ubuntu-usn

USN-4197-1: Bind vulnerability bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Bind could be made to consume resources if it received specially crafted network traffic. Software Description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 bind9 – 1:9.11.5.P4+dfsg-5.1ubuntu2.1 Ubuntu 19.04 bind9 – 1:9.11.5.P1+dfsg-1ubuntu2.6 Ubuntu 18.04 LTS bind9 – 1:9.11.3+dfsg-1ubuntu1.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-6477 Source: USN-4197-1: Bind vulnerability

USN-4195-2: MariaDB vulnerabilities mariadb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in MariaDB Software Description mariadb-10.3 – MariaDB database mariadb-10.1 – MariaDB database Details USN-4195-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2974 in MariaDB 10.1 and CVE-2019-2938, CVE-2019-2974 for MariaDB 10.3. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.43. Ubuntu 19.04 and 19.10 has been updated to MariaDB 10.3.20. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10143-changelog/ https://mariadb.com/kb/en/library/mariadb-10143-release-notes/ https://mariadb.com/kb/en/library/mariadb-10320-changelog/ https://mariadb.com/kb/en/library/mariadb-10320-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 [ more… ]

USN-4196-1: python-ecdsa vulnerabilities python-ecdsa vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in python-ecdsa. Software Description python-ecdsa – ECDSA cryptographic signature library Details It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. (CVE-2019-14853) It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. (CVE-2019-14859) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-ecdsa – 0.13.2-2ubuntu0.1 python3-ecdsa – 0.13.2-2ubuntu0.1 Ubuntu 19.04 python-ecdsa – 0.13-3ubuntu0.1 python3-ecdsa – 0.13-3ubuntu0.1 Ubuntu 18.04 LTS python-ecdsa – 0.13-2ubuntu0.18.04.1 python3-ecdsa – 0.13-2ubuntu0.18.04.1 Ubuntu [ more… ]

USN-4195-1: MySQL vulnerabilities mysql-5.7, mysql-8.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-8.0 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 mysql-server-8.0 – 8.0.18-0ubuntu0.19.10.1 Ubuntu 19.04 mysql-server-5.7 [ more… ]

USN-4194-1: postgresql-common vulnerability postgresql-common vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary postgresql-common could be made to create arbitrary directories. Software Description postgresql-common – PostgreSQL database-cluster manager Details Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 postgresql-common – 204ubuntu0.1 Ubuntu 19.04 postgresql-common – 199ubuntu0.1 Ubuntu 18.04 LTS postgresql-common – 190ubuntu0.1 Ubuntu 16.04 LTS postgresql-common – 173ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3466 Source: USN-4194-1: postgresql-common vulnerability