Ubuntu

USN-4603-1: MariaDB vulnerabilities

3 weeks 6 days ago
mariadb-10.1, mariadb-10.3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in MariaDB.

Software Description
  • mariadb-10.3 - MariaDB database
  • mariadb-10.1 - MariaDB database
Details

It was discovered that MariaDB didn’t properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. (CVE-2020-13249)

It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash (denial of service). (CVE-2020-15180, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814)

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
mariadb-server - 1:10.3.25-0ubuntu0.20.04.1
Ubuntu 18.04 LTS
mariadb-server - 1:10.1.47-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart MariaDB to make all the necessary changes.

References

USN-4600-2: Netty vulnerabilities

3 weeks 6 days ago
netty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

netty could be made to crash or run programs if it received specially crafted network traffic.

Software Description
  • netty - None
Details

USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.

Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash (denial of service). (CVE-2020-11612)

Original advisory details:

It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
libnetty-java - 1:4.1.7-4ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4599-2: Firefox vulnerabilities

4 weeks ago
firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description
  • firefox - Mozilla Open Source web browser
Details

USN-4599-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
firefox - 82.0+build2-0ubuntu0.16.04.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-4599-1: Firefox vulnerabilities

1 month ago
firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description
  • firefox - Mozilla Open Source web browser
Details

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
firefox - 82.0+build2-0ubuntu0.20.10.1
Ubuntu 20.04 LTS
firefox - 82.0+build2-0ubuntu0.20.04.1
Ubuntu 18.04 LTS
firefox - 82.0+build2-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

LSN-0073-1: Kernel Live Patch Security Notice

1 month ago
Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 20.04 LTS
Summary

Several security issues were fixed in the kernel.

Software Description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-oem - Linux kernel for OEM systems
Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490)

Update instructions

The problem can be corrected by updating your kernel livepatch to the following versions:

Ubuntu 18.04 LTS
aws - 73.1
generic - 73.1
lowlatency - 73.1
oem - 73.1
Ubuntu 20.04 LTS
aws - 73.1
azure - 73.1
gcp - 73.1
generic - 73.1
lowlatency - 73.1
Support Information

Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible.

Ubuntu 18.04 LTS
linux-aws - 4.15.0-1054
linux-azure - 5.0.0-1025
linux-gcp - 5.0.0-1025
linux-oem - 4.15.0-1063
linux - 4.15.0-69
Ubuntu 20.04 LTS
linux-aws - 5.4.0-1009
linux-azure - 5.4.0-1010
linux-gcp - 5.4.0-1009
linux-oem - 5.4.0-26
linux - 5.4.0-26
Ubuntu 16.04 LTS
linux-aws - 4.4.0-1098
linux-azure - 4.15.0-1063
linux-hwe - 4.15.0-69
linux - 4.4.0-168
Ubuntu 14.04 ESM
linux-lts-xenial - 4.4.0-168
References

USN-4601-1: pip vulnerability

1 month ago
python-pip vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

pip could be made to overwrite files as the administrator.

Software Description
  • python-pip - Python package installer
Details

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. (CVE-2019-20916)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
python-pip - 9.0.1-2.3~ubuntu1.18.04.4
python3-pip - 9.0.1-2.3~ubuntu1.18.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4600-1: Netty vulnerabilities

1 month ago
netty-3.9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Netty could be made to expose sensitive information over the network.

Software Description
  • netty-3.9 - Asynchronous event-driven network application framework
Details

It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libnetty-3.9-java - 3.9.0.Final-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4593-2: FreeType vulnerability

1 month ago
freetype vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

FreeType could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description
  • freetype - FreeType 2 is a font engine library
Details

USN-4593-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libfreetype6 - 2.5.2-1ubuntu2.8+esm2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References

USN-4598-1: LibEtPan vulnerability

1 month ago
libetpan vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

LibEtPan could be made to expose sensitive information over the network.

Software Description
  • libetpan - Mail Framework for C Language
Details

It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. (CVE-2020-15953)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libetpan-dev - 1.6-1ubuntu0.1
libetpan17 - 1.6-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4597-1: mod_auth_mellon vulnerabilities

1 month ago
libapache2-mod-auth-mellon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in mod_auth_mellon.

