ubuntu-usn

USN-4182-4: Intel Microcode regression intel-microcode regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary USN-4182-2 introduced a regression in the Intel Microcode for some Skylake processors. Software Description intel-microcode – Processor microcode for Intel CPUs Details USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A [ more… ]

USN-4182-3: Intel Microcode regression intel-microcode regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4182-1 introduced a regression in the Intel Microcode for some Skylake processors. Software Description intel-microcode – Processor microcode for Intel CPUs Details USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is [ more… ]

USN-4194-2: postgresql-common vulnerability postgresql-common vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary postgresql-common could be made to create arbitrary directories. Software Description postgresql-common – PostgreSQL database-cluster manager Details USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM postgresql-common – 154ubuntu1.1+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4194-1 CVE-2019-3466 Source: USN-4194-2: postgresql-common vulnerability

USN-4207-1: GraphicsMagick vulnerabilities graphicsmagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in GraphicsMagick. Software Description graphicsmagick – collection of image processing tools Details It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS graphicsmagick – 1.3.28-2ubuntu0.1 libgraphicsmagick++-q16-12 – 1.3.28-2ubuntu0.1 libgraphicsmagick-q16-3 – 1.3.28-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Source: USN-4207-1: GraphicsMagick vulnerabilities

USN-4211-2: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate [ more… ]