Stemcell (Linux) Release Notes

This topic includes release notes for Linux stemcells used with Ops Manager.

Xenial Stemcells

The following sections describe each Xenial stemcell release.

621.x

This section includes release notes for the 621 line of Linux stemcells used with Ops Manager.

621.64

Available in Pivotal Network

Release Date: March 10, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:

Title: USN-4311-1: BlueZ vulnerabilities URL: https://usn.ubuntu.com/4311-1/ Priorities: low,medium Description: It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities URL: https://usn.ubuntu.com/4316-1/ Priorities: low Description: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4134-3: IBus vulnerability URL: https://usn.ubuntu.com/4134-3/ Priorities: medium Description: USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory details: Simon McVittie discovered that IBus did… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4314-1: pam-krb5 vulnerability URL: https://usn.ubuntu.com/4314-1/ Priorities: medium Description: Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4317-1/ Priorities: high Description: Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities URL: https://usn.ubuntu.com/4315-1/ Priorities: high,medium Description: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

621.61

Available in Pivotal Network

Release Date: March 10, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:

Title: USN-4298-1: SQLite vulnerabilities URL: https://usn.ubuntu.com/4298-1/ Priorities: medium,low Description: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4299-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4299-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4296-1: Django vulnerability URL: https://usn.ubuntu.com/4296-1/ Priorities: medium Description: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

621.59

Available in Pivotal Network

Release Date: March 02, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:

Title: USN-4279-2: PHP regression URL: https://usn.ubuntu.com/4279-2/ Priorities: low Description: USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability URL: https://usn.ubuntu.com/4290-1/ Priorities: medium Description: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities URL: https://usn.ubuntu.com/4292-1/ Priorities: low Description: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities URL: https://usn.ubuntu.com/4289-1/ Priorities: medium Description: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4293-1: libarchive vulnerabilities URL: https://usn.ubuntu.com/4293-1/ Priorities: low,medium Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities URL: https://usn.ubuntu.com/4278-2/ Priorities: medium Description: USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability URL: https://usn.ubuntu.com/4288-1/ Priorities: medium Description: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

621.57

Available in Pivotal Network

Release Date: January 31, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:

Title: USN-4277-1: libexif vulnerabilities URL: https://usn.ubuntu.com/4277-1/ Priorities: low,medium Description: Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities URL: https://usn.ubuntu.com/4275-1/ Priorities: low,medium Description: It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities URL: https://usn.ubuntu.com/4272-1/ Priorities: low,medium Description: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability URL: https://usn.ubuntu.com/4273-1/ Priorities: medium Description: It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities URL: https://usn.ubuntu.com/4274-1/ Priorities: low,medium Description: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

621.55

Available in Pivotal Network

Release Date: January 31, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:

Title: USN-4259-1: Apache Solr vulnerability URL: https://usn.ubuntu.com/4259-1/ Priorities: high Description: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4252-1: tcpdump vulnerabilities URL: https://usn.ubuntu.com/4252-1/ Priorities: low,medium Description: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4254-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities URL: https://usn.ubuntu.com/4255-2/ Priorities: medium Description: USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4263-1: Sudo vulnerability URL: https://usn.ubuntu.com/4263-1/ Priorities: low Description: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability URL: https://usn.ubuntu.com/4256-1/ Priorities: medium Description: It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4265-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4265-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities URL: https://usn.ubuntu.com/4250-1/ Priorities: medium Description: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities URL: https://usn.ubuntu.com/4257-1/ Priorities: low,medium Description: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

621.51

Available in Pivotal Network

Release Date: January 21, 2020

Bug Fixes

Metadata:

BOSH Agent Version: 2.268.11

USNs:

Title: USN-4246-1: zlib vulnerabilities URL: https://usn.ubuntu.com/4246-1/ Priorities: low Description: It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4248-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4248-1/ Priorities: medium Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4244-1: Samba vulnerabilities URL: https://usn.ubuntu.com/4244-1/ Priorities: low,medium Description: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities URL: https://usn.ubuntu.com/4247-1/ Priorities: medium Description: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4249-1: e2fsprogs vulnerability URL: https://usn.ubuntu.com/4249-1/ Priorities: medium Description: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4245-1: PySAML2 vulnerability URL: https://usn.ubuntu.com/4245-1/ Priorities: medium Description: It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

621.50

Available in Pivotal Network

Release Date: January 20, 2020

Metadata:

BOSH Agent Version: 2.268.10

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4232-1/ Priorities: medium,low Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4237-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities URL: https://usn.ubuntu.com/4238-1/ Priorities: medium,low Description: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability URL: https://usn.ubuntu.com/4240-1/ Priorities: high Description: It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities URL: https://usn.ubuntu.com/4239-1/ Priorities: low Description: It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability URL: https://usn.ubuntu.com/4236-2/ Priorities: medium Description: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4227-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4228-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability URL: https://usn.ubuntu.com/4230-1/ Priorities: medium Description: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability URL: https://usn.ubuntu.com/4231-1/ Priorities: medium Description: It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4234-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability URL: https://usn.ubuntu.com/4235-1/ Priorities: medium Description: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

621.41

Available in Pivotal Network

Release Date: January 06, 2020

BOSH Agent version: 2.268.9 USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description: USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description: Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description: It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

621.29

Available in Pivotal Network

Release Date: December 09, 2019

BOSH Agent version: 2.268.7 USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description: Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description: It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description: Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description: It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

621.26

Release Date: November 25, 2019

BOSH Agent version: 2.268.7 USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

621.23

Release Date: November 14, 2019

BOSH Agent version: 2.268.6 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

621.12

Release Date: November 11, 2019

BOSH Agent version: 2.268.5 USNs:

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description: It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description: It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

621.5

Release Date: October 29, 2019

New stemcell line!


BOSH Agent version: 2.268.3

456.x

This section includes release notes for the 456 line of Linux stemcells used with Ops Manager.

456.104

Available in Pivotal Network

Release Date: March 11, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4311-1: BlueZ vulnerabilities URL: https://usn.ubuntu.com/4311-1/ Priorities: low,medium Description: It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities URL: https://usn.ubuntu.com/4316-1/ Priorities: low Description: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4314-1: pam-krb5 vulnerability URL: https://usn.ubuntu.com/4314-1/ Priorities: medium Description: Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4317-1/ Priorities: high Description: Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities URL: https://usn.ubuntu.com/4315-1/ Priorities: high,medium Description: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

456.103

Available in Pivotal Network

Release Date: March 11, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4298-1: SQLite vulnerabilities URL: https://usn.ubuntu.com/4298-1/ Priorities: medium,low Description: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4299-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4299-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4296-1: Django vulnerability URL: https://usn.ubuntu.com/4296-1/ Priorities: medium Description: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

456.100

Available in Pivotal Network

Release Date: March 02, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4279-2: PHP regression URL: https://usn.ubuntu.com/4279-2/ Priorities: low Description: USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability URL: https://usn.ubuntu.com/4290-1/ Priorities: medium Description: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities URL: https://usn.ubuntu.com/4292-1/ Priorities: low Description: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities URL: https://usn.ubuntu.com/4289-1/ Priorities: medium Description: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4287-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4287-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15099
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16232
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18786
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19078
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19082
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4286-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4286-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Title: USN-4293-1: libarchive vulnerabilities URL: https://usn.ubuntu.com/4293-1/ Priorities: low,medium Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities URL: https://usn.ubuntu.com/4278-2/ Priorities: medium Description: USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability URL: https://usn.ubuntu.com/4288-1/ Priorities: medium Description: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

456.98

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4277-1: libexif vulnerabilities URL: https://usn.ubuntu.com/4277-1/ Priorities: low,medium Description: Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities URL: https://usn.ubuntu.com/4275-1/ Priorities: low,medium Description: It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities URL: https://usn.ubuntu.com/4272-1/ Priorities: low,medium Description: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability URL: https://usn.ubuntu.com/4273-1/ Priorities: medium Description: It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities URL: https://usn.ubuntu.com/4274-1/ Priorities: low,medium Description: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

456.96

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4246-1: zlib vulnerabilities URL: https://usn.ubuntu.com/4246-1/ Priorities: low Description: It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4259-1: Apache Solr vulnerability URL: https://usn.ubuntu.com/4259-1/ Priorities: high Description: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4248-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4248-1/ Priorities: medium Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4252-1: tcpdump vulnerabilities URL: https://usn.ubuntu.com/4252-1/ Priorities: low,medium Description: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4254-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities URL: https://usn.ubuntu.com/4255-2/ Priorities: medium Description: USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4244-1: Samba vulnerabilities URL: https://usn.ubuntu.com/4244-1/ Priorities: low,medium Description: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities URL: https://usn.ubuntu.com/4247-1/ Priorities: medium Description: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4263-1: Sudo vulnerability URL: https://usn.ubuntu.com/4263-1/ Priorities: low Description: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability URL: https://usn.ubuntu.com/4256-1/ Priorities: medium Description: It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4249-1: e2fsprogs vulnerability URL: https://usn.ubuntu.com/4249-1/ Priorities: medium Description: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4265-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4265-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities URL: https://usn.ubuntu.com/4250-1/ Priorities: medium Description: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities URL: https://usn.ubuntu.com/4257-1/ Priorities: low,medium Description: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

Title: USN-4245-1: PySAML2 vulnerability URL: https://usn.ubuntu.com/4245-1/ Priorities: medium Description: It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

456.93

Available in Pivotal Network

Release Date: January 20, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4232-1/ Priorities: medium,low Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4237-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities URL: https://usn.ubuntu.com/4238-1/ Priorities: medium,low Description: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability URL: https://usn.ubuntu.com/4240-1/ Priorities: high Description: It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities URL: https://usn.ubuntu.com/4239-1/ Priorities: low Description: It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability URL: https://usn.ubuntu.com/4236-2/ Priorities: medium Description: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4227-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4228-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability URL: https://usn.ubuntu.com/4230-1/ Priorities: medium Description: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability URL: https://usn.ubuntu.com/4231-1/ Priorities: medium Description: It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4234-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability URL: https://usn.ubuntu.com/4235-1/ Priorities: medium Description: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

456.84

Available in Pivotal Network

Release Date: January 06, 2020

BOSH Agent version: 2.234.7 USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description: USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description: Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description: It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

456.77

Available in Pivotal Network

Release Date: December 09, 2019

BOSH Agent version: 2.234.7 USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description: Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description: It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description: Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description: It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

456.74

Available in Pivotal Network

Release Date: November 25, 2019

BOSH Agent version: 2.234.7 USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

456.69

Available in Pivotal Network

Release Date: November 14, 2019

BOSH Agent version: 2.234.6 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

456.58

Available in Pivotal Network

Release Date: November 11, 2019

BOSH Agent version: 2.234.6 USNs:

Title: USN-4171-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4171-1/
Priorities: low,medium
Description: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15790

Title: USN-4170-1: Whoopsie vulnerability
URL: https://usn.ubuntu.com/4170-1/
Priorities: medium
Description: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11484

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4172-1: file vulnerability
URL: https://usn.ubuntu.com/4172-1/
Priorities: medium
Description: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18218

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description: It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4169-1: libarchive vulnerability
URL: https://usn.ubuntu.com/4169-1/
Priorities: medium
Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18408

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description: It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

456.51

Available in Pivotal Network

Release Date: October 28, 2019

BOSH Agent version: 2.234.5

Addresses CVE-2019-17596

456.40

Available in Pivotal Network

Release Date: October 21, 2019

BOSH Agent version: 2.234.3 USNs:

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11739

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11740

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11742

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11743

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11744

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11746

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11752

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7572

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7573

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7574

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7575

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7576

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7577

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7578

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7636

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7637

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7638

Title: USN-4154-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4154-1/
Priorities: medium
Description: Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Title: USN-4155-1: Aspell vulnerability
URL: https://usn.ubuntu.com/4155-1/
Priorities: medium
Description: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17544

