ubuntu-usn

USN-3834-1: Perl vulnerabilities perl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Perl. Software Description perl – Practical Extraction and Report Language Details Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause [ more… ]

USN-3833-1: Linux kernel (AWS) vulnerabilities linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-4.15.0-1029-aws – [ more… ]

USN-3832-1: Linux kernel (AWS) vulnerabilities linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. [ more… ]

USN-3795-3: libssh regression libssh regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3795-1 and USN-3795-2 introduced a regression in libssh. Software Description libssh – A tiny C SSH library Details USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libssh-4 – 0.8.1-1ubuntu0.3 Ubuntu 18.04 LTS libssh-4 – 0.8.0~20170825.94fa1e38-1ubuntu0.2 Ubuntu 16.04 LTS libssh-4 – 0.6.3-4.3ubuntu0.2 Ubuntu 14.04 LTS libssh-4 – 0.6.1-0ubuntu3.5 To update your system, please follow [ more… ]

USN-3831-1: Ghostscript vulnerabilities ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Ghostscript. Software Description ghostscript – PostScript and PDF interpreter Details It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.1 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.1 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.1 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.1 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.1 libgs9 – 9.26~dfsg+0-0ubuntu0.16.04.1 Ubuntu 14.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.14.04.1 libgs9 – 9.26~dfsg+0-0ubuntu0.14.04.1 To [ more… ]