ubuntu-usn

USN-4128-1: Tomcat vulnerabilities tomcat8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Tomcat 8. Software Description tomcat8 – Servlet and JSP engine Details It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libtomcat8-java – 8.5.39-1ubuntu1~18.04.3 tomcat8 – 8.5.39-1ubuntu1~18.04.3 Ubuntu 16.04 LTS libtomcat8-java – 8.0.32-1ubuntu1.10 tomcat8 – 8.0.32-1ubuntu1.10 To update your system, [ more… ]

USN-4127-2: Python vulnerabilities python2.7, python3.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.4 – An interactive high-level object-oriented language Details USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly [ more… ]

USN-4126-2: FreeType vulnerabilities freetype vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary FreeType could be made to expose sensitive information if it opened a specially crafted font file. Software Description freetype – FreeType 2 is a font engine library Details USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9381, CVE-2015-9382) Original advisory details: It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9383) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libfreetype6 – [ more… ]

USN-4127-1: Python vulnerabilities python2.7, python3.5, python3.6, python3.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Python. Software Description python2.7 – An interactive high-level object-oriented language python3.7 – An interactive high-level object-oriented language python3.6 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled [ more… ]

USN-4126-1: FreeType vulnerability freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary FreeType could be made to expose sensitive information if if it opened a specially crafted font file. Software Description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libfreetype6 – 2.6.1-0.1ubuntu2.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make all the necessary changes. References CVE-2015-9383 Source: USN-4126-1: FreeType vulnerability