456.30

Available in Pivotal Network

Release Date: October 04, 2019

BOSH Agent version: 2.234.2 USNs:

456.27

Available in Pivotal Network

Release Date: September 23, 2019

BOSH Agent version: 2.234.2 USNs:

456.25

Available in Pivotal Network

Release Date: September 18, 2019

BOSH Agent version: 2.117.13 USNs:

Title: USN-4128-1: Tomcat vulnerabilities
URL: https://usn.ubuntu.com/4128-1/
Priorities: low,medium
Description: It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10072

Title: USN-4133-1: Wireshark vulnerabilities
URL: https://usn.ubuntu.com/4133-1/
Priorities: low,medium
Description: It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13619

Title: USN-4134-1: IBus vulnerability
URL: https://usn.ubuntu.com/4134-1/
Priorities: medium
Description: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4115-2: Linux kernel regression
URL: https://usn.ubuntu.com/4115-2
Description: USN 4115-1 introduced a regression in the Linux kernel
CVEs:

Title: USN-4135-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4135-1/
Priorities: high,medium
Description: Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14835
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15031

Title: USN-4132-1: Expat vulnerability
URL: https://usn.ubuntu.com/4132-1/
Priorities: medium
Description: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15903

Title: USN-4129-1: curl vulnerabilities
URL: https://usn.ubuntu.com/4129-1/
Priorities: medium
Description: Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5482

456.22

Release Date: September 09, 2019

BOSH Agent version: 2.234.2 USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

456.16

Available in Pivotal Network

Release Date: August 28, 2019

Updating golang to versions that fixed CVEs disclosed here: https://github.com/golang/go/issues/33606

For more details, please read: https://kb.cert.org/vuls/id/605641/ which describes all the CVEs that cause the HTTP/2 implementations vulnerable to DDOS. and https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752 which shows a matrix of what http/2 implementations are affected by which vulnerabilities.

Because stemcells are implemented in golang, the vulnerabilities fixed in this patch are: CVE-2019-9512, also known as Ping Flood CVE-2019-9514, also known as Reset Flood

456.14

Release Date: August 26, 2019

BOSH Agent version: 2.234.0 Bi-weekly stemcell release

456.12

Release Date: August 12, 2019

BOSH Agent version: 2.234.0 Bi-weekly stemcell bump

456.3

Release Date: July 29, 2019

BOSH Agent version: 2.234.0 Bi-weekly update

456.1

Release Date: July 17, 2019

BOSH Agent version: 2.234.0 First release for 456 major line

315.x

This section includes release notes for the 315 line of Linux stemcells used with Ops Manager.

315.175

Available in Pivotal Network

Release Date: March 11, 2020

Metadata:

BOSH Agent Version: 2.215.10

USNs:

Title: USN-4311-1: BlueZ vulnerabilities URL: https://usn.ubuntu.com/4311-1/ Priorities: low,medium Description: It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities URL: https://usn.ubuntu.com/4316-1/ Priorities: low Description: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4314-1: pam-krb5 vulnerability URL: https://usn.ubuntu.com/4314-1/ Priorities: medium Description: Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4317-1/ Priorities: high Description: Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities URL: https://usn.ubuntu.com/4315-1/ Priorities: high,medium Description: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

315.174

Available in Pivotal Network

Release Date: March 11, 2020

Metadata:

BOSH Agent Version: 2.215.10

USNs:

Title: USN-4298-1: SQLite vulnerabilities URL: https://usn.ubuntu.com/4298-1/ Priorities: medium,low Description: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4299-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4299-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4296-1: Django vulnerability URL: https://usn.ubuntu.com/4296-1/ Priorities: medium Description: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

315.171

Available in Pivotal Network

Release Date: March 02, 2020

Metadata:

BOSH Agent Version: 2.215.10

USNs:

Title: USN-4279-2: PHP regression URL: https://usn.ubuntu.com/4279-2/ Priorities: low Description: USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability URL: https://usn.ubuntu.com/4290-1/ Priorities: medium Description: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities URL: https://usn.ubuntu.com/4292-1/ Priorities: low Description: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities URL: https://usn.ubuntu.com/4289-1/ Priorities: medium Description: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4287-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4287-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15099
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16232
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18786
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19078
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19082
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4286-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4286-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Title: USN-4293-1: libarchive vulnerabilities URL: https://usn.ubuntu.com/4293-1/ Priorities: low,medium Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities URL: https://usn.ubuntu.com/4278-2/ Priorities: medium Description: USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability URL: https://usn.ubuntu.com/4288-1/ Priorities: medium Description: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

315.169

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.215.10

USNs:

Title: USN-4277-1: libexif vulnerabilities URL: https://usn.ubuntu.com/4277-1/ Priorities: low,medium Description: Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities URL: https://usn.ubuntu.com/4275-1/ Priorities: low,medium Description: It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities URL: https://usn.ubuntu.com/4272-1/ Priorities: low,medium Description: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability URL: https://usn.ubuntu.com/4273-1/ Priorities: medium Description: It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities URL: https://usn.ubuntu.com/4274-1/ Priorities: low,medium Description: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

315.167

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.215.10

USNs:

Title: USN-4246-1: zlib vulnerabilities URL: https://usn.ubuntu.com/4246-1/ Priorities: low Description: It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4259-1: Apache Solr vulnerability URL: https://usn.ubuntu.com/4259-1/ Priorities: high Description: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4248-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4248-1/ Priorities: medium Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4252-1: tcpdump vulnerabilities URL: https://usn.ubuntu.com/4252-1/ Priorities: low,medium Description: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4254-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities URL: https://usn.ubuntu.com/4255-2/ Priorities: medium Description: USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4244-1: Samba vulnerabilities URL: https://usn.ubuntu.com/4244-1/ Priorities: low,medium Description: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities URL: https://usn.ubuntu.com/4247-1/ Priorities: medium Description: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4263-1: Sudo vulnerability URL: https://usn.ubuntu.com/4263-1/ Priorities: low Description: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability URL: https://usn.ubuntu.com/4256-1/ Priorities: medium Description: It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4249-1: e2fsprogs vulnerability URL: https://usn.ubuntu.com/4249-1/ Priorities: medium Description: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4265-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4265-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities URL: https://usn.ubuntu.com/4250-1/ Priorities: medium Description: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities URL: https://usn.ubuntu.com/4257-1/ Priorities: low,medium Description: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

Title: USN-4245-1: PySAML2 vulnerability URL: https://usn.ubuntu.com/4245-1/ Priorities: medium Description: It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

315.163

Available in Pivotal Network

Release Date: January 20, 2020

Metadata:

BOSH Agent Version: 2.215.10

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4232-1/ Priorities: medium,low Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4237-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities URL: https://usn.ubuntu.com/4238-1/ Priorities: medium,low Description: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability URL: https://usn.ubuntu.com/4240-1/ Priorities: high Description: It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities URL: https://usn.ubuntu.com/4239-1/ Priorities: low Description: It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability URL: https://usn.ubuntu.com/4236-2/ Priorities: medium Description: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4227-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4228-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability URL: https://usn.ubuntu.com/4230-1/ Priorities: medium Description: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability URL: https://usn.ubuntu.com/4231-1/ Priorities: medium Description: It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4234-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability URL: https://usn.ubuntu.com/4235-1/ Priorities: medium Description: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

315.154

Available in Pivotal Network

Release Date: January 06, 2020

BOSH Agent version: 2.215.10 USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description: USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description: Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description: It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

315.146

Available in Pivotal Network

Release Date: December 09, 2019

BOSH Agent version: 2.215.10 USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description: Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description: It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description: Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description: It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

315.143

Available in Pivotal Network

Release Date: November 25, 2019

BOSH Agent version: 2.215.10 USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

315.141

Available in Pivotal Network

Release Date: November 14, 2019

BOSH Agent version: 2.215.10 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

315.139

Release Date: November 13, 2019

BOSH Agent version: 2.215.10 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

315.133

Available in Pivotal Network

Release Date: November 11, 2019

BOSH Agent version: 2.215.10 USNs:

Title: USN-4171-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4171-1/
Priorities: low,medium
Description: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15790

Title: USN-4170-1: Whoopsie vulnerability
URL: https://usn.ubuntu.com/4170-1/
Priorities: medium
Description: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11484

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4172-1: file vulnerability
URL: https://usn.ubuntu.com/4172-1/
Priorities: medium
Description: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18218

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description: It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4169-1: libarchive vulnerability
URL: https://usn.ubuntu.com/4169-1/
Priorities: medium
Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18408

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description: It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

315.126

Available in Pivotal Network

Release Date: October 28, 2019

BOSH Agent version: 2.215.9

Addresses CVE-2019-17596

315.114

Available in Pivotal Network

Release Date: October 21, 2019

BOSH Agent version: 2.215.7 USNs:

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11739
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11742
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11743
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11744
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11752

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7575
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7576
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7578
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7636
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7637
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7638

Title: USN-4154-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4154-1/
Priorities: medium
Description: Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Title: USN-4155-1: Aspell vulnerability
URL: https://usn.ubuntu.com/4155-1/
Priorities: medium
Description: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17544

315.103

Available in Pivotal Network

Release Date: October 04, 2019

BOSH Agent version: 2.215.5 USNs:

315.99

Available in Pivotal Network

Release Date: September 23, 2019

BOSH Agent version: 2.215.4 USNs:

315.97

Available in Pivotal Network

Release Date: September 18, 2019

BOSH Agent version: 2.117.13 USNs:

Title: USN-4128-1: Tomcat vulnerabilities
URL: https://usn.ubuntu.com/4128-1/
Priorities: low,medium
Description: It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10072

Title: USN-4133-1: Wireshark vulnerabilities
URL: https://usn.ubuntu.com/4133-1/
Priorities: low,medium
Description: It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13619

Title: USN-4134-1: IBus vulnerability
URL: https://usn.ubuntu.com/4134-1/
Priorities: medium
Description: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4115-2: Linux kernel regression
URL: https://usn.ubuntu.com/4115-2
Description: USN 4115-1 introduced a regression in the Linux kernel
CVEs:

Title: USN-4135-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4135-1/
Priorities: high,medium
Description: Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14835
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15031

Title: USN-4132-1: Expat vulnerability
URL: https://usn.ubuntu.com/4132-1/
Priorities: medium
Description: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15903

Title: USN-4129-1: curl vulnerabilities
URL: https://usn.ubuntu.com/4129-1/
Priorities: medium
Description: Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5482

315.93

Release Date: September 09, 2019

BOSH Agent version: 2.215.4 USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

315.89

Available in Pivotal Network

Release Date: August 28, 2019

BOSH Agent version: 2.215.4 USNs:

Title: USN-4110-1: Dovecot vulnerability
URL: https://usn.ubuntu.com/4110-1/
Priorities: high
Description: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11500

Updating golang to versions that fixed CVEs disclosed here: https://github.com/golang/go/issues/33606

For more details, please read: https://kb.cert.org/vuls/id/605641/ which describes all the CVEs that cause the HTTP/2 implementations vulnerable to DDOS. and https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752 which shows a matrix of what http/2 implementations are affected by which vulnerabilities.

