Ubuntu security

USN-3947-2: Libxslt vulnerability libxslt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Libxslt could be made to expose sensitive information if it received a specially crafted file. Software Description libxslt – XSLT processing library Details USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libxslt1.1 – 1.1.26-8ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3947-1 CVE-2019-11068 Source: USN-3947-2: Libxslt vulnerability

USN-3947-1: Libxslt vulnerability libxslt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libxslt could be made to expose sensitive information if it received a specially crafted file. Software Description libxslt – XSLT processing library Details It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libxslt1.1 – 1.1.32-2ubuntu0.1 Ubuntu 18.04 LTS libxslt1.1 – 1.1.29-5ubuntu0.1 Ubuntu 16.04 LTS libxslt1.1 – 1.1.28-2.1ubuntu0.2 Ubuntu 14.04 LTS libxslt1.1 – 1.1.28-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-11068 Source: USN-3947-1: Libxslt vulnerability

USN-3946-1: rssh vulnerabilities rssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary rssh could be made to run arbitrary commands if it received specially crafted input. Software Description rssh – Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist Details It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh’s command restrictions, allowing an attacker to run arbitrary commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 rssh – 2.3.4-8ubuntu0.2 Ubuntu 18.04 LTS rssh – 2.3.4-7ubuntu0.1 Ubuntu 16.04 LTS rssh – 2.3.4-4+deb8u2ubuntu0.16.04.2 Ubuntu 14.04 LTS rssh – 2.3.4-4+deb8u2ubuntu0.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3945-1: Ruby vulnerabilities ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Ruby. Software Description ruby2.5 – Interpreter of object-oriented scripting language Ruby ruby2.3 – Object-oriented scripting language ruby1.9.1 – Object-oriented scripting language ruby2.0 – Object-oriented scripting language Details It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libruby2.5 – 2.5.1-5ubuntu4.3 ruby2.5 – 2.5.1-5ubuntu4.3 Ubuntu 18.04 LTS libruby2.5 – 2.5.1-1ubuntu1.2 [ more… ]

USN-3944-1: wpa_supplicant and hostapd vulnerabilities wpa vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in wpa_supplicant and hostapd. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499) It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn’t available, it would fall [ more… ]