USNs for ubuntu 18.10

USN-3988-1: MediaInfo vulnerabilities

It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.

16 May 2019

USN-3986-1: Wireshark vulnerabilities

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malform packets onto the wire or convincing someone to read a malformed packet trace file.

16 May 2019

USN-3985-1: libvirt update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural…

15 May 2019

USN-3980-1: Linux kernel vulnerabilities

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural…

14 May 2019

USN-3978-1: QEMU update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural…

14 May 2019

USN-3977-1: Intel Microcode update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural…

14 May 2019

USN-3976-1: Samba vulnerability

Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges.

14 May 2019

USN-3975-1: OpenJDK vulnerabilities

It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). (CVE-2019-2602) Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct…

13 May 2019

USN-3972-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129) Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue…

13 May 2019

USN-3971-1: Monit vulnerabilities

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive…

8 May 2019

USN-3970-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

8 May 2019

USN-3969-1: wpa_supplicant and hostapd vulnerability

It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service.

7 May 2019

USN-3967-1: FFmpeg vulnerabilities

It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash.

6 May 2019

USN-3965-1: aria2 vulnerability

Dhiraj Mishra discovered that aria2 incorrectly stored authentication information. A local attacker could possibly use this issue to obtain credentials.

6 May 2019

USN-3966-1: GNOME Shell vulnerability

It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked.

6 May 2019

USN-3964-1: python-gnupg vulnerabilities

Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially…

2 May 2019

USN-3963-1: Memcached vulnerability

It was discovered that Memcached incorrectly handled certain lru command messages. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service.

1 May 2019

USN-3962-1: libpng vulnerability

It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code.

30 April 2019

USN-3961-1: Dovecot vulnerabilities

It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service.

30 April 2019

USN-3960-1: WavPack vulnerability

It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service.

30 April 2019

USN-3959-1: Evince vulnerability

It was discovered that Evince incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information.

29 April 2019

USN-3958-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code.

29 April 2019

USN-3957-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible…

29 April 2019

USN-3956-1: Bind vulnerability

It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

25 April 2019

USN-3955-1: tcpflow vulnerabilities

It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information.

24 April 2019

USN-3954-1: FreeRADIUS vulnerabilities

It was discovered that FreeRADIUS incorrectly handled certain inputs. An attacker could possibly use this issue to bypass authentication. (CVE-2019-11234, CVE-2019-11235)

24 April 2019

USN-3953-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

23 April 2019

USN-3952-1: Pacemaker vulnerabilities

Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-16877) Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service….

23 April 2019

USN-3951-1: Dovecot vulnerability

It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service.

23 April 2019

USN-3950-1: ZNC vulnerability

It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

18 April 2019

USN-3914-2: NTFS-3G update

USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory details: A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute…

17 April 2019

USN-3918-4: Firefox regressions

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an…

16 April 2019

USN-3948-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

16 April 2019

USN-3947-1: Libxslt vulnerability

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information.

15 April 2019

USN-3946-1: rssh vulnerabilities

It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh’s command restrictions, allowing an attacker to run arbitrary commands.

11 April 2019

USN-3945-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324,…

11 April 2019

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages….

10 April 2019

USN-3943-1: Wget vulnerabilities

It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute…

8 April 2019

USN-3938-1: systemd vulnerability

Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges.

8 April 2019

USN-3941-1: Lua vulnerability

Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service.

8 April 2019

USN-3940-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to…

8 April 2019

USN-3939-1: Samba vulnerability

Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations.

8 April 2019

USN-3937-1: Apache HTTP Server vulnerabilities

Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A…

4 April 2019

USN-3936-1: AdvanceCOMP vulnerability

It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.

4 April 2019

USN-3935-1: BusyBox vulnerabilities

Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS….

3 April 2019

USN-3934-1: PolicyKit vulnerability

It was discovered that PolicyKit incorrectly relied on the fork() system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.

3 April 2019

USN-3930-1: Linux kernel vulnerabilities

Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation…

2 April 2019

USN-3928-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges.

