ubuntu-usn

USN-4227-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware [ more… ]

USN-4226-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-aws-5.0 – Linux kernel for Amazon Web Services (AWS) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oem-osp1 – Linux kernel for OEM processors linux-oracle-5.0 – Linux kernel for Oracle Cloud systems Details Michael Hanselmann discovered that [ more… ]

USN-4225-1: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-azure-5.3 – Linux kernel for Microsoft Azure Cloud systems linux-gcp-5.3 – Linux kernel for Google Cloud Platform (GCP) systems Details It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker [ more… ]

USN-4224-1: Django vulnerability python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Django accounts could be hijacked through password reset requests. Software Description python-django – High-level Python web development framework Details Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-django – 1:1.11.22-1ubuntu1.1 python3-django – 1:1.11.22-1ubuntu1.1 Ubuntu 19.04 python-django – 1:1.11.20-1ubuntu0.3 python3-django – 1:1.11.20-1ubuntu0.3 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.6 python3-django – 1:1.11.11-1ubuntu1.6 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.11 python3-django – 1.8.7-1ubuntu5.11 To update your system, please follow [ more… ]

USN-4223-1: OpenJDK vulnerabilities openjdk-8, openjdk-lts vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK. Software Description openjdk-lts – Open Source Java implementation openjdk-8 – Open Source Java implementation Details Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. (CVE-2019-2945) Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly [ more… ]