ubuntu-usn

USN-4282-1: PostgreSQL vulnerability postgresql-10, postgresql-11 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary PostgreSQL could allow unintended access to the database. Software Description postgresql-11 – Object-relational SQL database postgresql-10 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly performed authorization checks when handling the "ALTER … DEPENDS ON EXTENSION" sub-commands. A remote attacker could possibly use this issue to drop any function, procedure, materialized view, index, or trigger under certain conditions. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 postgresql-11 – 11.7-0ubuntu0.19.10.1 Ubuntu 18.04 LTS postgresql-10 – 10.12-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart [ more… ]

USN-4281-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.26.4-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.26.4-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.26.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.26.4-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

USN-4280-1: ClamAV vulnerability clamav vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary ClamAV could be made to crash if it opened a specially crafted file. Software Description clamav – Anti-virus utility for Unix Details It was discovered that ClamAV incorrectly handled memory when the Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 clamav – 0.102.2+dfsg-0ubuntu0.19.10.1 Ubuntu 18.04 LTS clamav – 0.102.2+dfsg-0ubuntu0.18.04.1 Ubuntu 16.04 LTS clamav – 0.102.2+dfsg-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. In general, a standard system [ more… ]

USN-4279-1: PHP vulnerabilities php5, php7.0, php7.2, php7.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php7.3 – server-side, HTML-embedded scripting language (metapackage) php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly [ more… ]

USN-4278-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 firefox – 73.0+build3-0ubuntu0.19.10.1 Ubuntu 18.04 LTS firefox – 73.0+build3-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to make all the [ more… ]