Ubuntu security

USN-3975-1: OpenJDK vulnerabilities openjdk-8, openjdk-lts vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK. Software Description openjdk-lts – Open Source Java implementation openjdk-8 – Open Source Java implementation Details It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). (CVE-2019-2602) Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. (CVE-2019-2684) Mateusz Jurczyk discovered a vulnerability in the 2D component of OpenJDK. An attacker could use this to possibly escape Java sandbox restrictions. [ more… ]

USN-3974-1: VCFtools vulnerabilities VCFtools vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary VCFTools could be made to crash if it received specially crafted input. Software Description vcftools – Collection of tools to work with VCF files Details It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. (CVE-2018-11099, CVE-2018-11129, CVE-2018-11130) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS vcftools – 0.1.14+dfsg-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 Source: USN-3974-1: VCFtools vulnerabilities

USN-3972-1: PostgreSQL vulnerabilities postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in PostgreSQL. Software Description postgresql-11 – object-relational SQL database postgresql-10 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129) Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 postgresql-11 – 11.3-0ubuntu0.19.04.1 Ubuntu 18.10 postgresql-10 – 10.8-0ubuntu0.18.10.1 Ubuntu 18.04 LTS postgresql-10 – 10.8-0ubuntu0.18.04.1 [ more… ]

USN-3969-2: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. Software Description wpa – client support for WPA and WPA2 Details USN-3969-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM hostapd – 2.1-0ubuntu1.7+esm1 wpasupplicant – 2.1-0ubuntu1.7+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]

USN-3956-2: Bind vulnerability bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Bind could be made to consume resources if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM bind9 – 1:9.9.5.dfsg-3ubuntu0.19+esm1 Ubuntu 12.04 ESM bind9 – 1:9.8.1.dfsg.P1-4ubuntu0.28 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]