ubuntu-usn

USN-4136-1: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 hostapd – 2:2.6-21ubuntu3.3 wpasupplicant – 2:2.6-21ubuntu3.3 Ubuntu 18.04 LTS hostapd – 2:2.6-15ubuntu2.5 wpasupplicant – 2:2.6-15ubuntu2.5 Ubuntu 16.04 LTS hostapd – 1:2.4-0ubuntu6.6 wpasupplicant – 2.4-0ubuntu6.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

USN-4135-2: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC [ more… ]

USN-4135-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors linux-oracle – [ more… ]

USN-4113-2: Apache HTTP Server regression apache2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4113-1 introduced a regression in Apache. Software Description apache2 – Apache HTTP server Details USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes [ more… ]

USN-4124-2: Exim vulnerability exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Exim could be made to run programs as an administrator if it received specially crafted network traffic. Software Description exim4 – Exim is a mail transport agent Details USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM exim4-daemon-heavy – 4.82-3ubuntu2.4+esm1 exim4-daemon-light – 4.82-3ubuntu2.4+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4124-1 CVE-2019-15846 Source: USN-4124-2: [ more… ]