ubuntu-usn

USN-3830-1: OpenJDK regression openjdk-8, openjdk-lts regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-3804-1 introduced a regression in OpenJDK. Software Description openjdk-lts – Open Source Java implementation openjdk-8 – Open Source Java implementation Details USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem. We apologize for the inconvenience. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS openjdk-11-jdk – 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jre – 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jre-headless – 10.0.2+13-1ubuntu0.18.04.4 Ubuntu 16.04 LTS openjdk-8-jdk – 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre – 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre-headless – 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre-jamvm – 8u191-b12-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3827-2: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-3827-1 fixed a vulnerability in samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-14629) Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16841) Garming Sam discovered that Samba incorrectly handled memory when processing LDAP searches. A remote attacker could possibly use this [ more… ]

USN-3816-3: systemd regression systemd regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3816-1 caused a regression in systemd-tmpfiles. Software Description systemd – system and service manager Details USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary [ more… ]

USN-3829-1: Git vulnerabilities git vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Git. Software Description git – fast, scalable, distributed revision control system Details It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-19486) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 git – 1:2.19.1-1ubuntu1.1 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.4 [ more… ]

USN-3828-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libjavascriptcoregtk-4.0-18 – 2.22.4-0ubuntu0.18.10.1 libwebkit2gtk-4.0-37 – 2.22.4-0ubuntu0.18.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.22.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.22.4-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]