ubuntu-usn

USN-4261-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.26.3-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.26.3-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.26.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.26.3-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

USN-4259-1: Apache Solr vulnerability Apache Solr vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Apache Solr could be made to run programs if it received specially crafted network traffic. Software Description lucene-solr – Full-text search engine library for Java – additional libraries Details Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS liblucene3-contrib-java – 3.6.2+dfsg-8ubuntu0.1 liblucene3-java – 3.6.2+dfsg-8ubuntu0.1 libsolr-java – 3.6.2+dfsg-8ubuntu0.1 solr-common – 3.6.2+dfsg-8ubuntu0.1 solr-jetty – 3.6.2+dfsg-8ubuntu0.1 solr-tomcat – 3.6.2+dfsg-8ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-12629 Source: USN-4259-1: Apache Solr [ more… ]

USN-4254-2: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker [ more… ]

USN-4258-1: Linux kernel vulnerabilities linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws-5.0 – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oracle-5.0 – Linux kernel for Oracle Cloud systems Details It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with [ more… ]

USN-4253-2: Linux kernel (HWE) vulnerability linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary he Linux kernel could be made to expose sensitive information. Software Description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-4253-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-5.3.0-28-generic – 5.3.0-28.30~18.04.1 linux-image-5.3.0-28-generic-lpae – 5.3.0-28.30~18.04.1 linux-image-5.3.0-28-lowlatency – 5.3.0-28.30~18.04.1 linux-image-generic-hwe-18.04 – 5.3.0.28.96 linux-image-generic-lpae-hwe-18.04 – 5.3.0.28.96 linux-image-lowlatency-hwe-18.04 – 5.3.0.28.96 [ more… ]