ubuntu-usn

USN-4352-1: OpenLDAP vulnerability openldap vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary OpenLDAP could be made to crash if it received specially crafted network traffic. Software Description openldap – Lightweight Directory Access Protocol Details It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS slapd – 2.4.49+dfsg-2ubuntu1.2 Ubuntu 19.10 slapd – 2.4.48+dfsg-1ubuntu1.1 Ubuntu 18.04 LTS slapd – 2.4.45+dfsg-1ubuntu1.5 Ubuntu 16.04 LTS slapd – 2.4.42+dfsg-2ubuntu3.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4351-1: Linux firmware vulnerability linux-firmware vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary The system could be made to expose sensitive information. Software Description linux-firmware – Firmware for Linux kernel drivers Details Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-firmware – 1.173.18 Ubuntu 16.04 LTS linux-firmware – 1.157.23 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-5383 Source: USN-4351-1: Linux firmware vulnerability

USN-4330-2: PHP vulnerabilities php7.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary Several security issues were fixed in PHP. Software Description php7.4 – server-side, HTML-embedded scripting language (metapackage) Details USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7066) Update instructions The problem can be corrected by updating your system to [ more… ]

USN-4350-1: MySQL vulnerabilities mysql-5.7, mysql-8.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-8.0 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html https://www.oracle.com/security-alerts/cpuapr2020.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS mysql-server-8.0 – [ more… ]

LSN-0066-1: Kernel Live Patch Security Notice Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-oem – Linux kernel for OEM processors Details It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. (CVE-2020-8647) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) It was discovered [ more… ]