Because stemcells are implemented in golang, the vulnerabilities fixed in this patch are: CVE-2019-9512, also known as Ping Flood CVE-2019-9514, also known as Reset Flood

315.83

Available in Pivotal Network

Release Date: August 26, 2019

BOSH Agent version: 2.215.3 Bi-weekly stemcell release

315.81

Available in Pivotal Network

Release Date: August 12, 2019

BOSH Agent version: 2.215.3 Bi-weekly stemcell bump

315.72

Available in Pivotal Network

Release Date: July 29, 2019

BOSH Agent version: 2.215.3 Bi-weekly update

315.70

Available in Pivotal Network

Release Date: July 15, 2019

BOSH Agent version: 2.215.3

315.64

Available in Pivotal Network

Release Date: July 01, 2019

Bi-weekly Agent Bump (July 3rd)

315.45

Available in Pivotal Network

Release Date: June 20, 2019

BOSH Agent version: 2.215.3 USNs: https://usn.ubuntu.com/3977-3/

315.41

Available in Pivotal Network

Release Date: June 17, 2019

CVE fixes for https://usn.ubuntu.com/4017-1/

250.x

This section includes release notes for the 250 line of Linux stemcells used with Ops Manager.

250.190

Available in Pivotal Network

Release Date: March 18, 2020

Metadata:

BOSH Agent Version: 2.193.8

USNs:

Title: USN-4311-1: BlueZ vulnerabilities URL: https://usn.ubuntu.com/4311-1/ Priorities: low,medium Description: It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities URL: https://usn.ubuntu.com/4316-1/ Priorities: low Description: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4314-1: pam-krb5 vulnerability URL: https://usn.ubuntu.com/4314-1/ Priorities: medium Description: Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4317-1/ Priorities: high Description: Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities URL: https://usn.ubuntu.com/4315-1/ Priorities: high,medium Description: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

250.189

Available in Pivotal Network

Release Date: March 18, 2020

Metadata:

BOSH Agent Version: 2.193.8

USNs:

Title: USN-4298-1: SQLite vulnerabilities URL: https://usn.ubuntu.com/4298-1/ Priorities: medium,low Description: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4302-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4302-1/ Priorities: negligible,low,medium Description: Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19058
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8832

Title: USN-4299-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4299-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4305-1: ICU vulnerability URL: https://usn.ubuntu.com/4305-1/ Priorities: medium Description: André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10531

Title: USN-4296-1: Django vulnerability URL: https://usn.ubuntu.com/4296-1/ Priorities: medium Description: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

250.185

Available in Pivotal Network

Release Date: March 02, 2020

Metadata:

BOSH Agent Version: 2.193.8

USNs:

Title: USN-4279-2: PHP regression URL: https://usn.ubuntu.com/4279-2/ Priorities: low Description: USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability URL: https://usn.ubuntu.com/4290-1/ Priorities: medium Description: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities URL: https://usn.ubuntu.com/4292-1/ Priorities: low Description: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities URL: https://usn.ubuntu.com/4289-1/ Priorities: medium Description: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4287-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4287-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15099
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16232
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18786
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19078
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19082
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4286-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4286-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Title: USN-4293-1: libarchive vulnerabilities URL: https://usn.ubuntu.com/4293-1/ Priorities: low,medium Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities URL: https://usn.ubuntu.com/4278-2/ Priorities: medium Description: USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability URL: https://usn.ubuntu.com/4288-1/ Priorities: medium Description: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

250.183

Available in Pivotal Network

Release Date: January 22, 2020

Metadata:

BOSH Agent Version: 2.193.8

USNs:

Title: USN-4277-1: libexif vulnerabilities URL: https://usn.ubuntu.com/4277-1/ Priorities: low,medium Description: Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities URL: https://usn.ubuntu.com/4275-1/ Priorities: low,medium Description: It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities URL: https://usn.ubuntu.com/4272-1/ Priorities: low,medium Description: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability URL: https://usn.ubuntu.com/4273-1/ Priorities: medium Description: It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities URL: https://usn.ubuntu.com/4274-1/ Priorities: low,medium Description: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

250.181

Available in Pivotal Network

Release Date: January 22, 2020

Metadata:

BOSH Agent Version: 2.193.8

USNs:

Title: USN-4246-1: zlib vulnerabilities URL: https://usn.ubuntu.com/4246-1/ Priorities: low Description: It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4259-1: Apache Solr vulnerability URL: https://usn.ubuntu.com/4259-1/ Priorities: high Description: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4248-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4248-1/ Priorities: medium Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4252-1: tcpdump vulnerabilities URL: https://usn.ubuntu.com/4252-1/ Priorities: low,medium Description: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4267-1: ARM mbed TLS vulnerabilities URL: https://usn.ubuntu.com/4267-1/ Priorities: medium,high Description: It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. (CVE-2017-18187) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (buffer overflow) via a crafted… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18187
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0487
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0488
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0497
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0498

Title: USN-4254-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4254-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities URL: https://usn.ubuntu.com/4255-2/ Priorities: medium Description: USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4244-1: Samba vulnerabilities URL: https://usn.ubuntu.com/4244-1/ Priorities: low,medium Description: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities URL: https://usn.ubuntu.com/4247-1/ Priorities: medium Description: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4263-1: Sudo vulnerability URL: https://usn.ubuntu.com/4263-1/ Priorities: low Description: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability URL: https://usn.ubuntu.com/4256-1/ Priorities: medium Description: It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4249-1: e2fsprogs vulnerability URL: https://usn.ubuntu.com/4249-1/ Priorities: medium Description: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4265-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4265-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities URL: https://usn.ubuntu.com/4250-1/ Priorities: medium Description: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities URL: https://usn.ubuntu.com/4257-1/ Priorities: low,medium Description: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

Title: USN-4245-1: PySAML2 vulnerability URL: https://usn.ubuntu.com/4245-1/ Priorities: medium Description: It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

250.178

Available in Pivotal Network

Release Date: January 20, 2020

Metadata:

BOSH Agent Version: 2.193.8

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4232-1/ Priorities: medium,low Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4237-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities URL: https://usn.ubuntu.com/4238-1/ Priorities: medium,low Description: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability URL: https://usn.ubuntu.com/4240-1/ Priorities: high Description: It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities URL: https://usn.ubuntu.com/4239-1/ Priorities: low Description: It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability URL: https://usn.ubuntu.com/4236-2/ Priorities: medium Description: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4227-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4228-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability URL: https://usn.ubuntu.com/4230-1/ Priorities: medium Description: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability URL: https://usn.ubuntu.com/4231-1/ Priorities: medium Description: It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4234-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability URL: https://usn.ubuntu.com/4235-1/ Priorities: medium Description: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

250.170

Available in Pivotal Network

Release Date: January 06, 2020

BOSH Agent version: 2.193.8 USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description: USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description: Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description: It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

250.161

Available in Pivotal Network

Release Date: December 09, 2019

BOSH Agent version: 2.193.8 USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description: Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description: It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description: Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description: It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

250.159

Available in Pivotal Network

Release Date: November 25, 2019

BOSH Agent version: 2.193.8 USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

250.157

Available in Pivotal Network

Release Date: November 14, 2019

BOSH Agent version: 2.193.8 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

250.147

Available in Pivotal Network

Release Date: November 11, 2019

BOSH Agent version: 2.193.8 USNs:

Title: USN-4171-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4171-1/
Priorities: low,medium
Description: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15790

Title: USN-4170-1: Whoopsie vulnerability
URL: https://usn.ubuntu.com/4170-1/
Priorities: medium
Description: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11484

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4172-1: file vulnerability
URL: https://usn.ubuntu.com/4172-1/
Priorities: medium
Description: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18218

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description: It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4169-1: libarchive vulnerability
URL: https://usn.ubuntu.com/4169-1/
Priorities: medium
Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18408

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description: It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

250.142

Available in Pivotal Network

Release Date: October 28, 2019

BOSH Agent version: 2.193.8

Addresses CVE-2019-17596

250.130

Available in Pivotal Network

Release Date: October 21, 2019

BOSH Agent version: 2.193.6 USNs:

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11739

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11740

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11742

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11743

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11744

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11746

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11752

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7572

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7573

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7574

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7575

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7576

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7577

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7578

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7636

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7637

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7638

Title: USN-4154-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4154-1/
Priorities: medium
Description: Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Title: USN-4155-1: Aspell vulnerability
URL: https://usn.ubuntu.com/4155-1/
Priorities: medium
Description: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17544

250.116

Available in Pivotal Network

Release Date: October 04, 2019

BOSH Agent version: 2.193.5 USNs:

250.112

Available in Pivotal Network

Release Date: September 23, 2019

BOSH Agent version: 2.193.4 USNs:

250.110

Available in Pivotal Network

Release Date: September 18, 2019

BOSH Agent version: 2.117.13 USNs:

Title: USN-4128-1: Tomcat vulnerabilities
URL: https://usn.ubuntu.com/4128-1/
Priorities: low,medium
Description: It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10072

Title: USN-4133-1: Wireshark vulnerabilities
URL: https://usn.ubuntu.com/4133-1/
Priorities: low,medium
Description: It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13619

Title: USN-4134-1: IBus vulnerability
URL: https://usn.ubuntu.com/4134-1/
Priorities: medium
Description: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4115-2: Linux kernel regression
URL: https://usn.ubuntu.com/4115-2
Description: USN 4115-1 introduced a regression in the Linux kernel
CVEs:

Title: USN-4135-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4135-1/
Priorities: high,medium
Description: Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14835
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15031

Title: USN-4132-1: Expat vulnerability
URL: https://usn.ubuntu.com/4132-1/
Priorities: medium
Description: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15903

Title: USN-4129-1: curl vulnerabilities
URL: https://usn.ubuntu.com/4129-1/
Priorities: medium
Description: Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5482

250.106

Release Date: September 09, 2019

BOSH Agent version: 2.193.4 USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

250.99

Available in Pivotal Network

Release Date: August 28, 2019

BOSH Agent version: 2.193.4

Title: USN-4110-1: Dovecot vulnerability
URL: https://usn.ubuntu.com/4110-1/
Priorities: high
Description: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11500

Updating golang to versions that fixed CVEs disclosed here: https://github.com/golang/go/issues/33606

For more details, please read: https://kb.cert.org/vuls/id/605641/ which describes all the CVEs that cause the HTTP/2 implementations vulnerable to DDOS. and https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752 which shows a matrix of what http/2 implementations are affected by which vulnerabilities.

Because stemcells are implemented in golang, the vulnerabilities fixed in this patch are: CVE-2019-9512, also known as Ping Flood CVE-2019-9514, also known as Reset Flood

250.95

Available in Pivotal Network

Release Date: August 26, 2019

BOSH Agent version: 2.193.3 Bi-weekly stemcell release

250.93

Available in Pivotal Network

Release Date: August 12, 2019

BOSH Agent version: 2.193.3 Bi-weekly stemcell bump

250.84

Available in Pivotal Network

Release Date: July 29, 2019

BOSH Agent version: 2.193.3 Bi-weekly update

250.82

Available in Pivotal Network

Release Date: July 15, 2019

BOSH Agent version: 2.193.3

250.79

Available in Pivotal Network

Release Date: July 01, 2019

Bi-weekly Agent Bump (July 3rd)

250.73

Available in Pivotal Network

Release Date: June 24, 2019

BOSH Agent version: 2.193.3 USNs: https://usn.ubuntu.com/3977-3/

250.63

Available in Pivotal Network

Release Date: June 17, 2019

CVE fixes for https://usn.ubuntu.com/4017-1/

250.56

Available in Pivotal Network

Release Date: May 22, 2019

USN 3977-2

250.29

Available in Pivotal Network

Release Date: April 08, 2019

Periodic stemcell bump (Apr 9, 2019)

250.25

Available in Pivotal Network

Release Date: March 25, 2019

Periodic stemcell bump (Mar 26, 2019)

250.23

Available in Pivotal Network

Release Date: March 21, 2019

Periodic stemcell bump (Mar 22, 2019)

250.21

Available in Pivotal Network

Release Date: March 12, 2019

Periodic stemcell bump (Mar 15, 2019)

250.17

Available in Pivotal Network

Release Date: February 25, 2019

Periodic stemcell bump (Mar 06, 2019)

250.9

Release Date: February 12, 2019

Periodic Ubuntu Xenial stemcell bump (Feb 13, 2019)

250.4

Release Date: January 29, 2019

First published xenial 250. stemcell.

