ubuntu-usn

USN-4131-1: VLC vulnerabilities vlc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in VLC. Software Description vlc – multimedia player and streamer Details It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 vlc – 3.0.8-0ubuntu19.04.1 Ubuntu 18.04 LTS vlc – 3.0.8-0ubuntu18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 [ more… ]

USN-4130-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libjavascriptcoregtk-4.0-18 – 2.24.4-0ubuntu0.19.04.1 libwebkit2gtk-4.0-37 – 2.24.4-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.24.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.24.4-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

USN-4129-1: curl vulnerabilities curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in curl. Software Description curl – HTTP, HTTPS, and FTP client and client libraries Details Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 curl – 7.64.0-2ubuntu1.2 libcurl3-gnutls – 7.64.0-2ubuntu1.2 libcurl3-nss – 7.64.0-2ubuntu1.2 libcurl4 – 7.64.0-2ubuntu1.2 Ubuntu 18.04 [ more… ]

USN-4115-2: Linux kernel regression linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN 4115-1 introduced a regression in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel Details USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 [ more… ]

USN-4120-2: systemd regression systemd regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary USN-4120-1 caused a regression in systemd. Software Description systemd – system and service manager Details USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 systemd – 240-6ubuntu5.7 Ubuntu 18.04 LTS systemd – 237-3ubuntu10.29 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]