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Ghostscript could be made to access files if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when ‘-dSAFER’ restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ghostscript – 9.26~dfsg+0-0ubuntu7.2 libgs9 – 9.26~dfsg+0-0ubuntu7.2 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.10 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.10 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.10 libgs9 – 9.26~dfsg+0-0ubuntu0.16.04.10 To update your [ more… ]

USN-4091-1: poppler vulnerability poppler vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary poppler could be made to crash if it received specially crafted PDF. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libpoppler85 – 0.74.0-0ubuntu1.3 poppler-utils – 0.74.0-0ubuntu1.3 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.10 poppler-utils – 0.62.0-2ubuntu2.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-14494 Source: USN-4091-1: poppler vulnerability