170.x

This section includes release notes for the 170 line of Linux stemcells used with Ops Manager.

170.211

Available in Pivotal Network

Release Date: March 18, 2020

Metadata:

BOSH Agent Version: 2.160.11

USNs:

Title: USN-4311-1: BlueZ vulnerabilities URL: https://usn.ubuntu.com/4311-1/ Priorities: low,medium Description: It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities URL: https://usn.ubuntu.com/4316-1/ Priorities: low Description: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4314-1: pam-krb5 vulnerability URL: https://usn.ubuntu.com/4314-1/ Priorities: medium Description: Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4317-1/ Priorities: high Description: Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities URL: https://usn.ubuntu.com/4315-1/ Priorities: high,medium Description: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

170.210

Available in Pivotal Network

Release Date: March 18, 2020

Metadata:

BOSH Agent Version: 2.160.11

USNs:

Title: USN-4298-1: SQLite vulnerabilities URL: https://usn.ubuntu.com/4298-1/ Priorities: medium,low Description: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4302-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4302-1/ Priorities: negligible,low,medium Description: Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19058
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8832

Title: USN-4299-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4299-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4305-1: ICU vulnerability URL: https://usn.ubuntu.com/4305-1/ Priorities: medium Description: André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10531

Title: USN-4296-1: Django vulnerability URL: https://usn.ubuntu.com/4296-1/ Priorities: medium Description: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

170.205

Available in Pivotal Network

Release Date: March 02, 2020

Metadata:

BOSH Agent Version: 2.160.11

USNs:

Title: USN-4279-2: PHP regression URL: https://usn.ubuntu.com/4279-2/ Priorities: low Description: USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability URL: https://usn.ubuntu.com/4290-1/ Priorities: medium Description: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities URL: https://usn.ubuntu.com/4292-1/ Priorities: low Description: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities URL: https://usn.ubuntu.com/4289-1/ Priorities: medium Description: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4287-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4287-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15099
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16232
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18786
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19078
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19082
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4286-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4286-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Title: USN-4293-1: libarchive vulnerabilities URL: https://usn.ubuntu.com/4293-1/ Priorities: low,medium Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities URL: https://usn.ubuntu.com/4278-2/ Priorities: medium Description: USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability URL: https://usn.ubuntu.com/4288-1/ Priorities: medium Description: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

170.203

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.160.11

USNs:

Title: USN-4277-1: libexif vulnerabilities URL: https://usn.ubuntu.com/4277-1/ Priorities: low,medium Description: Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities URL: https://usn.ubuntu.com/4275-1/ Priorities: low,medium Description: It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities URL: https://usn.ubuntu.com/4272-1/ Priorities: low,medium Description: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability URL: https://usn.ubuntu.com/4273-1/ Priorities: medium Description: It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities URL: https://usn.ubuntu.com/4274-1/ Priorities: low,medium Description: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

170.201

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.160.11

USNs:

Title: USN-4246-1: zlib vulnerabilities URL: https://usn.ubuntu.com/4246-1/ Priorities: low Description: It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4259-1: Apache Solr vulnerability URL: https://usn.ubuntu.com/4259-1/ Priorities: high Description: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4248-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4248-1/ Priorities: medium Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4252-1: tcpdump vulnerabilities URL: https://usn.ubuntu.com/4252-1/ Priorities: low,medium Description: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4254-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities URL: https://usn.ubuntu.com/4255-2/ Priorities: medium Description: USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4244-1: Samba vulnerabilities URL: https://usn.ubuntu.com/4244-1/ Priorities: low,medium Description: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities URL: https://usn.ubuntu.com/4247-1/ Priorities: medium Description: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4263-1: Sudo vulnerability URL: https://usn.ubuntu.com/4263-1/ Priorities: low Description: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability URL: https://usn.ubuntu.com/4256-1/ Priorities: medium Description: It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4249-1: e2fsprogs vulnerability URL: https://usn.ubuntu.com/4249-1/ Priorities: medium Description: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4265-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4265-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities URL: https://usn.ubuntu.com/4250-1/ Priorities: medium Description: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities URL: https://usn.ubuntu.com/4257-1/ Priorities: low,medium Description: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

Title: USN-4245-1: PySAML2 vulnerability URL: https://usn.ubuntu.com/4245-1/ Priorities: medium Description: It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

170.198

Available in Pivotal Network

Release Date: January 20, 2020

Metadata:

BOSH Agent Version: 2.160.11

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4232-1/ Priorities: medium,low Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4237-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities URL: https://usn.ubuntu.com/4238-1/ Priorities: medium,low Description: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability URL: https://usn.ubuntu.com/4240-1/ Priorities: high Description: It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities URL: https://usn.ubuntu.com/4239-1/ Priorities: low Description: It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability URL: https://usn.ubuntu.com/4236-2/ Priorities: medium Description: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4227-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4228-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability URL: https://usn.ubuntu.com/4230-1/ Priorities: medium Description: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability URL: https://usn.ubuntu.com/4231-1/ Priorities: medium Description: It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4234-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability URL: https://usn.ubuntu.com/4235-1/ Priorities: medium Description: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

170.189

Available in Pivotal Network

Release Date: January 06, 2020

BOSH Agent version: 2.160.11 USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description: USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description: Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description: It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

170.180

Available in Pivotal Network

Release Date: December 09, 2019

BOSH Agent version: 2.160.11 USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description: Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description: It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description: Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description: It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

170.177

Available in Pivotal Network

Release Date: November 25, 2019

BOSH Agent version: 2.160.11 USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

170.175

Available in Pivotal Network

Release Date: November 14, 2019

BOSH Agent version: 2.160.11 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

170.167

Available in Pivotal Network

Release Date: November 11, 2019

BOSH Agent version: 2.160.11 USNs:

Title: USN-4171-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4171-1/
Priorities: low,medium
Description: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15790

Title: USN-4170-1: Whoopsie vulnerability
URL: https://usn.ubuntu.com/4170-1/
Priorities: medium
Description: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11484

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4172-1: file vulnerability
URL: https://usn.ubuntu.com/4172-1/
Priorities: medium
Description: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18218

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description: It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4169-1: libarchive vulnerability
URL: https://usn.ubuntu.com/4169-1/
Priorities: medium
Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18408

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description: It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

170.162

Available in Pivotal Network

Release Date: October 28, 2019

BOSH Agent version: 2.160.11

Addresses CVE-2019-17596

170.152

Available in Pivotal Network

Release Date: October 21, 2019

BOSH Agent version: 2.160.9 USNs:

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11739

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11740

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11742

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11743

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11744

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11746

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11752

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7572

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7573

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7574

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7575

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7576

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7577

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7578

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7636

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7637

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7638

Title: USN-4154-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4154-1/
Priorities: medium
Description: Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Title: USN-4155-1: Aspell vulnerability
URL: https://usn.ubuntu.com/4155-1/
Priorities: medium
Description: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17544

170.140

Available in Pivotal Network

Release Date: October 04, 2019

BOSH Agent version: 2.160.8 USNs:

This release fixes the issue in stemcell 170.38 that prevents new VMs from being created on Azure.

170.138

Release Date: October 02, 2019

BOSH Agent version: 2.160.8 USNs:

No longer available. This release has an issue that prevents new VMs from being created on Azure. Upgrade to stemcell 170.140 or later.

170.135

Available in Pivotal Network

Release Date: September 23, 2019

BOSH Agent version: 2.160.8 USNs:

170.133

Available in Pivotal Network

Release Date: September 18, 2019

BOSH Agent version: 2.117.13 USNs:

Title: USN-4128-1: Tomcat vulnerabilities
URL: https://usn.ubuntu.com/4128-1/
Priorities: low,medium
Description: It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10072

Title: USN-4133-1: Wireshark vulnerabilities
URL: https://usn.ubuntu.com/4133-1/
Priorities: low,medium
Description: It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13619

Title: USN-4134-1: IBus vulnerability
URL: https://usn.ubuntu.com/4134-1/
Priorities: medium
Description: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4115-2: Linux kernel regression
URL: https://usn.ubuntu.com/4115-2
Description: USN 4115-1 introduced a regression in the Linux kernel
CVEs:

Title: USN-4135-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4135-1/
Priorities: high,medium
Description: Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14835
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15031

Title: USN-4132-1: Expat vulnerability
URL: https://usn.ubuntu.com/4132-1/
Priorities: medium
Description: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15903

Title: USN-4129-1: curl vulnerabilities
URL: https://usn.ubuntu.com/4129-1/
Priorities: medium
Description: Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5482

170.129

Release Date: September 09, 2019

BOSH Agent version: 2.160.8 USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

170.124

Available in Pivotal Network

Release Date: August 28, 2019

BOSH Agent version: 2.160.7 USNs:

Title: USN-4110-1: Dovecot vulnerability
URL: https://usn.ubuntu.com/4110-1/
Priorities: high
Description: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11500

Updating golang to versions that fixed CVEs disclosed here: https://github.com/golang/go/issues/33606

For more details, please read: https://kb.cert.org/vuls/id/605641/ which describes all the CVEs that cause the HTTP/2 implementations vulnerable to DDOS. and https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752 which shows a matrix of what http/2 implementations are affected by which vulnerabilities.

Because stemcells are implemented in golang, the vulnerabilities fixed in this patch are: CVE-2019-9512, also known as Ping Flood CVE-2019-9514, also known as Reset Flood

170.120

Available in Pivotal Network

Release Date: August 26, 2019

BOSH Agent version: 2.160.6 Bi-weekly stemcell release

170.111

Available in Pivotal Network

Release Date: July 29, 2019

BOSH Agent version: 2.160.6 Bi-weekly update

170.109

Available in Pivotal Network

Release Date: July 15, 2019

Bi-weekly stemcell Bump

170.107

Available in Pivotal Network

Release Date: July 03, 2019

Bi-weekly Agent Bump (July 3rd)

170.93

Available in Pivotal Network

Release Date: June 24, 2019

BOSH Agent version: bump bosh-agent to send log sha when fetching USNs: https://usn.ubuntu.com/3977-3/

170.82

Available in Pivotal Network

Release Date: June 17, 2019

CVE fixes for https://usn.ubuntu.com/4017-1/

170.48

Available in Pivotal Network

Release Date: April 08, 2019

Periodic stemcell bump (Apr 8, 2019)

170.45

Available in Pivotal Network

Release Date: March 25, 2019

Periodic stemcell bump (Mar 26, 2019)

170.43

Release Date: March 21, 2019

Periodic stemcell bump (Mar 22, 2019)

170.39

Available in Pivotal Network

Release Date: March 11, 2019

Periodic stemcell bump (Mar 15, 2019)

170.38

Available in Pivotal Network

Release Date: February 25, 2019

Periodic stemcell bump (Mar 06, 2019)

170.30

Available in Pivotal Network

Release Date: February 12, 2019

Periodic Ubuntu Xenial stemcell bump (Feb 12, 2019)

170.25

Available in Pivotal Network

Release Date: January 28, 2019

Periodic Ubuntu Xenial stemcell bump (Jan 28, 2019)

170.24

Available in Pivotal Network

Release Date: January 23, 2019

Addresses “USN-3866-1: Ghostscript vulnerability”

170.23

Available in Pivotal Network

Release Date: January 22, 2019

Addresses “USN-3863-1: APT vulnerability”

170.21

Release Date: January 15, 2019

Periodic Ubuntu Xenial stemcell bump (Jan 15, 2019)

170.19

Available in Pivotal Network

Release Date: January 11, 2019

Addresses “USN-3855-1: systemd vulnerabilities”

170.15

Available in Pivotal Network

Release Date: December 20, 2018

Periodic Ubuntu Xenial stemcell bump (Dec 26, 2018)

170.14

Available in Pivotal Network

Release Date: December 17, 2018

Periodic Ubuntu Xenial stemcell bump (Dec 17, 2018)

170.13

Release Date: December 11, 2018

Fixes

  • Google: hostname should always be BOSH Agent ID (#57, #162225262)

170.12

Release Date: December 04, 2018

Periodic Ubuntu Xenial stemcell bump (Dec 05, 2018)

170.9

Release Date: November 19, 2018

Periodic Ubuntu Xenial stemcell bump (Nov 19, 2018)

170.6

Release Date: November 15, 2018

Includes updates to address:

170.5

Release Date: November 05, 2018

Periodic Ubuntu Xenial stemcell bump (Nov 05, 2018)

97.x

This section includes release notes for the 97 line of Linux stemcells used with Ops Manager.

