Ubuntu security

USN-4023-1: Mosquitto vulnerabilities mosquitto vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Mosquitto. Software Description mosquitto – MQTT version 3.1⁄3.1.1 compatible message broker Details It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libmosquitto1 – 1.4.15-2ubuntu0.18.10.3 libmosquittopp1 – 1.4.15-2ubuntu0.18.10.3 mosquitto – 1.4.15-2ubuntu0.18.10.3 mosquitto-clients – 1.4.15-2ubuntu0.18.10.3 Ubuntu 18.04 LTS libmosquitto1 – 1.4.15-2ubuntu0.18.04.3 libmosquittopp1 – 1.4.15-2ubuntu0.18.04.3 mosquitto – 1.4.15-2ubuntu0.18.04.3 mosquitto-clients – 1.4.15-2ubuntu0.18.04.3 Ubuntu 16.04 LTS libmosquitto1 – 1.4.8-1ubuntu0.16.04.7 libmosquittopp1 – 1.4.8-1ubuntu0.16.04.7 mosquitto – 1.4.8-1ubuntu0.16.04.7 mosquitto-clients – 1.4.8-1ubuntu0.16.04.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

USN-4026-1: Bind vulnerability bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 bind9 – 1:9.11.5.P1+dfsg-1ubuntu2.5 Ubuntu 18.10 bind9 – 1:9.11.4+dfsg-3ubuntu5.4 Ubuntu 18.04 LTS bind9 – 1:9.11.3+dfsg-1ubuntu1.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-6471 Source: USN-4026-1: Bind vulnerability

USN-4024-1: Evince update evince update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Use more restrictive AppArmor policy for Evince binaries. Software Description evince – Document viewer Details As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on parent directories of sensitive files. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS evince-common – 3.28.4-0ubuntu1.2 Ubuntu 16.04 LTS evince-common – 3.18.2-1ubuntu4.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4022-1: Gunicorn vulnerability Gunicorn vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Gunicorn could allow cross-site scripting (XSS) attacks. Software Description gunicorn – Python HTTP/WSGI server Details It was discovered that gunicorn improperly handled certain input. An attacker could potentially use this issue execute a cross-site scripting (XSS) attack. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS gunicorn – 19.4.5-1ubuntu1.1 gunicorn3 – 19.4.5-1ubuntu1.1 python-gunicorn – 19.4.5-1ubuntu1.1 python3-gunicorn – 19.4.5-1ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-1000164 Source: USN-4022-1: Gunicorn vulnerability

USN-4019-2: SQLite vulnerabilities sqlite3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in SQLite. Software Description sqlite3 – C library that implements an SQL database engine Details USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2017-2518) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that [ more… ]