Aggregator

Version:next-20190524 (linux-next) Released:2019-05-24

The 5.0.18 kernel update contains a number of important fixes across the tree. ---- The 5.0.17 update contains a number of important fixes across the tree

The 5.0.18 kernel update contains a number of important fixes across the tree.

MariaDB vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM

Summary

Several security issues were fixed in MariaDB.

Software Description

• mariadb-5.5 - MariaDB database

Details

USN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5.

Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-5564-changelog/ https://mariadb.com/kb/en/library/mariadb-5564-release-notes/

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

mariadb-server - 5.5.64-1ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

• USN-3957-1
• CVE-2019-2614
• CVE-2019-2627

Rebase to the v5.1 kernel series This contains enhancements and bug fixes across the tree ---- The 5.0.17 update contains a number of important fixes across the tree

Version:next-20190523 (linux-next) Released:2019-05-23

Version:3.16.68 (longterm) Released:2019-05-22 Source:linux-3.16.68.tar.xz PGP Signature:linux-3.16.68.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-3.16.68

intel-microcode update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 ESM

Summary

The system could be made to expose sensitive information.

Software Description

• intel-microcode - Processor microcode for Intel CPUs

Details

USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families.

Original advisory details:

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)

Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

intel-microcode - 3.20190514.0ubuntu0.19.04.3

Ubuntu 18.10

intel-microcode - 3.20190514.0ubuntu0.18.10.2

Ubuntu 18.04 LTS

intel-microcode - 3.20190514.0ubuntu0.18.04.3

Ubuntu 16.04 LTS

intel-microcode - 3.20190514.0ubuntu0.16.04.2

Ubuntu 14.04 ESM

intel-microcode - 3.20190514.0ubuntu0.14.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• USN-3977-1
• CVE-2018-12126
• CVE-2018-12127
• CVE-2018-12130
• CVE-2019-11091
• https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS

Code cleanups and Simplifications: * in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. * Discarding idea of re-using bucket beams and let them live for one request only. Removing design/implementation overhead of never used features. Making mutexes nested, removing optional lock code no longer necessary.

Code cleanups and Simplifications: * in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. * Discarding idea of re-using bucket beams and let them live for one request only. Removing design/implementation overhead of never used features. Making mutexes nested, removing optional lock code no longer necessary.

Code cleanups and Simplifications: * in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. * Discarding idea of re-using bucket beams and let them live for one request only. Removing design/implementation overhead of never used features. Making mutexes nested, removing optional lock code no longer necessary.

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

Summary

curl could be made to crash if it received a specially crafted data.

Software Description

• curl - HTTP, HTTPS, and FTP client and client libraries

Details

USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

curl - 7.35.0-1ubuntu2.20+esm2

libcurl3 - 7.35.0-1ubuntu2.20+esm2

libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm2

libcurl3-nss - 7.35.0-1ubuntu2.20+esm2

Ubuntu 12.04 ESM

curl - 7.22.0-3ubuntu4.26

libcurl3 - 7.22.0-3ubuntu4.26

libcurl3-gnutls - 7.22.0-3ubuntu4.26

libcurl3-nss - 7.22.0-3ubuntu4.26

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3993-1
• CVE-2019-5436

- fix TFTP receive buffer overflow (CVE-2019-5436) - fix integer overflows in curl_url_set() (CVE-2019-5435)

- fix TFTP receive buffer overflow (CVE-2019-5436) - fix integer overflows in curl_url_set() (CVE-2019-5435)

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in curl.

Software Description

• curl - HTTP, HTTPS, and FTP client and client libraries

Details

Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)

It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

curl - 7.64.0-2ubuntu1.1

libcurl3-gnutls - 7.64.0-2ubuntu1.1

libcurl3-nss - 7.64.0-2ubuntu1.1

libcurl4 - 7.64.0-2ubuntu1.1

Ubuntu 18.10

curl - 7.61.0-1ubuntu2.4

libcurl3-gnutls - 7.61.0-1ubuntu2.4

libcurl3-nss - 7.61.0-1ubuntu2.4

libcurl4 - 7.61.0-1ubuntu2.4

Ubuntu 18.04 LTS

curl - 7.58.0-2ubuntu3.7

libcurl3-gnutls - 7.58.0-2ubuntu3.7

libcurl3-nss - 7.58.0-2ubuntu3.7

libcurl4 - 7.58.0-2ubuntu3.7

Ubuntu 16.04 LTS

curl - 7.47.0-1ubuntu2.13

libcurl3 - 7.47.0-1ubuntu2.13

libcurl3-gnutls - 7.47.0-1ubuntu2.13

libcurl3-nss - 7.47.0-1ubuntu2.13

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-5435
• CVE-2019-5436

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software Description

• webkit2gtk - Web content engine library for GTK+

Details

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libjavascriptcoregtk-4.0-18 - 2.24.2-0ubuntu0.19.04.1

libwebkit2gtk-4.0-37 - 2.24.2-0ubuntu0.19.04.1

Ubuntu 18.10

libjavascriptcoregtk-4.0-18 - 2.24.2-0ubuntu0.18.10.1

libwebkit2gtk-4.0-37 - 2.24.2-0ubuntu0.18.10.1

Ubuntu 18.04 LTS

libjavascriptcoregtk-4.0-18 - 2.24.2-0ubuntu0.18.04.1

libwebkit2gtk-4.0-37 - 2.24.2-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References

• CVE-2019-8595
• CVE-2019-8607
• CVE-2019-8615

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

Summary

Several security issues were fixed in PHP.

Software Description

• php5 - HTML-embedded scripting language interpreter

Details

USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20783)

It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. (CVE-2019-11036)

Original advisory details:

It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 ESM. (CVE-2017-12933)

It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2017-11362)

It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 12.04 ESM. (CVE-2016-10712)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm2

php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm2

php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm2

php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm2

Ubuntu 12.04 ESM

libapache2-mod-php5 - 5.3.10-1ubuntu3.36

php5-cgi - 5.3.10-1ubuntu3.36

php5-cli - 5.3.10-1ubuntu3.36

php5-fpm - 5.3.10-1ubuntu3.36

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-3566-1
• CVE-2016-10712
• CVE-2017-11362
• CVE-2017-12933
• CVE-2018-20783
• CVE-2019-11036

Fix systemd socket permissions (CVE-2019-10132) The virtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket & virtlogd.socket units must be restarted, if currently running. THis can be done with a host reboot or systemctl commands.

Fix systemd socket permissions (CVE-2019-10132) The virtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket & virtlogd.socket units must be restarted, if currently running. This can be done with a host reboot or systemctl commands.

Fix systemd socket permissions (CVE-2019-10132) The virtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket & virtlogd.socket units must be restarted, if currently running. This can be done with a host reboot or systemctl commands.