97.241

Available in Pivotal Network

Release Date: March 18, 2020

Metadata:

BOSH Agent Version: 2.117.16

USNs:

Title: USN-4311-1: BlueZ vulnerabilities URL: https://usn.ubuntu.com/4311-1/ Priorities: low,medium Description: It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities URL: https://usn.ubuntu.com/4316-1/ Priorities: low Description: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4134-3: IBus vulnerability URL: https://usn.ubuntu.com/4134-3/ Priorities: medium Description: USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory details: Simon McVittie discovered that IBus did… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4314-1: pam-krb5 vulnerability URL: https://usn.ubuntu.com/4314-1/ Priorities: medium Description: Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4317-1/ Priorities: high Description: Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities URL: https://usn.ubuntu.com/4315-1/ Priorities: high,medium Description: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

97.239

Available in Pivotal Network

Release Date: March 18, 2020

Metadata:

BOSH Agent Version: 2.117.16

USNs:

Title: USN-4298-1: SQLite vulnerabilities URL: https://usn.ubuntu.com/4298-1/ Priorities: medium,low Description: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4302-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4302-1/ Priorities: negligible,low,medium Description: Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19058
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8832

Title: USN-4299-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4299-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4305-1: ICU vulnerability URL: https://usn.ubuntu.com/4305-1/ Priorities: medium Description: André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10531

Title: USN-4296-1: Django vulnerability URL: https://usn.ubuntu.com/4296-1/ Priorities: medium Description: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

97.234

Available in Pivotal Network

Release Date: March 02, 2020

Metadata:

BOSH Agent Version: 2.117.16

USNs:

Title: USN-4279-2: PHP regression URL: https://usn.ubuntu.com/4279-2/ Priorities: low Description: USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability URL: https://usn.ubuntu.com/4290-1/ Priorities: medium Description: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities URL: https://usn.ubuntu.com/4292-1/ Priorities: low Description: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities URL: https://usn.ubuntu.com/4289-1/ Priorities: medium Description: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4287-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4287-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15099
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16232
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18786
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19078
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19082
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4286-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4286-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Title: USN-4293-1: libarchive vulnerabilities URL: https://usn.ubuntu.com/4293-1/ Priorities: low,medium Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities URL: https://usn.ubuntu.com/4278-2/ Priorities: medium Description: USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability URL: https://usn.ubuntu.com/4288-1/ Priorities: medium Description: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

97.232

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.117.16

USNs:

Title: USN-4277-1: libexif vulnerabilities URL: https://usn.ubuntu.com/4277-1/ Priorities: low,medium Description: Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities URL: https://usn.ubuntu.com/4275-1/ Priorities: low,medium Description: It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities URL: https://usn.ubuntu.com/4272-1/ Priorities: low,medium Description: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability URL: https://usn.ubuntu.com/4273-1/ Priorities: medium Description: It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities URL: https://usn.ubuntu.com/4274-1/ Priorities: low,medium Description: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

97.230

Available in Pivotal Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.117.16

USNs:

Title: USN-4246-1: zlib vulnerabilities URL: https://usn.ubuntu.com/4246-1/ Priorities: low Description: It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4259-1: Apache Solr vulnerability URL: https://usn.ubuntu.com/4259-1/ Priorities: high Description: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4248-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4248-1/ Priorities: medium Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4252-1: tcpdump vulnerabilities URL: https://usn.ubuntu.com/4252-1/ Priorities: low,medium Description: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4254-1/ Priorities: medium,negligible,low Description: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities URL: https://usn.ubuntu.com/4255-2/ Priorities: medium Description: USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4244-1: Samba vulnerabilities URL: https://usn.ubuntu.com/4244-1/ Priorities: low,medium Description: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities URL: https://usn.ubuntu.com/4247-1/ Priorities: medium Description: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4263-1: Sudo vulnerability URL: https://usn.ubuntu.com/4263-1/ Priorities: low Description: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability URL: https://usn.ubuntu.com/4256-1/ Priorities: medium Description: It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4249-1: e2fsprogs vulnerability URL: https://usn.ubuntu.com/4249-1/ Priorities: medium Description: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4265-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4265-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities URL: https://usn.ubuntu.com/4250-1/ Priorities: medium Description: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities URL: https://usn.ubuntu.com/4257-1/ Priorities: low,medium Description: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

Title: USN-4245-1: PySAML2 vulnerability URL: https://usn.ubuntu.com/4245-1/ Priorities: medium Description: It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

97.226

Available in Pivotal Network

Release Date: January 20, 2020

Metadata:

BOSH Agent Version: 2.117.16

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities URL: https://usn.ubuntu.com/4232-1/ Priorities: medium,low Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities URL: https://usn.ubuntu.com/4237-1/ Priorities: medium Description: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities URL: https://usn.ubuntu.com/4238-1/ Priorities: medium,low Description: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability URL: https://usn.ubuntu.com/4240-1/ Priorities: high Description: It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities URL: https://usn.ubuntu.com/4239-1/ Priorities: low Description: It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability URL: https://usn.ubuntu.com/4236-2/ Priorities: medium Description: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4227-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities URL: https://usn.ubuntu.com/4228-1/ Priorities: medium,low Description: It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the… CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability URL: https://usn.ubuntu.com/4230-1/ Priorities: medium Description: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability URL: https://usn.ubuntu.com/4231-1/ Priorities: medium Description: It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities URL: https://usn.ubuntu.com/4234-1/ Priorities: medium,low Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability URL: https://usn.ubuntu.com/4235-1/ Priorities: medium Description: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

97.217

Available in Pivotal Network

Release Date: January 06, 2020

BOSH Agent version: 2.117.16 USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description: It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description: USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description: Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description: It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

97.206

Available in Pivotal Network

Release Date: December 09, 2019

BOSH Agent version: 2.117.16 USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description: Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description: It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description: Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description: It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

97.204

Available in Pivotal Network

Release Date: November 25, 2019

BOSH Agent version: 2.117.16 USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

97.202

Available in Pivotal Network

Release Date: November 14, 2019

BOSH Agent version: 2.117.16 USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description: It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description: USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description: USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

97.192

Available in Pivotal Network

Release Date: November 11, 2019

BOSH Agent version: 2.117.16 USNs:

Title: USN-4171-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4171-1/
Priorities: low,medium
Description: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15790

Title: USN-4170-1: Whoopsie vulnerability
URL: https://usn.ubuntu.com/4170-1/
Priorities: medium
Description: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11484

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description: Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4172-1: file vulnerability
URL: https://usn.ubuntu.com/4172-1/
Priorities: medium
Description: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18218

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description: It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4169-1: libarchive vulnerability
URL: https://usn.ubuntu.com/4169-1/
Priorities: medium
Description: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18408

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description: It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

97.187

Available in Pivotal Network

Release Date: October 28, 2019

BOSH Agent version: 2.117.16

Addresses CVE-2019-17596

97.176

Available in Pivotal Network

Release Date: October 21, 2019

BOSH Agent version: 2.117.14 USNs:

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11739

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11740

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11742

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11743

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11744

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11746

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description: It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11752

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7572

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7573

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7574

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7575

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7576

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7577

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7578

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7636

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7637

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7638

Title: USN-4154-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4154-1/
Priorities: medium
Description: Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Title: USN-4155-1: Aspell vulnerability
URL: https://usn.ubuntu.com/4155-1/
Priorities: medium
Description: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17544

97.163

Available in Pivotal Network

Release Date: October 04, 2019

BOSH Agent version: 2.117.13 USNs:

97.160

Available in Pivotal Network

Release Date: September 23, 2019

BOSH Agent version: 2.117.13 USNs:

97.159

Available in Pivotal Network

Release Date: September 18, 2019

BOSH Agent version: 2.117.13 USNs:

Title: USN-4128-1: Tomcat vulnerabilities
URL: https://usn.ubuntu.com/4128-1/
Priorities: low,medium
Description: It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10072

Title: USN-4133-1: Wireshark vulnerabilities
URL: https://usn.ubuntu.com/4133-1/
Priorities: low,medium
Description: It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13619

Title: USN-4134-1: IBus vulnerability
URL: https://usn.ubuntu.com/4134-1/
Priorities: medium
Description: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4115-2: Linux kernel regression
URL: https://usn.ubuntu.com/4115-2
Description: USN 4115-1 introduced a regression in the Linux kernel
CVEs:

Title: USN-4135-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4135-1/
Priorities: high,medium
Description: Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14835
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15031

Title: USN-4132-1: Expat vulnerability
URL: https://usn.ubuntu.com/4132-1/
Priorities: medium
Description: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15903

Title: USN-4129-1: curl vulnerabilities
URL: https://usn.ubuntu.com/4129-1/
Priorities: medium
Description: Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5482

97.156

Release Date: September 09, 2019

BOSH Agent version: 2.117.13 USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

97.151

Available in Pivotal Network

Release Date: August 28, 2019

BOSH Agent version: 2.117.12 USNs:

Title: USN-4110-1: Dovecot vulnerability
URL: https://usn.ubuntu.com/4110-1/
Priorities: high
Description: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11500

Updating golang to versions that fixed CVEs disclosed here: https://github.com/golang/go/issues/33606

For more details, please read: https://kb.cert.org/vuls/id/605641/ which describes all the CVEs that cause the HTTP/2 implementations vulnerable to DDOS. and https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752 which shows a matrix of what http/2 implementations are affected by which vulnerabilities.

