Ubuntu security

USN-3990-1: urllib3 vulnerabilities python-urllib3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in urllib3. Software Description python-urllib3 – HTTP library with thread-safe connection pooling for Python Details It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectatons. [ more… ]

USN-3989-1: LibRaw vulnerabilities libraw vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in LibRaw. Software Description libraw – raw image decoder library Details It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libraw16 – 0.18.13-1ubuntu0.1 Ubuntu 18.04 LTS libraw16 – 0.18.8-1ubuntu0.3 Ubuntu 16.04 LTS libraw15 – 0.17.1-1ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session [ more… ]

USN-3985-2: libvirt update libvirt update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were addressed in libvirt. Software Description libvirt – Libvirt virtualization toolkit Details Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida [ more… ]

USN-3988-1: MediaInfo vulnerabilities libmediainfo vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary MediaInfo could be made to crash if it opened a specially crafted file. Software Description libmediainfo – library reading metadata from media files Details It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libmediainfo0v5 – 18.12-1ubuntu0.1 Ubuntu 18.10 libmediainfo0v5 – 18.03.1-1ubuntu0.1 Ubuntu 18.04 LTS libmediainfo0v5 – 17.12-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-3986-1: Wireshark vulnerabilities Wireshark vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Wireshark could be made to crash if it received specially crafted network traffic or input files. Software Description wireshark – network traffic analyzer Details It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malform packets onto the wire or convincing someone to read a malformed packet trace file. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libwireshark-data – 2.6.8-1~ubuntu18.10.0 libwireshark11 – 2.6.8-1~ubuntu18.10.0 libwiretap8 – 2.6.8-1~ubuntu18.10.0 libwscodecs2 – 2.6.8-1~ubuntu18.10.0 libwsutil9 – 2.6.8-1~ubuntu18.10.0 tshark – 2.6.8-1~ubuntu18.10.0 wireshark – 2.6.8-1~ubuntu18.10.0 wireshark-common – 2.6.8-1~ubuntu18.10.0 wireshark-gtk – 2.6.8-1~ubuntu18.10.0 wireshark-qt – 2.6.8-1~ubuntu18.10.0 Ubuntu 18.04 LTS libwireshark-data – 2.6.8-1~ubuntu18.04.0 libwireshark11 [ more… ]