ubuntu-usn

USN-3922-1: PHP vulnerabilities php7.0, php7.2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in PHP. Software Description php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libapache2-mod-php7.2 – 7.2.15-0ubuntu0.18.10.2 php7.2-cgi – 7.2.15-0ubuntu0.18.10.2 php7.2-cli – 7.2.15-0ubuntu0.18.10.2 php7.2-fpm – 7.2.15-0ubuntu0.18.10.2 Ubuntu 18.04 LTS libapache2-mod-php7.2 – 7.2.15-0ubuntu0.18.04.2 php7.2-cgi – 7.2.15-0ubuntu0.18.04.2 php7.2-cli – 7.2.15-0ubuntu0.18.04.2 php7.2-fpm – 7.2.15-0ubuntu0.18.04.2 Ubuntu 16.04 LTS libapache2-mod-php7.0 – 7.0.33-0ubuntu0.16.04.3 php7.0-cgi – 7.0.33-0ubuntu0.16.04.3 php7.0-cli – 7.0.33-0ubuntu0.16.04.3 php7.0-fpm – 7.0.33-0ubuntu0.16.04.3 To update your system, please follow these [ more… ]

USN-3921-1: XMLTooling vulnerability xmltooling vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary xmltooling could be made to crash if it opened a specially crafted file. Software Description xmltooling – C++ XML parsing library with encryption support Details It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libxmltooling8 – 3.0.2-1ubuntu1.1 Ubuntu 18.04 LTS libxmltooling7 – 1.6.4-1ubuntu2.1 Ubuntu 16.04 LTS libxmltooling6v5 – 1.5.6-2ubuntu0.3 Ubuntu 14.04 LTS libxmltooling6 – 1.5.3-2+deb8u3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

USN-3919-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 firefox – 66.0.1+build1-0ubuntu0.18.10.1 Ubuntu 18.04 LTS firefox – 66.0.1+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS firefox – 66.0.1+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS firefox – 66.0.1+build1-0ubuntu0.14.04.1 To update your system, please follow these [ more… ]

USN-3918-2: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes [ more… ]

USN-3916-1: libsolv vulnerabilities libsolv vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary Libzip could be made to crash if it received specially crafted input. Software Description libsolv – A dependency solver using a satisfiablility algorithm Details It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsolv-tools – 0.6.35-2ubuntu0.18.10.1 libsolv0 – 0.6.35-2ubuntu0.18.10.1 libsolvext0 – 0.6.35-2ubuntu0.18.10.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 [ more… ]