Because stemcells are implemented in golang, the vulnerabilities fixed in this patch are: CVE-2019-9512, also known as Ping Flood CVE-2019-9514, also known as Reset Flood

97.145

Available in Pivotal Network

Release Date: August 26, 2019

BOSH Agent version: 2.117.11 Bi-weekly stemcell release

97.143

Available in Pivotal Network

Release Date: August 12, 2019

BOSH Agent version: 2.117.11 Bi-weekly stemcell bump

97.135

Available in Pivotal Network

Release Date: July 29, 2019

BOSH Agent version: 2.117.11 Bi-weekly update

97.134

Available in Pivotal Network

Release Date: July 15, 2019

Bi-weekly stemcell Bump

97.132

Available in Pivotal Network

Release Date: July 03, 2019

Bi-weekly Agent Bump (July 3rd)

97.122

Available in Pivotal Network

Release Date: June 24, 2019

BOSH Agent version: bump bosh-agent to send log sha when fetching USNs: https://usn.ubuntu.com/3977-3/

97.113

Available in Pivotal Network

Release Date: June 17, 2019

CVE fixes for https://usn.ubuntu.com/4017-1/

97.74

Available in Pivotal Network

Release Date: April 08, 2019

Periodic stemcell bump (Apr 8, 2019)

97.71

Available in Pivotal Network

Release Date: March 25, 2019

Periodic stemcell bump (Mar 26, 2019)

97.67

Available in Pivotal Network

Release Date: March 15, 2019

Periodic stemcell bump (Mar 22, 2019)

97.66

Available in Pivotal Network

Release Date: March 11, 2019

Periodic stemcell bump (Mar 15, 2019)

97.65

Available in Pivotal Network

Release Date: February 25, 2019

Periodic stemcell bump (Mar 06, 2019)

97.57

Available in Pivotal Network

Release Date: February 12, 2019

Periodic Ubuntu Xenial stemcell bump (Feb 13, 2019)

97.53

Available in Pivotal Network

Release Date: January 28, 2019

Periodic Ubuntu Xenial stemcell bump (Jan 28, 2019)

97.52

Available in Pivotal Network

Release Date: January 23, 2019

Addresses “USN-3866-1: Ghostscript vulnerability”

97.51

Available in Pivotal Network

Release Date: January 22, 2019

Addresses “USN-3863-1: APT vulnerability”

97.49

Release Date: January 15, 2019

Periodic Ubuntu Xenial stemcell bump (Jan 15, 2019)

97.47

Available in Pivotal Network

Release Date: January 11, 2019

Addresses “USN-3855-1: systemd vulnerabilities”

97.43

Available in Pivotal Network

Release Date: December 20, 2018

Periodic Ubuntu Xenial stemcell bump (Dec 26, 2018)

97.42

Available in Pivotal Network

Release Date: December 17, 2018

Periodic Ubuntu Xenial stemcell bump (Dec 17, 2018)

97.41

Available in Pivotal Network

Release Date: December 11, 2018

  • Google: hostname should always be BOSH Agent ID (#57, #162225262)
  • Unpin rsyslog (was v8.22; backported from 170.x; #162514665)
  • Periodic Ubuntu Xenial updates

97.39

Available in Pivotal Network

Release Date: December 04, 2018

Periodic Ubuntu Xenial stemcell bump (Dec 05, 2018)

97.34

Available in Pivotal Network

Release Date: November 19, 2018

Periodic Ubuntu Xenial stemcell bump (Nov 19, 2018)

97.33

Available in Pivotal Network

Release Date: November 15, 2018

Includes updates to address:

97.32

Available in Pivotal Network

Release Date: November 05, 2018

Periodic Ubuntu Xenial stemcell bump (Nov 08, 2018)

This stemcell addresses a bug introduced in the 97.31 release. The bug impacts AWS light stemcell users only.

97.31

Available in Pivotal Network

Release Date: November 05, 2018

Do not use - this release has a bug that impacts the light stemcells Periodic Ubuntu Xenial stemcell bump (Nov 05, 2018)

97.22

Release Date: October 04, 2018

Addresses “USN-3777-2: Linux kernel (HWE) vulnerabilities” (Oct 04, 2018)

97.19

Available in Pivotal Network

Release Date: October 02, 2018

(Oct 02, 2018)

97.18

Available in Pivotal Network

Release Date: September 24, 2018

Periodic Ubuntu Xenial stemcell bump (Sep 25, 2018)

97.17

Available in Pivotal Network

Release Date: September 18, 2018

Fixes mounting persistent disk issue with bosh-agent. (Sep 19, 2018)

97.16

Available in Pivotal Network

Release Date: September 10, 2018

Periodic Ubuntu Xenial stemcell bump (Sep 11, 2018)

97.15

Available in Pivotal Network

Release Date: August 27, 2018

Bump Ubuntu Xenial stemcells for “USN-3756-1: Intel Microcode vulnerabilities”

97.12

Available in Pivotal Network

Release Date: August 14, 2018

Bump Ubuntu Xenial stemcells for “USN-3740-2: Linux kernel (HWE) vulnerabilities”

97.10

Release Date: August 13, 2018

Periodic Ubuntu Xenial stemcell bump (Aug 14, 2018)

97.5

Release Date: August 08, 2018

Bump Ubuntu Xenial stemcells for “USN-3732-2: Linux kernel (HWE) vulnerability”

97.3

Release Date: July 30, 2018

Periodic Ubuntu Xenial stemcell bump (July 31, 2018)

87.x

This section includes release notes for the 87 line of Linux stemcells used with Ops Manager.

87.4

Release Date: July 16, 2018

Periodic Ubuntu Xenial stemcell bump (July 16, 2018)

87.3

Release Date: July 11, 2018

Periodic Ubuntu Xenial stemcell bump (July 12, 2018)

87

Release Date: July 02, 2018

Periodic Ubuntu Xenial stemcell bump (July 2, 2018)

81.x

This section includes release notes for the 81 line of Linux stemcells used with Ops Manager.

81

Release Date: June 19, 2018

  • Periodic Ubuntu Xenial stemcell bump (June 18, 2018)

60.x

This section includes release notes for the 60 line of Linux stemcells used with Ops Manager.

60

Release Date: June 04, 2018

  • Periodic Ubuntu Xenial stemcell bump (June 4, 2018)

50.x

This section includes release notes for the 50 line of Linux stemcells used with Ops Manager.

50

Release Date: May 23, 2018

  • Light stemcells are available

40.x

This section includes release notes for the 40 line of Linux stemcells used with Ops Manager.

40

Release Date: May 22, 2018

  • First release of Ubuntu Xenial stemcells
  • Notable differences from Ubuntu Trusty
    • Includes systemd instead of upstart
    • Includes 4.15 Linux Kernel instead of 4.4
    • Uses chronyd to sync time (runs as a daemon) instead of ntpdate
    • Does not include NFS utils by default

Warning: Do not downgrade instances from Ubuntu Xenial to Ubuntu Trusty stemcells as it may corrupt persistent disk content since Trusty stemcells may decide to use sfdisk partitioner instead of parted partitioner selected by Xenial stemcells.

7.x

This section includes release notes for the 7 line of Linux stemcells used with Ops Manager.

7

Release Date: December 09, 2019

BOSH Agent version: 2.187.0

7

Release Date: November 25, 2019

BOSH Agent version: 2.187.0

7

Release Date: November 11, 2019

BOSH Agent version: 2.187.0

7

Release Date: October 28, 2019

BOSH Agent version: 2.187.0

Addresses CVE-2019-17596

7

Release Date: October 24, 2019

BOSH Agent version: 2.187.0

7

Release Date: October 21, 2019

BOSH Agent version: 2.187.0

7

Release Date: October 07, 2019

BOSH Agent version: 2.187.0

7

Release Date: September 24, 2019

BOSH Agent version: 2.187.0

Centos bumped from 7.6 to 7.7

7

Release Date: September 09, 2019

BOSH Agent version: 2.187.0 USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

7

Release Date: August 12, 2019

BOSH Agent version: 2.187.0 Bi-weekly stemcell bump

7

Release Date: July 29, 2019

BOSH Agent version: 2.187.0 Bi-weekly update

7

Release Date: July 15, 2019

BOSH Agent version: 2.187.0

7

Release Date: July 01, 2019

BOSH Agent version: 2.187.0 Bi-weekly Agent Bump

7

Release Date: June 03, 2019

Periodic stemcell bump (Jun 4, 2019)

7

Release Date: April 08, 2019

Periodic stemcell bump (Apr 8, 2019)

7

Release Date: February 14, 2019

Periodic CentOS 7 stemcell bump (Feb 14, 2019)

7

Release Date: January 28, 2019

Periodic CentOS 7 stemcell bump (Jan 28, 2019)

7

Release Date: January 16, 2019

Periodic CentOS 7 stemcell bump (Jan 17, 2019)

Trusty Stemcells

The following sections describe each Trusty stemcell release.

3763.x

This section includes release notes for the 3763 line of Linux stemcells used with Ops Manager.

3763.14

Release Date: March 11, 2019

Periodic stemcell bump (Mar 14, 2019)

3763.13

Release Date: February 25, 2019

Periodic stemcell bump (Mar 08, 2019)

3586.x

This section includes release notes for the 3586 line of Linux stemcells used with Ops Manager.

3586.93

Release Date: March 25, 2019

Periodic stemcell bump (Mar 26, 2019)

3586.91

Release Date: March 12, 2019

Periodic stemcell bump (Mar 15, 2019)

3586.86

Release Date: February 25, 2019

Periodic stemcell bump (Mar 06, 2019)

3586.79

Release Date: February 12, 2019

Periodic Ubuntu Trusty stemcell bump (Feb 14, 2019)

3586.71

Release Date: January 28, 2019

Periodic Ubuntu Trusty stemcell bump (Jan 28, 2019)

3586.70

Release Date: January 23, 2019

Addresses “USN-3866-1: Ghostscript vulnerability” and “USN-3863-1: APT vulnerability”

3586.67

Release Date: January 14, 2019

Periodic Ubuntu Trusty stemcell bump (Jan 15, 2019)

3586.65

Release Date: December 21, 2018

Periodic Ubuntu Trusty stemcell bump (Dec 21, 2018)

3586.63

Release Date: December 19, 2018

Periodic Ubuntu Trusty stemcell bump (Dec 19, 2018)

3586.60

Release Date: December 03, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Dec 05, 2018)

3586.57

Release Date: November 19, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Nov 19, 2018)

3586.56

Release Date: November 15, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Nov 15, 2018)

3586.54

Release Date: November 05, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Nov 05, 2018)

3586.52

Release Date: October 22, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Oct 23, 2018)

3586.48

Release Date: October 08, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Oct 11, 2018)

3586.46

Release Date: October 02, 2018

Addresses “USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities” (Oct 02, 2018)

3586.43

Release Date: September 24, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Sep 25, 2018)

3586.42

Release Date: September 10, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Sep 11, 2018)

3586.40

Release Date: August 27, 2018

Bump Ubuntu Trusty stemcells for “USN-3756-1: Intel Microcode vulnerabilities”

Known Issue

  • On GCP, writing moderate amounts of data to a persistent disk and then migrating the disk will fail with: Error: Timed out sending 'update_settings'. See #159511884

3586.36

Release Date: August 14, 2018

Bump Ubuntu Trusty stemcells for “USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities”

3586.35

Release Date: August 13, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Aug 14, 2018)

3586.27

Release Date: July 30, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (July 31, 2018)

3586.26

Release Date: July 16, 2018

Periodic Ubuntu Trusty stemcell bump (July 16, 2018)

3586.25

Release Date: July 02, 2018

  • Periodic Ubuntu Trusty stemcell bump (July 2, 2018)

3586.24

Release Date: June 18, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 18, 2018)

3586.23

Release Date: June 13, 2018

  • We are continuing to investigate GCP stemcell compatibility issue from earlier version, but we did roll back BOSH Agent to an earlier version that seems to not trigger this problem
    • Note: This build does not include fixes to recently published CVE-2018-3665

3586.18

Release Date: June 04, 2018

WARNING: We are currently investigating unresponsive agent issues when using the Google Cloud Platform version of this stemcell. In the meantime, please use 3586.16 when deploying to GCP.

  • Periodic Ubuntu Trusty stemcell bump (June 4, 2018)

3586.16

Release Date: May 24, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities”

TLS for Internal Blobstore Supported

For Ops Manager v2.2 to v2.7, you can enable TLS for your internal blobstore. Make sure you configured all tiles with a stemcell v3586 or later before enabling TLS for your internal blobstore.

For more information, see TLS for Internal Blobstore Supported in the Ops Manager release notes.

3586.8

Release Date: May 21, 2018

  • Periodic Ubuntu Trusty stemcell bump (May 21, 2018)

3586.7

Release Date: May 09, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3641-1: Linux kernel vulnerabilities”

3586.5

Release Date: May 08, 2018

  • Bump s3cli to include AliCloud support
  • Bump bosh-agent
    • Support network aliases (used by Softlayer CPI)
    • Support static routes for networks (used by Softlayer CPI)
    • Support iSCSI for persistent disks (used by Softlayer CPI)
    • Use parted when GPT partitions are detected
    • Refactor retryable strategy usages

3541.x

This section includes release notes for the 3541 line of Linux stemcells used with Ops Manager.

