ubuntu-usn

USN-3902-1: PHP vulnerabilities php5, php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in PHP. Software Description php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024) It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9021) It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of [ more… ]

USN-3901-2: Linux kernel (HWE) vulnerabilities linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oracle – Linux kernel for Oracle Cloud systems Details USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could [ more… ]

USN-3901-1: Linux kernel vulnerabilities linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space [ more… ]

USN-3885-2: OpenSSH vulnerability openssh vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary One of the fixes in USN-3885-1 was incomplete. Software Description openssh – secure shell (SSH) for secure access to remote machines Details USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 openssh-client – [ more… ]

USN-3900-1: GD vulnerabilities libgd2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in GD. Software Description libgd2 – GD Graphics Library Details It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libgd-tools – 2.2.5-4ubuntu1.1 libgd3 – 2.2.5-4ubuntu1.1 Ubuntu 18.04 LTS libgd-tools – 2.2.5-4ubuntu0.3 libgd3 – 2.2.5-4ubuntu0.3 Ubuntu 16.04 LTS libgd-tools – 2.1.1-4ubuntu0.16.04.11 libgd3 – 2.1.1-4ubuntu0.16.04.11 Ubuntu 14.04 LTS libgd-tools – 2.1.0-3ubuntu0.11 libgd3 – 2.1.0-3ubuntu0.11 To update your system, please [ more… ]