ubuntu-usn

USN-4379-1: FreeRDP vulnerabilities freerdp2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in FreeRDP. Software Description freerdp2 – RDP client for Windows Terminal Services Details It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libfreerdp-client2-2 – 2.1.1+dfsg1-0ubuntu0.20.04.1 libfreerdp-server2-2 – 2.1.1+dfsg1-0ubuntu0.20.04.1 libfreerdp2-2 – 2.1.1+dfsg1-0ubuntu0.20.04.1 Ubuntu 19.10 libfreerdp-client2-2 – 2.1.1+dfsg1-0ubuntu0.19.10.1 libfreerdp-server2-2 – 2.1.1+dfsg1-0ubuntu0.19.10.1 libfreerdp2-2 – 2.1.1+dfsg1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libfreerdp-client2-2 – 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp-server2-2 – 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp2-2 – 2.1.1+dfsg1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a [ more… ]

USN-4377-2: ca-certificates update ca-certificates update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary An expired certificate was removed from ca-certificates. Software Description ca-certificates – Common CA certificates Details USN-4377-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 12.04 ESM and Ubuntu 14.04 ESM, this update refreshes the included certificates to those contained in the 20190110 package. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM ca-certificates – 20190110~14.04.1~esm1 Ubuntu 12.04 ESM ca-certificates – 20190110~12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]

USN-4378-1: Flask vulnerability flask vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Flask could be made to consume a large amount of memory if it received a specially crafted input. Software Description flask – Micro web framework based on Werkzeug and Jinja2 Details It was discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS python-flask – 0.12.2-3ubuntu0.1 python3-flask – 0.12.2-3ubuntu0.1 Ubuntu 16.04 LTS python-flask – 0.10.1-2ubuntu0.1 python3-flask – 0.10.1-2ubuntu0.1 Ubuntu 14.04 ESM python-flask – 0.10.1-2ubuntu0.1~esm1 python3-flask – 0.10.1-2ubuntu0.1~esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

USN-4377-1: ca-certificates update ca-certificates update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary An expired certificate was removed from ca-certificates. Software Description ca-certificates – Common CA certificates Details The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update refreshes the included certificates to those contained in the 20190110 package. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS ca-certificates – 20190110ubuntu1.1 Ubuntu 19.10 ca-certificates – 20190110ubuntu0.19.10.1 Ubuntu 18.04 LTS ca-certificates – 20190110~18.04.1 Ubuntu 16.04 LTS ca-certificates – 20190110~16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]

USN-4367-2: Linux kernel regression linux regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary USN-4367-1 introduced a regression in the Linux kernel. Software Description linux – Linux kernel Details USN-4367-1 fixed vulnerabilities in the 5.4 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability [ more… ]