1 April 2019

USN-3926-1: GPAC vulnerabilities

It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code.

29 March 2019

USN-3927-1: Thunderbird vulnerabilities

It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Multiple security issues were discovered in Thunderbird. If a user…

28 March 2019

USN-3918-3: Firefox regression

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could …

28 March 2019

USN-3924-1: mod_auth_mellon vulnerabilities

It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878)

28 March 2019

USN-3923-1: QEMU vulnerabilities

Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. (CVE-2018-16867) Michael Hanselmann discovered that QEMU…

27 March 2019

USN-3922-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641)

26 March 2019

USN-3921-1: XMLTooling vulnerability

It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service.

26 March 2019

USN-3919-1: Firefox vulnerabilities

Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.

25 March 2019

USN-3916-1: libsolv vulnerabilities

It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service.

22 March 2019

USN-3918-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts,…

21 March 2019

USN-3917-1: snapd vulnerability

The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl() system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters…

21 March 2019

USN-3915-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

21 March 2019

USN-3914-1: NTFS-3G vulnerability

A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

21 March 2019

USN-3911-1: file vulnerabilities

It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

18 March 2019

USN-3909-1: libvirt vulnerability

It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service.

14 March 2019

USN-3907-1: WALinuxAgent vulnerability

It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file.

12 March 2019

USN-3906-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

12 March 2019

USN-3905-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.

11 March 2019

USN-3904-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU.

7 March 2019

USN-3903-1: Linux kernel vulnerabilities

Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation…

6 March 2019

USN-3885-2: OpenSSH vulnerability

USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote…

4 March 2019

USN-3900-1: GD vulnerabilities

It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.

28 February 2019

USN-3899-1: OpenSSL vulnerability

Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.

27 February 2019

USN-3898-1: NSS vulnerability

Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.

27 February 2019

USN-3897-1: Thunderbird vulnerabilities

A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker…

26 February 2019

USN-3896-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code.

26 February 2019

USN-3895-1: LDB vulnerability

It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service.

26 February 2019

USN-3866-3: Ghostscript regression

USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system…

26 February 2019

USN-3893-1: Bind vulnerabilities

Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with…

22 February 2019

USN-3866-2: Ghostscript regression

USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a…

21 February 2019

USN-3892-1: GDM vulnerability

Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user.

20 February 2019

USN-3891-1: systemd vulnerability

It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service (kernel panic).

18 February 2019

USN-3890-1: Django vulnerability

It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

13 February 2019

USN-3889-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

13 February 2019

USN-3888-1: GVfs vulnerability

It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.

12 February 2019

USN-3887-1: snapd vulnerability

Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have…

12 February 2019

USN-3886-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20551, CVE-2019-7310)

11 February 2019

USN-3878-3: Linux kernel regression

USN-3878-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that could prevent systems with certain graphics chipsets from booting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a race condition existed in the vsock address…

8 February 2019

USN-3878-2: Linux kernel (Azure) vulnerabilities

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free…

7 February 2019

USN-3885-1: OpenSSH vulnerabilities

Harry Sintonen discovered multiple issus in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output.

7 February 2019

USN-3884-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1000019, CVE-2019-1000020)

7 February 2019

USN-3882-1: curl vulnerabilities

Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890) Wenxiang Qian discovered that curl incorrectly…

6 February 2019

USN-3881-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

5 February 2019

USN-3878-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free…

4 February 2019

USN-3877-1: LibVNCServer vulnerabilities

It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

31 January 2019

USN-3876-1: Avahi vulnerabilities

Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845)

31 January 2019

USN-3875-1: OpenJDK vulnerability

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)

30 January 2019

USN-3874-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502,…

30 January 2019

USN-3870-1: Spice vulnerability

Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

28 January 2019

USN-3868-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.

24 January 2019

USN-3869-1: Subversion vulnerability

Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

24 January 2019

USN-3867-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see…

23 January 2019

USN-3866-1: Ghostscript vulnerability

Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

23 January 2019

USN-3865-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20481, CVE-2018-20650)

22 January 2019

USN-3864-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

22 January 2019

USN-3863-1: APT vulnerability

Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

22 January 2019

USN-3862-1: Irssi vulnerability

It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

17 January 2019

USN-3861-1: PolicyKit vulnerability

It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions.

