Ubuntu security

USN-3971-1: Monit vulnerabilities Monit vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary Several security issues were fixed in Monit Software Description monit – utility for monitoring and managing daemons or similar programs Details Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information. (CVE-2019-11455) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 monit – 1:5.25.2-3ubuntu0.1 Ubuntu 18.10 monit – 1:5.25.2-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11454 CVE-2019-11455 Source: USN-3971-1: [ more… ]

USN-3970-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ghostscript – 9.26~dfsg+0-0ubuntu7.1 libgs9 – 9.26~dfsg+0-0ubuntu7.1 Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.9 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.9 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.9 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.9 [ more… ]

USN-3969-1: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 hostapd – 2:2.6-21ubuntu3.1 wpasupplicant – 2:2.6-21ubuntu3.1 Ubuntu 18.10 hostapd – 2:2.6-18ubuntu1.2 wpasupplicant – 2:2.6-18ubuntu1.2 Ubuntu 18.04 LTS hostapd – 2:2.6-15ubuntu2.3 wpasupplicant – 2:2.6-15ubuntu2.3 Ubuntu 16.04 LTS hostapd – 2.4-0ubuntu6.5 wpasupplicant – 2.4-0ubuntu6.5 To update your system, please follow these [ more… ]

USN-3967-1: FFmpeg vulnerabilities FFmpeg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary FFmpeg could be made to crash if it opened a specially crafted file. Software Description ffmpeg – Tools for transcoding, streaming and playing of multimedia files Details It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ffmpeg – 7:4.1.3-0ubuntu1 libavcodec-extra58 – 7:4.1.3-0ubuntu1 libavcodec58 – 7:4.1.3-0ubuntu1 libavdevice58 – 7:4.1.3-0ubuntu1 libavfilter-extra7 – 7:4.1.3-0ubuntu1 libavfilter7 – 7:4.1.3-0ubuntu1 libavformat58 – 7:4.1.3-0ubuntu1 libavresample4 – 7:4.1.3-0ubuntu1 libavutil56 – 7:4.1.3-0ubuntu1 libpostproc55 – 7:4.1.3-0ubuntu1 libswresample3 – 7:4.1.3-0ubuntu1 libswscale5 – [ more… ]

USN-3968-1: Sudo vulnerabilities sudo vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in Sudo. Software Description sudo – Provide limited super user privileges to specific users Details Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. (CVE-2016-7076) It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS sudo – 1.8.16-0ubuntu1.6 sudo-ldap – 1.8.16-0ubuntu1.6 To update [ more… ]