ubuntu-usn

USN-4154-1: Sudo vulnerability sudo vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Sudo could be made to run commands as root if it called with a specially crafted user ID. Software Description sudo – Provide limited super user privileges to specific users Details Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 sudo – 1.8.27-1ubuntu1.1 sudo-ldap – 1.8.27-1ubuntu1.1 Ubuntu 18.04 LTS sudo – 1.8.21p2-3ubuntu1.1 sudo-ldap – 1.8.21p2-3ubuntu1.1 Ubuntu 16.04 LTS sudo – 1.8.16-0ubuntu1.8 sudo-ldap – 1.8.16-0ubuntu1.8 Ubuntu 14.04 ESM sudo – 1.8.9p5-1ubuntu1.5+esm2 sudo-ldap – 1.8.9p5-1ubuntu1.5+esm2 Ubuntu 12.04 ESM [ more… ]

USN-4151-2: Python vulnerabilities python2.7, python3.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.4 – An interactive high-level object-oriented language Details USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Update instructions The problem can be corrected by updating your [ more… ]

USN-4153-1: Octavia vulnerability octavia vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Octavia could allow unintended access to network services. Software Description octavia – OpenStack Load Balancer Service Details Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 amphora-agent – 4.0.0-0ubuntu1.2 octavia-common – 4.0.0-0ubuntu1.2 python3-octavia – 4.0.0-0ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-17134 Source: USN-4153-1: Octavia vulnerability

USN-4152-1: libsoup vulnerability libsoup2.4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary libsoup could be made to crash if it received specially crafted network traffic. Software Description libsoup2.4 – HTTP client/server library for GNOME Details It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libsoup2.4-1 – 2.66.1-1ubuntu0.1 Ubuntu 18.04 LTS libsoup2.4-1 – 2.62.1-1ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-17266 Source: USN-4152-1: libsoup vulnerability

USN-4151-1: Python vulnerabilities python2.7, python3.5, python3.6, python3.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.7 – An interactive high-level object-oriented language python3.6 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Update instructions The problem can be corrected by updating your system to the following package [ more… ]