No Image

USN-4315-2: Apport vulnerabilities

2020-06-15 KENNETH 0

USN-4315-2: Apport vulnerabilities apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4315-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to read arbitrary files via a symlink attack. (CVE-2020-8833) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM apport – 2.14.1-0ubuntu3.29+esm4 python-apport – 2.14.1-0ubuntu3.29+esm4 python3-apport – [ more… ]

No Image

USN-4395-1: fwupd vulnerability

2020-06-15 KENNETH 0

USN-4395-1: fwupd vulnerability fwupd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary fwupd could be made to install an unsigned firmware. Software Description fwupd – Firmware update daemon Details Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS fwupd – 1.3.9-4ubuntu0.1 libfwupd2 – 1.3.9-4ubuntu0.1 Ubuntu 19.10 fwupd – 1.2.10-1ubuntu4.1 libfwupd2 – 1.2.10-1ubuntu4.1 Ubuntu 18.04 LTS fwupd – 1.2.10-1ubuntu2~ubuntu18.04.5 libfwupd2 – 1.2.10-1ubuntu2~ubuntu18.04.5 Ubuntu 16.04 LTS fwupd – 0.8.3-0ubuntu5.1 libfwupd1 – 0.8.3-0ubuntu5.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

No Image

USN-4385-2: Intel Microcode regression

2020-06-11 KENNETH 0

USN-4385-2: Intel Microcode regression intel-microcode regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary USN-4385-1 introduced a regression in the Intel Microcode for some processors. Software Description intel-microcode – Processor microcode for Intel CPUs Details USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the ‘dis_ucode_ldr’ kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. [ more… ]

No Image

USN-4394-1: SQLite vulnerabilities

2020-06-10 KENNETH 0

USN-4394-1: SQLite vulnerabilities sqlite3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SQLite. Software Description sqlite3 – C library that implements an SQL database engine Details It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603) It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in [ more… ]

No Image

USN-4393-1: Linux kernel vulnerabilities

2020-06-10 KENNETH 0

USN-4393-1: Linux kernel vulnerabilities linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel Details It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. (CVE-2020-12654) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. [ more… ]