3541.65

Release Date: December 07, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Dec 07, 2018)

3541.64

Release Date: December 03, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Dec 05, 2018)

3541.61

Release Date: November 19, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Nov 19, 2018)

3541.60

Release Date: November 15, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Nov 15, 2018)

3541.57

Release Date: October 22, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Oct 23, 2018)

3541.54

Release Date: October 08, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Oct 11, 2018)

3541.52

Release Date: October 02, 2018

Addresses “USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities” (Oct 02, 2018)

3541.49

Release Date: September 24, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Sep 25, 2018)

3541.48

Release Date: September 10, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Sep 11, 2018)

3541.46

Release Date: August 27, 2018

Bump Ubuntu Trusty stemcells for “USN-3756-1: Intel Microcode vulnerabilities”

3541.44

Release Date: August 14, 2018

Bump Ubuntu Trusty stemcells for “USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities”

3541.43

Release Date: August 13, 2018

Periodic Ubuntu Trusty/CentOS stemcell bump (Aug 14, 2018)

3541.37

Release Date: July 30, 2018

Periodic Ubuntu Trusty stemcell bump (July 31, 2018)

3541.36

Release Date: July 16, 2018

Periodic Ubuntu Trusty stemcell bump (July 16, 2018)

3541.35

Release Date: July 02, 2018

  • Periodic Ubuntu Trusty stemcell bump (July 2, 2018)

3541.34

Release Date: June 18, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 18, 2018)

3541.31

Release Date: June 04, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 4, 2018)

3541.25

Release Date: May 09, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3641-1: Linux kernel vulnerabilities”

3541.30

Release Date: May 23, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities”

3541.26

Release Date: May 21, 2018

  • Periodic Ubuntu Trusty stemcell bump (May 21, 2018)

3541.24

Release Date: May 07, 2018

  • Ubuntu Trusty stemcells periodic update (May 7, 2018)

3541.12

Release Date: April 06, 2018

  • Bump Ubuntu Trusty stemcells for USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

3541.10

Release Date: March 26, 2018

  • Periodic Ubuntu and CentOS stemcell bump (March 26/27, 2018)

3541.9

Release Date: March 12, 2018

  • Periodic Ubuntu and CentOS stemcell bump (March 12, 2018)

3541.8

Release Date: March 08, 2018

  • Bump bosh-agent to 2.67.1
    • Agent will now respect previously set permissions and owner on sys/run, sys/log and data job directories
    • This should fix stemcell compatibility with Diego/Garden if Agent restarts
    • If you were using 3541.x stemcell for any of your deployments, it’s recommended to update your deployments to this version before updating Director since that would cause Agent restart

3541.5

Release Date: February 22, 2018

  • Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

3541.4

Release Date: February 14, 2018

  • Rolled back custom umask configuration as we found out it was different in some cases (depends on how processes were started)
    • Hardening of /var/vcap/jobs/* is still applied by the agent

3541.2

Release Date: February 08, 2018

  • [breaking] Set default umask to 077 and further harden several /var/vcap/* directories
    • Note that you may have to change your release to adapt to this change
  • [breaking] Renamed /var/vcap/bosh/bin/ntpdate to /var/vcap/bosh/bin/sync-time
  • [breaking] Stop forwarding SSH events to bosh-agent
    • Agent no longer receives and forwards such events to HM. This should remove a lot of noisy generated by releases that expect a lot of SSH sessions (eg Gitlab). This information will continue to be available in logs forwarded to remote destinations (and locally /var/log/auth.log).
  • Fixes env.bosh.swap_size: 0 to work on more clouds (including GCP)

Misc

  • Order stemcell tarballs so that upload-stemcell command can execute faster
  • Generate packages.txt within stemcell tarball that includes list of installed packages (previously known under different name)

3469.x

This section includes release notes for the 3469 line of Linux stemcells used with Ops Manager.

3469.1

Release Date: February 27, 2018

  • Stemcell produced for testing rsyslog bump to the latest version
    • Unless testing rsyslog, use 3468.x or 3541.x stemcell lines

3468.x

This section includes release notes for the 3468 line of Linux stemcells used with Ops Manager.

3468.78

Release Date: October 22, 2018

Periodic Ubuntu Trusty stemcell bump (Oct 23, 2018)

3468.75

Release Date: October 08, 2018

Periodic Ubuntu Trusty stemcell bump (Oct 11, 2018)

3468.73

Release Date: October 02, 2018

Addresses “USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities” (Oct 02, 2018)

3468.71

Release Date: September 24, 2018

Periodic Ubuntu Trusty stemcell bump (Sep 25, 2018)

3468.69

Release Date: September 10, 2018

Periodic Ubuntu Trusty stemcell bump (Sep 11, 2018)

3468.67

Release Date: August 27, 2018

Bump Ubuntu Trusty stemcells for “USN-3756-1: Intel Microcode vulnerabilities”

3468.64

Release Date: August 14, 2018

Bump Ubuntu Trusty stemcells for “USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities”

3468.63

Release Date: August 13, 2018

Periodic Ubuntu Trusty stemcell bump (Aug 14, 2018)

3468.55

Release Date: July 30, 2018

Periodic Ubuntu Trusty stemcell bump (July 31, 2018)

3468.54

Release Date: July 16, 2018

Periodic Ubuntu Trusty stemcell bump (July 16, 2018)

3468.53

Release Date: July 02, 2018

  • Periodic Ubuntu Trusty stemcell bump (July 2, 2018)

3468.51

Release Date: June 18, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 18, 2018)

3468.47

Release Date: June 04, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 4, 2018)

3468.42

Release Date: May 09, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3641-1: Linux kernel vulnerabilities”

3468.46

Release Date: May 23, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities”

3468.44

Release Date: May 21, 2018

  • Periodic Ubuntu Trusty stemcell bump (May 21, 2018)

3468.41

Release Date: May 07, 2018

  • Ubuntu Trusty stemcells periodic update (May 7, 2018)

3468.30

Release Date: April 06, 2018

  • Bump Ubuntu Trusty stemcells for USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

3468.28

Release Date: March 26, 2018

  • Periodic Ubuntu and CentOS stemcell bump (March 26/27, 2018)

3468.27

Release Date: March 12, 2018

  • Periodic Ubuntu and CentOS stemcell bump (March 12, 2018)

3468.26

Release Date: March 01, 2018

  • Includes updated ixgbevf 4.3.4

3468.25

Release Date: February 22, 2018

  • Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

3468.22

Release Date: February 05, 2018

  • [Feb 5] Periodic stemcell bump

3468.21

Release Date: January 23, 2018

  • No functional change from 3468.20, except version number

3468.20

Release Date: January 23, 2018

3468.19

Release Date: January 17, 2018

  • Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities

3468.17

Release Date: January 10, 2018

3468.16

Release Date: January 10, 2018

3468.15

Release Date: December 15, 2017

  • Bump Ubuntu Trusty stemcells for USN-3509-4: Linux kernel (Xenial HWE) regression

3468.13

Release Date: December 08, 2017

  • Bump Ubuntu Trusty stemcell USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

3468.12

Release Date: December 06, 2017

  • Bump Ubuntu Trusty stemcells for USN-3505-1: Linux firmware vulnerabilities

3468.11

Release Date: November 21, 2017

  • Periodic Ubuntu stemcells update
  • Includes Agent changes to support IPv6 on vSphere (manual networking)

3468.5

Release Date: October 26, 2017

  • Configure /tmp to have sticky bit set

3468.1

Release Date: October 23, 2017

  • Periodic stemcell bump

3468

Release Date: October 05, 2017

  • Removed password authentication for Warden stemcells
  • Various minor tweaks that were already backported to older lines

Upcoming features on this stemcell line:

  • IPv6 support for vSphere

3445.x

This section includes release notes for the 3445 line of Linux stemcells used with Ops Manager.

3445.76

Release Date: October 22, 2018

Periodic Ubuntu Trusty stemcell bump (Oct 23, 2018)

3445.73

Release Date: October 08, 2018

Periodic Ubuntu Trusty stemcell bump (Oct 11, 2018)

3445.71

Release Date: October 02, 2018

Addresses “USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities” (Oct 02, 2018)

3445.68

Release Date: September 24, 2018

Periodic Ubuntu Trusty stemcell bump (Sep 25, 2018)

3445.67

Release Date: September 10, 2018

Periodic Ubuntu Trusty stemcell bump (Sep 10, 2018)

3445.66

Release Date: August 27, 2018

Bump Ubuntu Trusty stemcells for “USN-3756-1: Intel Microcode vulnerabilities”

3445.64

Release Date: August 14, 2018

Bump Ubuntu Trusty stemcells for “USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities”

3445.63

Release Date: August 13, 2018

Periodic Ubuntu Trusty stemcell bump (Aug 14, 2018)

3445.55

Release Date: July 30, 2018

Periodic Ubuntu Trusty stemcell bump (July 31, 2018)

3445.54

Release Date: July 16, 2018

Periodic Ubuntu Trusty stemcell bump (July 16, 2018)

3445.53

Release Date: July 02, 2018

  • Periodic Ubuntu Trusty stemcell bump (July 2, 2018)

3445.51

Release Date: June 18, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 18, 2018)

3445.49

Release Date: June 04, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 4, 2018)

3445.48

Release Date: May 23, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities”

3445.42

Release Date: May 01, 2018

  • Ubuntu Trusty stemcells periodic update (Apr 30, 2018)

3445.46

Release Date: May 21, 2018

  • Periodic Ubuntu Trusty stemcell bump (May 21, 2018)

3445.45

Release Date: May 09, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3641-1: Linux kernel vulnerabilities”

3445.44

Release Date: May 07, 2018

  • Ubuntu Trusty stemcells periodic update (May 7, 2018)

3445.32

Release Date: April 06, 2018

  • Bump Ubuntu Trusty stemcells for USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

3445.30

Release Date: March 26, 2018

  • Periodic Ubuntu Trusty stemcell bump (March 26/27, 2018)

3445.29

Release Date: March 12, 2018

  • Periodic Ubuntu Trusty stemcell bump (March 12, 2018)

3445.28

Release Date: February 22, 2018

  • Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

3445.25

Release Date: February 05, 2018

  • [Feb 5] Periodic stemcell bump

3445.24

Release Date: January 23, 2018

3445.23

Release Date: January 17, 2018

  • Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities

3445.22

Release Date: January 10, 2018

3445.21

Release Date: January 10, 2018

3445.19

Release Date: December 08, 2017

  • Bump Ubuntu Trusty stemcell USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

3445.18

Release Date: December 06, 2017

  • Bump Ubuntu Trusty stemcells for USN-3505-1: Linux firmware vulnerabilities

3445.17

Release Date: November 21, 2017

  • Periodic Ubuntu stemcells update

3445.11

Release Date: September 19, 2017

  • Bump Ubuntu stemcells for USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities

3445.7

Release Date: August 30, 2017

  • Logrotate /var/log/wtmp and utmp more aggressively
  • Updated BOSH agent to include aggressive 5 minute timeout on NATS connection failure
  • Set auditd rules to be mutable by default
    • Please use auditd job from os-conf-release to make rules immutable

3445.2

Release Date: August 16, 2017

3445

Release Date: August 11, 2017

3431.x

This section includes release notes for the 3431 line of Linux stemcells used with Ops Manager.

3431.13

Release Date: August 03, 2017

  • Bump version (no change)

3431.11

Release Date: August 03, 2017

3431.10

Release Date: July 31, 2017

  • Periodic Ubuntu stemcells update

3422.x

This section includes release notes for the 3422 line of Linux stemcells used with Ops Manager.

