Ubuntu security

USN-3990-2: urllib3 vulnerability python-urllib3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary urllib3 could be used to perform a CRLF injection if it received a specially crafted request. Software Description python-urllib3 – HTTP library with thread-safe connection pooling for Python Details USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-urllib3 – 1.7.1-1ubuntu4.1+esm1 python3-urllib3 – 1.7.1-1ubuntu4.1+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3990-1 CVE-2019-11236 [ more… ]

USN-4076-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20836) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It [ more… ]

USN-4054-2: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4054-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site [ more… ]

USN-4075-1: Exim vulnerability exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Exim could be made to run programs as an administrator if it received specially crafted network traffic. Software Description exim4 – Exim is a mail transport agent Details Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 exim4-daemon-heavy – 4.92-4ubuntu1.2 exim4-daemon-light – 4.92-4ubuntu1.2 Ubuntu 18.04 LTS exim4-daemon-heavy – 4.90.1-1ubuntu1.3 exim4-daemon-light – 4.90.1-1ubuntu1.3 Ubuntu 16.04 LTS exim4-daemon-heavy – 4.86.2-2ubuntu2.4 exim4-daemon-light – 4.86.2-2ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-4074-1: VLC vulnerabilities vlc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in VLC. Software Description vlc – multimedia player and streamer Details It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19857) It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12874) It was discovered that the VLC [ more… ]