Ubuntu security

USN-4054-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, [ more… ]

USN-4051-2: Apport vulnerability apport vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Apport could be made to expose sensitive information in crash reports. Software Description apport – automatically generate crash reports for debugging Details USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-apport – 2.14.1-0ubuntu3.29+esm1 python3-apport – 2.14.1-0ubuntu3.29+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4053-1: GVfs vulnerabilities gvfs vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in GVfs. Software Description gvfs – Userspace virtual filesystem Details It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449) It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 gvfs – 1.40.1-1ubuntu0.1 gvfs-backends – 1.40.1-1ubuntu0.1 Ubuntu 18.10 gvfs [ more… ]

USN-4051-1: Apport vulnerability apport vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Apport could be made to expose sensitive information in crash reports. Software Description apport – automatically generate crash reports for debugging Details Kevin Backhouse discovered a race-condition when reading the user’s local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-apport – 2.20.10-0ubuntu27.1 python3-apport – 2.20.10-0ubuntu27.1 Ubuntu 18.10 python-apport – 2.20.10-0ubuntu13.4 python3-apport – 2.20.10-0ubuntu13.4 Ubuntu 18.04 LTS python-apport – 2.20.9-0ubuntu7.7 python3-apport – 2.20.9-0ubuntu7.7 Ubuntu 16.04 LTS python-apport – 2.20.1-0ubuntu2.19 python3-apport – 2.20.1-0ubuntu2.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-4052-1: Whoopsie vulnerability whoopsie vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Whoopsie could be made to crash or expose sensitive information if it processed a specially crafted crash report. Software Description whoopsie – Ubuntu error tracker submission Details Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwhoopsie0 – 0.2.64ubuntu0.1 whoopsie – 0.2.64ubuntu0.1 Ubuntu 18.10 libwhoopsie0 – 0.2.62ubuntu1 whoopsie – 0.2.62ubuntu1 Ubuntu 18.04 LTS libwhoopsie0 – 0.2.62ubuntu0.1 whoopsie – 0.2.62ubuntu0.1 Ubuntu 16.04 LTS libwhoopsie0 – 0.2.52.5ubuntu0.1 whoopsie – 0.2.52.5ubuntu0.1 To update your system, please follow these instructions: [ more… ]