ubuntu-usn

USN-4120-1: systemd vulnerability systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary systemd-resolved would allow unprivileged users to change DNS settings. Software Description systemd – system and service manager Details It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 systemd – 240-6ubuntu5.6 Ubuntu 18.04 LTS systemd – 237-3ubuntu10.28 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2019-15718 Source: USN-4120-1: systemd vulnerability

USN-4119-1: Irssi vulnerability irssi vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Irssi could be made to crash or execute arbitrary code if it received a specially crafted CAP request. Software Description irssi – terminal based IRC client Details It was discovered that Irssi incorrectly handled certain CAP requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 irssi – 1.2.0-2ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Irssi to make all the necessary changes. References CVE-2019-15717 Source: USN-4119-1: Irssi vulnerability

USN-4118-1: Linux kernel (AWS) vulnerabilities linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems Details It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel [ more… ]

USN-4117-1: Linux kernel (AWS) vulnerabilities linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could [ more… ]

USN-4116-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote [ more… ]