ubuntu-usn

USN-4299-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815) It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, [ more… ]

USN-4298-1: SQLite vulnerabilities sqlite3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SQLite. Software Description sqlite3 – C library that implements an SQL database engine Details It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or [ more… ]

USN-4297-1: runC vulnerabilities runc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in runc. Software Description runc – Open Container Project Details It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and excalate privileges. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-16884) It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 runc – 1.0.0~rc10-0ubuntu1~19.10.2 Ubuntu 18.04 LTS runc – 1.0.0~rc10-0ubuntu1~18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-4296-1: Django vulnerability python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Django could allow unintended access to the database. Software Description python-django – High-level Python web development framework Details Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-django – 1:1.11.22-1ubuntu1.3 python3-django – 1:1.11.22-1ubuntu1.3 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.8 python3-django – 1:1.11.11-1ubuntu1.8 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.12 python3-django – 1.8.7-1ubuntu5.12 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-9402 Source: USN-4296-1: Django vulnerability

USN-4295-1: Rake vulnerability rake vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Rake could be made run arbitrary commands it received a specially crafted file. Software Description rake – Ruby make-like utility Details It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 rake – 12.3.1-3ubuntu0.1 Ubuntu 18.04 LTS rake – 12.3.1-1ubuntu0.1 Ubuntu 16.04 LTS rake – 10.5.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-8130 Source: USN-4295-1: Rake vulnerability