Ubuntu security

USN-4031-1: Linux kernel vulnerability linux, linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary 64-Bit PowerPC systems could be made to expose sensitive information. Software Description linux – Linux kernel linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power (ppc64el) systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 linux-image-5.0.0-19-generic – 5.0.0-19.20 linux-image-generic – 5.0.0.19.20 linux-image-virtual – 5.0.0.19.20 Ubuntu 18.10 linux-image-4.18.0-24-generic – 4.18.0-24.25 linux-image-generic – 4.18.0.24.25 linux-image-powerpc-e500mc – 4.18.0.24.25 linux-image-powerpc-smp – 4.18.0.24.25 linux-image-powerpc64-emb – 4.18.0.24.25 linux-image-powerpc64-smp – [ more… ]

USN-4030-1: web2py vulnerabilities web2py vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in web2py. Software Description web2py – High-level Python web development framework Details It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321) It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952) It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS python-gluon – 2.12.3-1ubuntu0.1 python-web2py – 2.12.3-1ubuntu0.1 To update your [ more… ]

USN-3977-3: Intel Microcode update intel-microcode update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary The system could be made to expose sensitive information. Software Description intel-microcode – Processor microcode for Intel CPUs Details USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core [ more… ]

USN-4028-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 thunderbird – 1:60.7.1+build1-0ubuntu0.19.04.1 Ubuntu 18.10 thunderbird – 1:60.7.1+build1-0ubuntu0.18.10.1 Ubuntu 18.04 LTS thunderbird – 1:60.7.1+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS thunderbird – 1:60.7.1+build1-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Thunderbird to [ more… ]

USN-4027-1: PostgreSQL vulnerability postgresql-10, postgresql-11 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary PostgreSQL could be made to crash or run programs if it received specially crafted network traffic. Software Description postgresql-11 – Object-relational SQL database postgresql-10 – Object-relational SQL database Details Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 postgresql-11 – 11.4-0ubuntu0.19.04.1 Ubuntu 18.10 postgresql-10 – 10.9-0ubuntu0.18.10.1 Ubuntu 18.04 LTS postgresql-10 – 10.9-0ubuntu0.18.04.1 To update your [ more… ]