Software Description
  • libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Details

François Kooman discovered that mod_auth_mellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. (CVE-2017-6807)

It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877)

It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libapache2-mod-auth-mellon - 0.12.0-2+deb9u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4552-2: Pam-python vulnerability

1 month ago
pam-python vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Pam-python could be made to crash or run programs as an administrator if certain environment variables are set.

Software Description
  • pam-python - Enables PAM modules to be written in Python
Details

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libpam-python - 1.0.4-1.1+deb8u1build0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4596-1: Tomcat vulnerabilities

1 month ago
tomcat9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
Summary

Several security issues were fixed in Tomcat.

Software Description
  • tomcat9 - Apache Tomcat 9 - Servlet and JSP engine
Details

It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. (CVE-2020-11996)

It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. (CVE-2020-13934)

It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-13935)

It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
libtomcat9-embed-java - 9.0.31-1ubuntu0.1
libtomcat9-java - 9.0.31-1ubuntu0.1
tomcat9 - 9.0.31-1ubuntu0.1
tomcat9-common - 9.0.31-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4595-1: Grunt vulnerability

1 month ago
grunt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Grunt could be made to run programs if it received specially crafted input.

Software Description
  • grunt - JavaScript task runner/build system/maintainer tool
Details

It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. (CVE-2020-7729)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
grunt - 1.0.1-8ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4594-1: Quassel vulnerabilities

1 month ago
quassel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Quassel could be made to crash or run programs if it received specially crafted network traffic.

Software Description
  • quassel - distributed IRC client - monolithic core+client
Details

It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000178)

It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000179)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
quassel - 1:0.12.4-3ubuntu1.18.04.3
quassel-core - 1:0.12.4-3ubuntu1.18.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4587-1: iTALC vulnerabilities

1 month ago
italc vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in iTALC.

Software Description
  • italc - didact tool which allows teachers to view and control computer labs
Details

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn’t check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
italc-client - 1:2.0.2+dfsg1-4ubuntu0.1
italc-master - 1:2.0.2+dfsg1-4ubuntu0.1
libitalccore - 1:2.0.2+dfsg1-4ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4586-1: PHP ImageMagick vulnerability

1 month ago
php-imagick vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

PHP ImageMagick could be made to crash if it received specially crafted input.

Software Description
  • php-imagick - PHP extension to create and modify images using the ImageMagick API
Details

It was discovered that PHP ImageMagick extension didn’t check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
php-imagick - 3.4.3~rc2-2ubuntu4.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4593-1: FreeType vulnerability

1 month ago
freetype vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

FreeType could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description
  • freetype - FreeType 2 is a font engine library
Details

Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
libfreetype6 - 2.10.1-2ubuntu0.1
Ubuntu 18.04 LTS
libfreetype6 - 2.8.1-2ubuntu2.1
Ubuntu 16.04 LTS
libfreetype6 - 2.6.1-0.1ubuntu2.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References

USN-4592-1: Linux kernel vulnerabilities

1 month ago
linux-oem-osp1, linux-raspi2-5.3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux-oem-osp1 - Linux kernel for OEM systems
  • linux-raspi2-5.3 - Linux kernel for Raspberry Pi (V8) systems
Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
linux-image-5.0.0-1070-oem-osp1 - 5.0.0-1070.76
linux-image-5.3.0-1036-raspi2 - 5.3.0-1036.38
linux-image-oem-osp1 - 5.0.0.1070.68
linux-image-raspi2-hwe-18.04 - 5.3.0.1036.25

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4591-1: Linux kernel vulnerabilities

