ubuntu-usn

USN-3866-2: Ghostscript regression ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3866-1 introduced a regression in Ghostscript. Software Description ghostscript – PostScript and PDF interpreter Details USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.5 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.5 Ubuntu 18.04 LTS [ more… ]

USN-3892-1: GDM vulnerability gdm3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary GDM could give unauthorized access to a different user. Software Description gdm3 – GNOME Display Manager Details Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 gdm3 – 3.30.1-1ubuntu5.1 Ubuntu 18.04 LTS gdm3 – 3.28.3-0ubuntu18.04.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2019-3825 Source: USN-3892-1: GDM vulnerability

USN-3850-2: NSS vulnerabilities nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in NSS. Software Description nss – Network Security Service library Details USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404) Update instructions The problem [ more… ]

USN-3891-1: systemd vulnerability systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary systemd could be made to crash if it received specially a crafted D-Bus message. Software Description systemd – system and service manager Details It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service (kernel panic). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libsystemd0 – 239-7ubuntu10.8 systemd – 239-7ubuntu10.8 Ubuntu 18.04 LTS libsystemd0 – 237-3ubuntu10.13 systemd – 237-3ubuntu10.13 Ubuntu 16.04 LTS libsystemd0 – 229-4ubuntu21.16 systemd – 229-4ubuntu21.16 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your [ more… ]

USN-3890-1: Django vulnerability python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Django could be made to consume resources if it received specially crafted network traffic. Software Description python-django – High-level Python web development framework Details It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 python-django – 1:1.11.15-1ubuntu1.2 python3-django – 1:1.11.15-1ubuntu1.2 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.3 python3-django – 1:1.11.11-1ubuntu1.3 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.8 python3-django – 1.8.7-1ubuntu5.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]