ubuntu-usn

USN-4333-1: Python vulnerabilities python2.7, python3.4, python3.5, python3.6, python3.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in Python. Software Description python3.7 – An interactive high-level object-oriented language python2.7 – An interactive high-level object-oriented language python3.6 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language python3.4 – An interactive high-level object-oriented language Details It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348) It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8492) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-4334-1: Git vulnerability git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Git could be made to expose sensitive information. Software Description git – fast, scalable, distributed revision control system Details Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 git – 1:2.20.1-2ubuntu1.19.10.3 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.7 Ubuntu 16.04 LTS git – 1:2.7.4-0ubuntu1.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-11008 Source: USN-4334-1: Git vulnerability

USN-4332-1: File Roller vulnerability file-roller vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary File Roller could be made to expose sensitive information. Software Description file-roller – archive manager for GNOME Details It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 file-roller – 3.32.2-1ubuntu0.1 Ubuntu 18.04 LTS file-roller – 3.28.0-1ubuntu1.2 Ubuntu 16.04 LTS file-roller – 3.16.5-0ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-11736 Source: USN-4332-1: File Roller vulnerability

USN-4331-1: WebKitGTK+ vulnerability webkit2gtk vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.28.1-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.28.1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.28.1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

USN-4330-1: PHP vulnerabilities php5, php7.0, php7.2, php7.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php7.3 – server-side, HTML-embedded scripting language (metapackage) php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062) It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063) It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) [ more… ]