ubuntu-usn

USN-4307-1: Apache HTTP Server update apache2 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS. Software Description apache2 – Apache HTTP server Details As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS apache2-bin – 2.4.29-1ubuntu4.13 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1845263 Source: USN-4307-1: Apache HTTP Server update

USN-4171-5: Apport regression apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4171-1 introduced a regression in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered [ more… ]

USN-4306-1: Dino vulnerabilities dino-im vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in dino-im. Software Description dino-im – modern XMPP client Details It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS dino-im – 0.0.git20180130-1ubuntu0.1 dino-im-common – 0.0.git20180130-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-16235 CVE-2019-16236 CVE-2019-16237 LP: 1866115 Source: USN-4306-1: Dino vulnerabilities

USN-4305-1: ICU vulnerability icu vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ICU could be made to execute arbitrary code if it received a specially crafted string. Software Description icu – International Components for Unicode library Details André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libicu63 – 63.2-2ubuntu0.1 Ubuntu 18.04 LTS libicu60 – 60.2-3ubuntu3.1 Ubuntu 16.04 LTS libicu55 – 55.1-7ubuntu0.5 Ubuntu 14.04 ESM libicu52 – 52.1-3ubuntu0.8+esm1 Ubuntu 12.04 ESM libicu48 – 4.8.1.1-3ubuntu0.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-4304-1: Ceph vulnerability ceph vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Ceph could be made to stop responding if it received specially crafted network traffic. Software Description ceph – distributed storage and file system Details Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 ceph – 14.2.4-0ubuntu0.19.10.2 ceph-base – 14.2.4-0ubuntu0.19.10.2 ceph-common – 14.2.4-0ubuntu0.19.10.2 Ubuntu 18.04 LTS ceph – 12.2.12-0ubuntu0.18.04.5 ceph-base – 12.2.12-0ubuntu0.18.04.5 ceph-common – 12.2.12-0ubuntu0.18.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-1700 Source: USN-4304-1: Ceph [ more… ]