ubuntu-usn

USN-3871-2: Linux kernel regression linux regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Multiple regressions were fixed in the Linux kernel. Software Description linux – Linux kernel Details USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the [ more… ]

USN-3877-1: LibVNCServer vulnerabilities libvncserver vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in LibVNCServer. Software Description libvncserver – vnc server library Details It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libvncclient1 – 0.9.11+dfsg-1.1ubuntu0.1 libvncserver1 – 0.9.11+dfsg-1.1ubuntu0.1 Ubuntu 18.04 LTS libvncclient1 – 0.9.11+dfsg-1ubuntu1.1 libvncserver1 – 0.9.11+dfsg-1ubuntu1.1 Ubuntu 16.04 LTS libvncclient1 – 0.9.10+dfsg-3ubuntu0.16.04.3 libvncserver1 – 0.9.10+dfsg-3ubuntu0.16.04.3 Ubuntu 14.04 LTS libvncserver0 – 0.9.9+dfsg-1ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-3876-2: Avahi vulnerabilities avahi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Avahi. Software Description avahi – Avahi IPv4LL network address configuration daemon Details USN-3876-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM avahi-daemon – 0.6.30-5ubuntu2.3 libavahi-core7 – 0.6.30-5ubuntu2.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3876-1 CVE-2017-6519 CVE-2018-1000845 Source: USN-3876-2: Avahi vulnerabilities

USN-3876-1: Avahi vulnerabilities avahi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Avahi. Software Description avahi – Avahi IPv4LL network address configuration daemon Details Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 avahi-daemon – 0.7-4ubuntu2.1 libavahi-core7 – 0.7-4ubuntu2.1 Ubuntu 18.04 LTS avahi-daemon – 0.7-3.1ubuntu1.2 libavahi-core7 – 0.7-3.1ubuntu1.2 Ubuntu 16.04 LTS avahi-daemon – 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-core7 – 0.6.32~rc+dfsg-1ubuntu2.3 Ubuntu 14.04 LTS avahi-daemon – 0.6.31-4ubuntu1.3 libavahi-core7 – 0.6.31-4ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-3875-1: OpenJDK vulnerability openjdk-8, openjdk-lts vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 16.04 LTS Summary Java applets or applications could be made to expose sensitive information. Software Description openjdk-lts – Open Source Java implementation openjdk-8 – Open Source Java implementation Details It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 openjdk-11-jdk – 11.0.1+13-3ubuntu3.18.10.1 openjdk-11-jre – 11.0.1+13-3ubuntu3.18.10.1 openjdk-11-jre-headless – 11.0.1+13-3ubuntu3.18.10.1 Ubuntu 16.04 LTS openjdk-8-jdk – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-headless – 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-jamvm – 8u191-b12-2ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional [ more… ]