Ubuntu security

USN-3937-2: Apache vulnerabilities apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Apache. Software Description apache2 – Apache HTTP server Details USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Robert Swiecki discovered that the Apache HTTP Server incorrectly handled [ more… ]

USN-3943-2: Wget vulnerability wget vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Wget. Software Description wget – retrieves files from the web Details USN-3943-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM wget – 1.13.4-2ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3943-1 CVE-2019-5953 Source: USN-3943-2: Wget vulnerability

USN-3942-1: OpenJDK 7 vulnerability openjdk-7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-7 – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS icedtea-7-jre-jamvm – 7u211-2.6.17-0ubuntu0.1 openjdk-7-jdk – 7u211-2.6.17-0ubuntu0.1 openjdk-7-jre – 7u211-2.6.17-0ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References [ more… ]

USN-3943-1: Wget vulnerabilities wget vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Wget. Software Description wget – retrieves files from the web Details It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 wget – 1.19.5-1ubuntu1.1 Ubuntu 18.04 LTS wget – 1.19.4-1ubuntu2.2 Ubuntu 16.04 LTS wget – 1.17.1-1ubuntu1.5 Ubuntu 14.04 LTS wget – 1.15-1ubuntu1.14.04.5 To update your system, [ more… ]

USN-3938-1: systemd vulnerability systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The systemd PAM module could be used to gain additional PolicyKit privileges. Software Description systemd – system and service manager Details Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpam-systemd – 239-7ubuntu10.12 Ubuntu 18.04 LTS libpam-systemd – 237-3ubuntu10.19 Ubuntu 16.04 LTS libpam-systemd – 229-4ubuntu21.21 Ubuntu 14.04 LTS libpam-systemd – 204-5ubuntu20.31 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]