16 January 2019

USN-3860-1: libcaca vulnerabilities

It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was…

15 January 2019

USN-3859-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive…

15 January 2019

USN-3858-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. (CVE-2018-20102) It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu…

15 January 2019

USN-3857-1: PEAR vulnerability

Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code.

14 January 2019

USN-3855-1: systemd vulnerabilities

It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16864) It was discovered that systemd-journald allocated variable-length arrays of objects representing message fields…

11 January 2019

USN-3854-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

10 January 2019

USN-3853-1: GnuPG vulnerability

Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks.

10 January 2019

USN-3852-1: Exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669, CVE-2017-9239, CVE-2018-16336, CVE-2018-1758)

10 January 2019

USN-3851-1: Django vulnerability

It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL.

9 January 2019

USN-3850-1: NSS vulnerabilities

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue…

9 January 2019

USN-3846-1: Linux kernel vulnerability

It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory).

20 December 2018

USN-3845-1: FreeRDP vulnerabilities

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly…

12 December 2018

USN-3844-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492,…

11 December 2018

USN-3837-2: poppler regression

USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. …

11 December 2018

USN-3842-1: CUPS vulnerability

Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery (CSRF) attacks.

10 December 2018

USN-3831-2: Ghostscript regression

USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory details: It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote…

6 December 2018

USN-3840-1: OpenSSL vulnerabilities

Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing…

6 December 2018

USN-3839-1: WavPack vulnerabilities

It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19840, CVE-2018-19841)

6 December 2018

USN-3837-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of…

4 December 2018

USN-3835-1: Linux kernel vulnerabilities

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush…

3 December 2018

USN-3834-1: Perl vulnerabilities

Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause…

3 December 2018

USN-3832-1: Linux kernel (AWS) vulnerabilities

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush…

30 November 2018

USN-3795-3: libssh regression

USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any…

29 November 2018

USN-3831-1: Ghostscript vulnerabilities

It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

29 November 2018

USN-3829-1: Git vulnerabilities

It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute…

27 November 2018

USN-3828-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

27 November 2018

USN-3827-1: Samba vulnerabilities

Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-14629) Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this…

27 November 2018

USN-3826-1: QEMU vulnerabilities

Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could…

26 November 2018

USN-3801-2: Firefox regressions

USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

23 November 2018

USN-3825-1: mod_perl vulnerability

Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code.

21 November 2018

USN-3816-2: systemd vulnerability

USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could…

19 November 2018

USN-3819-1: Linux kernel vulnerability

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

14 November 2018

USN-3818-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain trigger definitions when running pg_upgrade or pg_dump. A remote attacker could possibly use this issue to execute arbitrary SQL statements with superuser privileges.

14 November 2018

USN-3816-1: systemd vulnerabilities

Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially…

12 November 2018

USN-3815-1: gettext vulnerability

It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

12 November 2018

USN-3814-1: libmspack vulnerabilities

It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585)

12 November 2018

USN-3812-1: nginx vulnerabilities

It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled…

7 November 2018

USN-3808-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. (CVE-2018-16395) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16396)

5 November 2018

USN-3807-1: NetworkManager vulnerability

Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 November 2018

USN-3806-1: systemd vulnerability

Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 November 2018

USN-3805-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use…

31 October 2018

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection…

30 October 2018

USN-3803-1: Ghostscript vulnerabilities

Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

30 October 2018

USN-3802-1: X.Org X server vulnerability

Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.

26 October 2018

USN-3801-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code….

24 October 2018

USN-3799-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes,…

23 October 2018

USN-3788-2: Tex Live-bin vulnerability

USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17407)

23 October 2018

USN-3790-2: Requests vulnerability

USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

22 October 2018

USN-3796-3: Paramiko vulnerability

USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.

22 October 2018

USN-3795-2: libssh vulnerability

USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.

22 October 2018

USN-3792-3: Net-SNMP vulnerability

USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service.

22 October 2018