ubuntu-usn

USN-3858-1: HAProxy vulnerabilities haproxy vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in HAProxy. Software Description haproxy – fast and reliable load balancing reverse proxy Details It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. (CVE-2018-20102) It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20103, CVE-2018-20615) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 haproxy – 1.8.13-2ubuntu0.1 Ubuntu 18.04 LTS haproxy – 1.8.8-1ubuntu0.3 Ubuntu 16.04 LTS haproxy – 1.6.3-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3857-1: PEAR vulnerability php-pear vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary XXX FILL ME IN: Summary for regular (non-admin) users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. Software Description php-pear – PHP Extension and Application Repository Details Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 php-pear – 1:1.10.5+submodules+notgz-1ubuntu1.18.10.1 Ubuntu 18.04 LTS php-pear – 1:1.10.5+submodules+notgz-1ubuntu1.18.04.1 Ubuntu 16.04 LTS php-pear – 1:1.10.1+submodules+notgz-6ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. [ more… ]

USN-3856-1: GNOME Bluetooth vulnerability gnome-bluetooth vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary GNOME Bluetooth could allow unintended access to devices. Software Description gnome-bluetooth – GNOME Bluetooth tools Details Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS gnome-bluetooth – 3.28.0-2ubuntu0.1 libgnome-bluetooth13 – 3.28.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to make all the necessary changes. References CVE-2018-10910 Source: USN-3856-1: GNOME Bluetooth vulnerability

USN-3855-1: systemd vulnerabilities systemd vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in systemd. Software Description systemd – system and service manager Details It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16864) It was discovered that systemd-journald allocated variable-length arrays of objects representing message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16865) An out-of-bounds read was discovered in systemd-journald. A local attacker could potentially exploit this to obtain sensitive information and bypass ASLR protections. (CVE-2018-16866) Update instructions The problem can be corrected by updating [ more… ]

USN-3854-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.22.5-0ubuntu0.18.10.1 libwebkit2gtk-4.0-37 – 2.22.5-0ubuntu0.18.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.22.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.22.5-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]