Ubuntu security

USN-4040-2: Expat vulnerability expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Expat could be made to consume a high amount of RAM and CPU resources if it received a specially crafted XML file. Software Description expat – XML parsing C library Details USN-4040-1 fixed a vulnerability in expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM lib64expat1 – 2.1.0-4ubuntu1.4+esm1 libexpat1 – 2.1.0-4ubuntu1.4+esm1 Ubuntu 12.04 ESM lib64expat1 – 2.0.1-7.2ubuntu1.6 libexpat1 – 2.0.1-7.2ubuntu1.6 To update your system, please follow [ more… ]

USN-4040-1: Expat vulnerability expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Expat could be made to consume a high amount of RAM and CPU resources if it received a specially crafted XML file. Software Description expat – XML parsing C library Details It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libexpat1 – 2.2.6-1ubuntu0.19.04 Ubuntu 18.10 libexpat1 – 2.2.6-1ubuntu0.18.10 Ubuntu 18.04 LTS libexpat1 – 2.2.5-3ubuntu0.1 Ubuntu 16.04 LTS lib64expat1 – 2.1.0-7ubuntu0.16.04.4 libexpat1 – 2.1.0-7ubuntu0.16.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

USN-4038-2: bzip2 vulnerabilities bzip2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bzip2 – 1.0.6-5ubuntu0.1~esm1 lib32bz2-1.0 – 1.0.6-5ubuntu0.1~esm1 lib64bz2-1.0 – 1.0.6-5ubuntu0.1~esm1 libbz2-1.0 – 1.0.6-5ubuntu0.1~esm1 Ubuntu [ more… ]

USN-4038-1: bzip2 vulnerabilities bzip2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in bzip2. Software Description bzip2 – high-quality block-sorting file compressor – utilities Details Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 bzip2 – 1.0.6-9ubuntu0.19.04 libbz2-1.0 – 1.0.6-9ubuntu0.19.04 Ubuntu 18.10 bzip2 – 1.0.6-9ubuntu0.18.10 libbz2-1.0 – 1.0.6-9ubuntu0.18.10 Ubuntu 18.04 LTS bzip2 – 1.0.6-8.1ubuntu0.1 libbz2-1.0 – 1.0.6-8.1ubuntu0.1 Ubuntu 16.04 LTS [ more… ]

USN-4037-1: policykit-desktop-privileges update policykit-desktop-privileges update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary A security improvement has been made to policykit-desktop-privileges. Software Description policykit-desktop-privileges – run common desktop actions without password Details The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 policykit-desktop-privileges – 0.20ubuntu19.04.1 Ubuntu 18.10 policykit-desktop-privileges – 0.20ubuntu18.10.1 Ubuntu 18.04 LTS policykit-desktop-privileges – 0.20ubuntu18.04.1 Ubuntu 16.04 LTS policykit-desktop-privileges – 0.20ubuntu16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1832337 Source: USN-4037-1: policykit-desktop-privileges update