Ubuntu security

USN-4020-1: Firefox vulnerability firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 firefox – 67.0.3+build1-0ubuntu0.19.04.1 Ubuntu 18.10 firefox – 67.0.3+build1-0ubuntu0.18.10.1 Ubuntu 18.04 LTS firefox – 67.0.3+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS firefox – 67.0.3+build1-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-4021-1: libvirt vulnerabilities libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Several security issues were fixed in libvirt. Software Description libvirt – Libvirt virtualization toolkit Details Daniel P. Berrangé discovered that libvirt incorrectly handled socket permissions. A local attacker could possibly use this issue to access libvirt. (CVE-2019-10132) It was discovered that libvirt incorrectly performed certain permission checks. A remote attacker could possibly use this issue to access the guest agent and cause a denial of service. This issue only affected Ubuntu 19.04. (CVE-2019-3886) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libvirt-clients – 5.0.0-1ubuntu2.3 libvirt-daemon – 5.0.0-1ubuntu2.3 libvirt0 – 5.0.0-1ubuntu2.3 Ubuntu 18.10 libvirt-clients – 4.6.0-2ubuntu3.7 libvirt-daemon – 4.6.0-2ubuntu3.7 libvirt0 – 4.6.0-2ubuntu3.7 To update your system, please follow these instructions: [ more… ]

USN-4019-1: SQLite vulnerabilities sqlite3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SQLite. Software Description sqlite3 – C library that implements an SQL database engine Details It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 [ more… ]

USN-4018-1: samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Samba could be made to crash if it received specially crafted network traffic. Software Description samba – SMB/CIFS file, print, and login server for Unix Details It was discovered that Samba incorrectly handled certain RPC messages. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-12435) It was discovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-12436) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 samba – 2:4.10.0+dfsg-0ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-4017-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary The system could be made to crash if it received specially crafted network traffic. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) [ more… ]