Ubuntu security

USN-3965-1: aria2 vulnerability aria2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary aria2 stores authentication information in plain text. Software Description aria2 – High speed command-line download utility Details Dhiraj Mishra discovered that aria2 incorrectly stored authentication information. A local attacker could possibly use this issue to obtain credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 aria2 – 1.34.0-3ubuntu0.1 libaria2-0 – 1.34.0-3ubuntu0.1 Ubuntu 18.10 aria2 – 1.34.0-2ubuntu0.1 libaria2-0 – 1.34.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3500 Source: USN-3965-1: aria2 vulnerability

USN-3966-1: GNOME Shell vulnerability gnome-shell vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary GNOME Shell could be made to execute keyboard shortcuts and other actions while the workstation was locked. Software Description gnome-shell – graphical shell for the GNOME desktop Details It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gnome-shell – 3.30.2-0ubuntu1.18.10.2 Ubuntu 18.04 LTS gnome-shell – 3.28.3+git20190124-0ubuntu18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2019-3820 Source: USN-3966-1: [ more… ]

USN-3964-1: python-gnupg vulnerabilities python-gnupg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in python-gnupg Software Description python-gnupg – Python wrapper for the GNU Privacy Guard Details Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-gnupg – 0.4.3-1ubuntu1.19.04.1 python3-gnupg – 0.4.3-1ubuntu1.19.04.1 Ubuntu 18.10 python-gnupg – 0.4.1-1ubuntu1.18.10.1 python3-gnupg – [ more… ]

USN-3953-2: PHP vulnerabilities php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php5 – HTML-embedded scripting language interpreter Details USN-3953-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm1 php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm1 php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm1 php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm1 Ubuntu 12.04 ESM libapache2-mod-php5 – 5.3.10-1ubuntu3.35 php5-cgi – 5.3.10-1ubuntu3.35 php5-cli – [ more… ]

USN-3963-1: Memcached vulnerability memcached vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Memcached could be made to crash if it received specially crafted network traffic. Software Description memcached – high-performance memory object caching system Details It was discovered that Memcached incorrectly handled certain lru command messages. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 memcached – 1.5.10-0ubuntu1.19.04.1 Ubuntu 18.10 memcached – 1.5.10-0ubuntu1.18.10.1 Ubuntu 18.04 LTS memcached – 1.5.6-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11596 Source: USN-3963-1: Memcached vulnerability