Ubuntu security

USN-3937-1: Apache HTTP Server vulnerabilities apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the Apache HTTP Server. Software Description apache2 – Apache HTTP server Details Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly [ more… ]

USN-3936-1: AdvanceCOMP vulnerability advancecomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. Software Description advancecomp – collection of recompression utilities Details It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 advancecomp – 2.1-1ubuntu0.18.10.1 Ubuntu 18.04 LTS advancecomp – 2.1-1ubuntu0.18.04.1 Ubuntu 16.04 LTS advancecomp – 1.20-1ubuntu0.2 Ubuntu 14.04 LTS advancecomp – 1.18-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-9210 Source: USN-3936-1: AdvanceCOMP vulnerability

USN-3935-1: BusyBox vulnerabilities busybox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in BusyBox. Software Description busybox – Tiny utilities for small and embedded systems Details Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325) Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645) It was discovered that BusyBox incorrectly handled certain ZIP archives. If a [ more… ]

USN-3934-1: PolicyKit vulnerability policykit-1 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary PolicyKit could allow unintended access. Software Description policykit-1 – framework for managing administrative policies and privileges Details It was discovered that PolicyKit incorrectly relied on the fork() system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libpolkit-backend-1-0 – 0.105-21ubuntu0.4 policykit-1 – 0.105-21ubuntu0.4 Ubuntu 18.04 LTS libpolkit-backend-1-0 – 0.105-20ubuntu0.18.04.5 policykit-1 – 0.105-20ubuntu0.18.04.5 Ubuntu 16.04 LTS libpolkit-backend-1-0 – 0.105-14.1ubuntu0.5 policykit-1 – 0.105-14.1ubuntu0.5 Ubuntu 14.04 LTS libpolkit-backend-1-0 – 0.105-4ubuntu3.14.04.6 policykit-1 – 0.105-4ubuntu3.14.04.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3933-2: Linux kernel (Trusty HWE) vulnerabilities linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information (kernel memory). (CVE-2017-1000410) It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause [ more… ]