ubuntu-usn

USN-4254-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly [ more… ]

USN-4253-1: Linux kernel vulnerability linux, linux-aws vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Summary The Linux kernel could be made to expose sensitive information. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 linux-image-5.3.0-1010-aws – 5.3.0-1010.11 linux-image-5.3.0-29-generic – 5.3.0-29.31 linux-image-5.3.0-29-generic-lpae – 5.3.0-29.31 linux-image-5.3.0-29-lowlatency – 5.3.0-29.31 linux-image-5.3.0-29-snapdragon – 5.3.0-29.31 linux-image-aws – 5.3.0.1010.12 linux-image-generic – 5.3.0.29.33 linux-image-generic-lpae – 5.3.0.29.33 linux-image-lowlatency – 5.3.0.29.33 linux-image-virtual – 5.3.0.29.33 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]

USN-4252-2: tcpdump vulnerabilities tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in tcpdump. Software Description tcpdump – command-line network traffic analyzer Details USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM tcpdump – 4.9.3-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM tcpdump – 4.9.3-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug [ more… ]

USN-4252-1: tcpdump vulnerabilities tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in tcpdump. Software Description tcpdump – command-line network traffic analyzer Details Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS tcpdump – 4.9.3-0ubuntu0.18.04.1 Ubuntu 16.04 LTS tcpdump – 4.9.3-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 [ more… ]

USN-4251-1: Tomcat vulnerabilities tomcat8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in Tomcat. Software Description tomcat8 – Servlet and JSP engine Details It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418) It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libtomcat8-java – 8.0.32-1ubuntu1.11 tomcat8 – 8.0.32-1ubuntu1.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]