ubuntu-usn

USN-3950-1: ZNC vulnerability znc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary ZNC could be made to crash or run programs if it received specially crafted network traffic. Software Description znc – advanced modular IRC bouncer Details It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 znc – 1.7.1-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-9917 Source: USN-3950-1: ZNC vulnerability

USN-3914-2: NTFS-3G update ntfs-3g update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary A hardening measure was added to NTFS-3G. Software Description ntfs-3g – read/write NTFS driver for FUSE Details USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory details: A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ntfs-3g – 1:2017.3.23-2ubuntu0.18.10.2 Ubuntu 18.04 LTS ntfs-3g – 1:2017.3.23-2ubuntu0.18.04.2 Ubuntu 16.04 LTS ntfs-3g – 1:2015.3.14AR.1-1ubuntu0.3 To update your system, please follow these [ more… ]

USN-3918-4: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3918-1 caused a regression in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, [ more… ]

USN-3949-1: OpenJDK 11 vulnerability openjdk-lts vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-lts – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS openjdk-11-jdk – 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jre – 11.0.2+9-3ubuntu1~18.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses [ more… ]

USN-3948-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.24.1-0ubuntu0.18.10.2 libwebkit2gtk-4.0-37 – 2.24.1-0ubuntu0.18.10.2 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.24.1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]