Ubuntu security

USN-4017-2: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary The system could be made to crash if it received specially crafted network traffic. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. [ more… ]

USN-3991-3: Firefox regression firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-3991-2 caused a regression in Firefox Software Description firefox – Mozilla Open Source web browser Details USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or [ more… ]

USN-4015-2: DBus vulnerability dbus vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary DBus could allow unintended access to services. Software Description dbus – simple interprocess messaging system Details USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM dbus – 1.6.18-0ubuntu4.5+esm1 libdbus-1-3 – 1.6.18-0ubuntu4.5+esm1 Ubuntu 12.04 ESM dbus – 1.4.18-1ubuntu1.9 libdbus-1-3 – 1.4.18-1ubuntu1.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-4016-2: Neovim vulnerability Neovim vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Neovim could be made to run programs as your login if it opened a specially crafted file. Software Description neovim – heavily refactored vim fork Details It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 neovim – 0.3.4-1ubuntu0.19.04.1 neovim-runtime – 0.3.4-1ubuntu0.19.04.1 Ubuntu 18.10 neovim – 0.3.1-1ubuntu0.1 neovim-runtime – 0.3.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4016-1 CVE-2019-12735 Source: USN-4016-2: Neovim vulnerability

USN-4016-1: Vim vulnerabilities vim vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Vim. Software Description vim – Vi IMproved – enhanced vi editor Details It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 vim – 2:8.1.0320-1ubuntu3.1 vim-common – 2:8.1.0320-1ubuntu3.1 vim-gui-common – 2:8.1.0320-1ubuntu3.1 vim-runtime – 2:8.1.0320-1ubuntu3.1 Ubuntu 18.10 vim – 2:8.0.1766-1ubuntu1.1 vim-common – 2:8.0.1766-1ubuntu1.1 vim-gui-common – 2:8.0.1766-1ubuntu1.1 vim-runtime – 2:8.0.1766-1ubuntu1.1 Ubuntu 18.04 [ more… ]