Ubuntu security

USN-4043-1: Django vulnerabilities python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Django. Software Description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-12308) Gavin Wahl discovered that Django incorrectly handled certain requests. An attacker could possibly use this issue to bypass credentials and access administrator interface. (CVE-2019-12781) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-django – 1:1.11.20-1ubuntu0.1 python3-django – 1:1.11.20-1ubuntu0.1 Ubuntu 18.10 python-django – 1:1.11.15-1ubuntu1.3 python3-django – 1:1.11.15-1ubuntu1.3 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.4 python3-django [ more… ]

USN-4041-2: Linux kernel (HWE) update linux-lts-xenial, linux-aws, linux-azure update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4041-1 provided updates for the Linux kernel in Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM. USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A [ more… ]

USN-4041-1: Linux kernel update linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-aws-hwe – Linux [ more… ]

USN-4042-1: poppler vulnerabilities poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in poppler. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, or possibly execute arbitrary code Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libpoppler85 – 0.74.0-0ubuntu1.2 poppler-utils – 0.74.0-0ubuntu1.2 Ubuntu 18.10 libpoppler79 – 0.68.0-0ubuntu1.7 poppler-utils – 0.68.0-0ubuntu1.7 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.9 poppler-utils – 0.62.0-2ubuntu2.9 Ubuntu 16.04 LTS libpoppler58 – 0.41.0-0ubuntu1.14 poppler-utils – 0.41.0-0ubuntu1.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-4039-1: CImg vulnerabilities CImg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in CImg. Software Description cimg – C++ template image processing toolkit Details It was discovered that allocation failures could occur in CImg when loading crafted bmp images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7587) It was discovered that a heap-based buffer over-read existed in CImg when loading crafted bmp images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7588) It was discovered that a double free existed in CImg when loading crafted bmp images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7589) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu [ more… ]