1 month ago
linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
  • linux-raspi - Linux kernel for Raspberry Pi (V8) systems
  • linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
  • linux-oem - Linux kernel for OEM systems
  • linux-raspi-5.4 - Linux kernel for Raspberry Pi (V8) systems
  • linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors
  • linux-hwe - Linux hardware enablement (HWE) kernel
Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1022-raspi - 5.4.0-1022.25
linux-image-5.4.0-52-generic - 5.4.0-52.57
linux-image-5.4.0-52-generic-lpae - 5.4.0-52.57
linux-image-5.4.0-52-lowlatency - 5.4.0-52.57
linux-image-generic - 5.4.0.52.55
linux-image-generic-hwe-18.04 - 5.4.0.52.55
linux-image-generic-hwe-18.04-edge - 5.4.0.52.55
linux-image-generic-hwe-20.04 - 5.4.0.52.55
linux-image-generic-lpae - 5.4.0.52.55
linux-image-generic-lpae-hwe-18.04 - 5.4.0.52.55
linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.52.55
linux-image-generic-lpae-hwe-20.04 - 5.4.0.52.55
linux-image-lowlatency - 5.4.0.52.55
linux-image-lowlatency-hwe-18.04 - 5.4.0.52.55
linux-image-lowlatency-hwe-18.04-edge - 5.4.0.52.55
linux-image-lowlatency-hwe-20.04 - 5.4.0.52.55
linux-image-oem - 5.4.0.52.55
linux-image-oem-osp1 - 5.4.0.52.55
linux-image-raspi - 5.4.0.1022.57
linux-image-raspi-hwe-18.04 - 5.4.0.1022.57
linux-image-raspi-hwe-18.04-edge - 5.4.0.1022.57
linux-image-raspi2 - 5.4.0.1022.57
linux-image-raspi2-hwe-18.04 - 5.4.0.1022.57
linux-image-raspi2-hwe-18.04-edge - 5.4.0.1022.57
linux-image-virtual - 5.4.0.52.55
linux-image-virtual-hwe-18.04 - 5.4.0.52.55
linux-image-virtual-hwe-18.04-edge - 5.4.0.52.55
linux-image-virtual-hwe-20.04 - 5.4.0.52.55
Ubuntu 18.04 LTS
linux-image-4.15.0-1090-snapdragon - 4.15.0-1090.99
linux-image-4.15.0-1100-oem - 4.15.0-1100.110
linux-image-4.15.0-122-generic - 4.15.0-122.124
linux-image-4.15.0-122-generic-lpae - 4.15.0-122.124
linux-image-4.15.0-122-lowlatency - 4.15.0-122.124
linux-image-5.4.0-1022-raspi - 5.4.0-1022.25~18.04.1
linux-image-5.4.0-52-generic - 5.4.0-52.57~18.04.1
linux-image-5.4.0-52-generic-lpae - 5.4.0-52.57~18.04.1
linux-image-5.4.0-52-lowlatency - 5.4.0-52.57~18.04.1
linux-image-generic - 4.15.0.122.109
linux-image-generic-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-generic-lpae - 4.15.0.122.109
linux-image-generic-lpae-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-lowlatency - 4.15.0.122.109
linux-image-lowlatency-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-oem - 4.15.0.1100.104
linux-image-powerpc-e500mc - 4.15.0.122.109
linux-image-powerpc-smp - 4.15.0.122.109
linux-image-powerpc64-emb - 4.15.0.122.109
linux-image-powerpc64-smp - 4.15.0.122.109
linux-image-raspi-hwe-18.04 - 5.4.0.1022.26
linux-image-snapdragon - 4.15.0.1090.93
linux-image-snapdragon-hwe-18.04 - 5.4.0.52.57~18.04.46
linux-image-virtual - 4.15.0.122.109
linux-image-virtual-hwe-18.04 - 5.4.0.52.57~18.04.46
Ubuntu 16.04 LTS
linux-image-4.15.0-122-generic - 4.15.0-122.124~16.04.1
linux-image-4.15.0-122-generic-lpae - 4.15.0-122.124~16.04.1
linux-image-4.15.0-122-lowlatency - 4.15.0-122.124~16.04.1
linux-image-generic-hwe-16.04 - 4.15.0.122.122
linux-image-generic-hwe-16.04-edge - 4.15.0.122.122
linux-image-generic-lpae-hwe-16.04 - 4.15.0.122.122
linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.122.122
linux-image-lowlatency-hwe-16.04 - 4.15.0.122.122
linux-image-lowlatency-hwe-16.04-edge - 4.15.0.122.122
linux-image-oem - 4.15.0.122.122
linux-image-virtual-hwe-16.04 - 4.15.0.122.122
linux-image-virtual-hwe-16.04-edge - 4.15.0.122.122

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4588-1: FlightGear vulnerability

1 month ago
flightgear vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

FlightGear could be made to crash if it received specially crafted input.

Software Description
  • flightgear - Flight Gear Flight Simulator
Details

It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
flightgear - 3.4.0-3ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
Checked
37 minutes 42 seconds ago
Recent content on Ubuntu security notices
Subscribe to Ubuntu feed
Categrory