ubuntu-usn

USN-3827-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-14629) Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16841) Garming Sam discovered that Samba incorrectly handled memory when processing LDAP searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of [ more… ]

USN-3826-1: QEMU vulnerabilities qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software Description qemu – Machine emulator and virtualizer Details Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only [ more… ]

USN-3801-2: Firefox regressions firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3801-1 caused some minor regressions in Firefox. Software Description firefox – Mozilla Open Source web browser Details USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a [ more… ]

USN-3825-2: mod_perl vulnerability libapache2-mod-perl2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary mod_perl could be made to run programs contrary to expectations. Software Description libapache2-mod-perl2 – Integration of perl with the Apache2 web server Details USN-3825-1 fixed a vulnerability in mod_perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM libapache2-mod-perl2 – 2.0.5-5ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3825-1 [ more… ]

USN-3825-1: mod_perl vulnerability libapache2-mod-perl2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary mod_perl could be made to run programs contrary to expectations. Software Description libapache2-mod-perl2 – Integration of perl with the Apache2 web server Details Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libapache2-mod-perl2 – 2.0.10-2ubuntu3.18.10.1 Ubuntu 18.04 LTS libapache2-mod-perl2 – 2.0.10-2ubuntu3.18.04.1 Ubuntu 16.04 LTS libapache2-mod-perl2 – 2.0.9-4ubuntu1.2 Ubuntu 14.04 LTS libapache2-mod-perl2 – 2.0.8+httpd24-r1449661-6ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]