3422.7

Release Date: November 22, 2017

  • Test stemcell for umask changes (based on 3468.x stemcell line)

3421.x

This section includes release notes for the 3421 line of Linux stemcells used with Ops Manager.

3421.88

Release Date: October 08, 2018

Periodic Ubuntu Trusty stemcell bump (Oct 11, 2018)

3421.86

Release Date: October 02, 2018

Addresses “USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities” (Oct 02, 2018)

3421.83

Release Date: September 24, 2018

Periodic Ubuntu Trusty stemcell bump (Sep 25, 2018)

3421.82

Release Date: September 10, 2018

Periodic Ubuntu Trusty stemcell bump (Sep 10, 2018)

3421.81

Release Date: August 27, 2018

Bump Ubuntu Trusty stemcells for “USN-3756-1: Intel Microcode vulnerabilities”

3421.79

Release Date: August 14, 2018

Bump Ubuntu Trusty stemcells for “USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities”

3421.78

Release Date: August 13, 2018

Periodic Ubuntu Trusty stemcell bump (Aug 14, 2018)

3421.70

Release Date: July 30, 2018

Periodic Ubuntu Trusty stemcell bump (July 31, 2018)

3421.69

Release Date: July 16, 2018

Periodic Ubuntu Trusty stemcell bump (July 16, 2018)

3421.68

Release Date: July 02, 2018

  • Periodic Ubuntu Trusty stemcell bump (July 2, 2018)

3421.66

Release Date: June 18, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 18, 2018)

3421.64

Release Date: June 04, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 4, 2018)

3421.63

Release Date: May 23, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities”

3421.56

Release Date: May 01, 2018

  • Ubuntu Trusty stemcells periodic update (Apr 30, 2018)

3421.60

Release Date: May 21, 2018

  • Periodic Ubuntu Trusty stemcell bump (May 21, 2018)

3421.59

Release Date: May 09, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3641-1: Linux kernel vulnerabilities”

3421.58

Release Date: May 07, 2018

  • Ubuntu Trusty stemcells periodic update (May 7, 2018)

3421.46

Release Date: April 06, 2018

  • Bump Ubuntu Trusty stemcells for USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

3421.44

Release Date: March 26, 2018

  • Periodic Ubuntu Trusty stemcell bump (March 26/27, 2018)

3421.43

Release Date: March 12, 2018

  • Periodic Ubuntu Trusty stemcell bump (March 12, 2018)

3421.42

Release Date: February 22, 2018

  • Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

3421.39

Release Date: February 05, 2018

  • [Feb 5] Periodic stemcell bump

3421.38

Release Date: January 23, 2018

3421.37

Release Date: January 17, 2018

  • Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities

3421.36

Release Date: January 10, 2018

3421.35

Release Date: January 10, 2018

3421.34

Release Date: December 08, 2017

  • Bump Ubuntu Trusty stemcell USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

3421.33

Release Date: December 06, 2017

  • Bump Ubuntu Trusty stemcells for USN-3505-1: Linux firmware vulnerabilities

3421.32

Release Date: November 21, 2017

  • Periodic Ubuntu stemcells update

3421.20

Release Date: August 16, 2017

3421.19

Release Date: August 11, 2017

3421.18

Release Date: August 03, 2017

3421.11

Release Date: June 29, 2017

  • Bump Ubuntu stemcells for USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities

3421.9

Release Date: June 21, 2017

  • Bump Ubuntu stemcells for USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities

3421.6

Release Date: June 09, 2017

  • Bump Ubuntu stemcells for USN-3312-2 - Linux kernel vulnerabilities

3421.4

Release Date: June 01, 2017

  • Bump CentOS stemcells for CESA-2017:1382 - sudo vulnerability

3421.3

Release Date: May 30, 2017

  • Bump Ubuntu stemcells for USN-3304-1: Sudo vulnerability

3421

Release Date: May 22, 2017

New:

  • Added env.bosh.remove_static_libraries (bool) to remove static libraries
    • Useful to enable this option when exporting compiled releases
  • Added env.bosh.ipv6.enable (bool) to remove ipv6.disable kernel functionality at bootup time

Fixes:

  • Fixed sysstat logging
  • Fixed anacron’s RANDOM_DELAY configuration

Bumps:

  • Bumped s3cli v0.0.60
    • Updated aws-sdk-go to solve network timeout edge case
  • Bumped davcli v0.0.19
    • Use TCP keep alive to solve network timeout edge case
  • Bumped bosh-agent v0.0.35
    • Add -v to the Agent binary
    • Prepared sync_dns action to work with future Director’s DNS integration

3363.x

This section includes release notes for the 3363 line of Linux stemcells used with Ops Manager.

3363.65

Release Date: June 18, 2018

  • Periodic Ubuntu Trusty stemcell bump (July 18, 2018)

3363.64

Release Date: June 04, 2018

  • Periodic Ubuntu Trusty stemcell bump (June 4, 2018)

3363.63

Release Date: May 23, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities”

3363.62

Release Date: May 21, 2018

  • Periodic Ubuntu Trusty stemcell bump (May 21, 2018)

3363.61

Release Date: May 09, 2018

  • Bump Ubuntu Trusty stemcells for “USN-3641-1: Linux kernel vulnerabilities”

3363.60

Release Date: May 07, 2018

  • Ubuntu Trusty stemcells periodic update (May 7, 2018)

3363.53

Release Date: April 06, 2018

  • Bump Ubuntu Trusty stemcells for USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

3363.52

Release Date: March 26, 2018

  • Periodic Ubuntu Trusty stemcell bump (March 26/27, 2018)

3363.51

Release Date: March 12, 2018

  • Periodic Ubuntu Trusty stemcell bump (March 12, 2018)

3363.50

Release Date: February 22, 2018

  • Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

3363.49

Release Date: February 05, 2018

  • [Feb 5] Periodic stemcell bump

3363.48

Release Date: January 23, 2018

3363.47

Release Date: January 17, 2018

  • Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities

3363.46

Release Date: January 10, 2018

3363.45

Release Date: January 10, 2018

3363.44

Release Date: December 08, 2017

  • Bump Ubuntu Trusty stemcell USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

3363.43

Release Date: December 06, 2017

  • Bump Ubuntu Trusty stemcells for USN-3505-1: Linux firmware vulnerabilities

3363.42

Release Date: November 21, 2017

  • Periodic Ubuntu stemcells update

3363.24

Release Date: May 17, 2017

  • Periodic Ubuntu stemcells update

3363.22

Release Date: May 11, 2017

  • Periodic Ubuntu stemcells update
  • Run cron in BOSH Lite stemcells so that logrotation is performed

3363.20

Release Date: April 25, 2017

  • Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities

3363.19

Release Date: April 17, 2017

  • Periodic bump for CentOS stemcells to include CESA-2017:0933
  • Disable IPv6 through /proc/cmdline to eliminate possibilty of listening on tcp6/udp6

3363.15

Release Date: April 05, 2017

  • Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability

Misc:

  • Made AWS AMI backing snapshot public to support encryption of boot disks

3363.14

Release Date: March 30, 2017

  • Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability

3363.10

Release Date: March 08, 2017

  • Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability

3363.9

Release Date: February 22, 2017

Changes: - Bumps Ubuntu stemcells for USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities - Fixes excessive “out of memory” errors in kernel
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1655842 - Fixes regression to rsyslog by locking it down again to rsyslog 8.22.0

Agent: - Fixes Azure stemcell persistent disk formatting - Fixes Warden stemcells SSH access

3363.1

Release Date: February 15, 2017

Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - rsyslog version updated to 8.24.0, regressing on issue #1537 - Out of memory errors still exists in Kernel 4.4.0.62 - will be fixed around Feb 20.

Changes: - Fixes double -hvm- suffix problem for AWS Light stemcells

3363

Release Date: February 15, 2017

Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - Out of memory errors still exists in Kernel 4.4.0.62 - will be fixed around Feb 20. - rsyslog version updated to 8.24.0, regressing on issue #1537 - AWS Light stemcell has incorrect name once imported - BOSH SSH does not work on BOSH Lite

Changes: - Add more auditd rules - Fix CentOS initramfs to load necessary kernel modules - Disable boot loader login - Increasing tcp_max_sync_backlog - Disabling any DSA host keys - Add bosh_sshers group and assign it to vcap user - Only allow users in bosh_sshers group to SSH

Agent: - Log Agent API access events in CEF format to syslog (vcap.agent topic) - Allow configuring swap size through env.bosh.swap_size (example: env.bosh.swap_size: 0) - Prepare for SHA2 releases - Allow setting fetching to work with base64 encoded user data - Do not delaycompress in logrotate

3312.x

This section includes release notes for the 3312 line of Linux stemcells used with Ops Manager.

3312.51

Release Date: January 23, 2018

3312.50

Release Date: January 10, 2018

3312.49

Release Date: January 09, 2018

3312.48

Release Date: December 08, 2017

  • Bump Ubuntu Trusty stemcell USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

3312.47

Release Date: December 06, 2017

  • Bump Ubuntu Trusty stemcells for USN-3505-1: Linux firmware vulnerabilities

3312.46

Release Date: November 21, 2017

  • Periodic Ubuntu stemcells update

3312.17

Release Date: January 31, 2017

Reported Problems: - Memory leak bug in Kernel 4.4.0-59

Changes: - Periodic stemcell update

3312.15

Release Date: January 12, 2017

Reported Problems: - Memory leak bug in Kernel 4.4.0-59

Changes: - Periodic stemcell update

3312.12

Release Date: December 20, 2016

3312.9

Release Date: December 15, 2016

3312.8

Release Date: December 14, 2016

  • Bumps Ubuntu stemcells for USN-3156-1: APT vulnerability

3312.7

Release Date: December 06, 2016

3312.6

Release Date: December 02, 2016

  • Periodic stemcell update

3312.3

Release Date: November 30, 2016

  • Periodic stemcell update
    • Includes USN-3134-1 as requested by a community member

3312

Release Date: November 16, 2016

  • Properly includes libpam_cracklib.so to avoid errors in /var/log/auth.log

3309.x

This section includes release notes for the 3309 line of Linux stemcells used with Ops Manager.

3309

Release Date: November 10, 2016

  • Fixes persistent disk mounting on OpenStack described in Stemcell 3308

3308.x

This section includes release notes for the 3308 line of Linux stemcells used with Ops Manager.

3308

Release Date: November 09, 2016

Reported Problems: - On OpenStack: Mounting persistent disks not working when using config-drive: disk while nova is configured to use a cdrom config-drive due to https://github.com/cloudfoundry/bosh/issues/1503

Fixes: - Fixes SSH key installation issue introduced in Stemcell 3306

3306.x

This section includes release notes for the 3306 line of Linux stemcells used with Ops Manager.

3306

Release Date: November 08, 2016

Reported Problems - bosh-init doesn’t work with this stemcell on OpenStack and AWS due to https://github.com/cloudfoundry/bosh/issues/1500 - Booting the stemcell image directly in you IaaS (without using BOSH/bosh-init) does no longer provision the ssh key for user vcap, so you need to login differently

Changes - Agent will now wait for monit to complete stop all processes before carrying on - Added google stemcells - Default dmesg_restrict to 1 - Disable all IPv6 configurations - Reenabled UDF kernel module for Azure - Increase root_maxkeys and maxkeys kernel configurations - Changed default hostname to bosh-stemcell instead of localhost to avoid boot problems on GCP - Lower TCP keepalive configuration by default - Mount /var/log directory to /var/vcap/data/root_log - Restrict Access to the su command - Add pam_cracklib requirements to common-password and password-auth - Enable auditing for processes that start prior to auditd - Set log rotation interval to 15 min in stemcell - Made ownership & permissions for /etc/cron* files more restrictive - Customize shell prompt to show instance name and ID - Removed floppy drives from vSphere stemcells - Removed bosh micro assets hence making bosh micro unsupported

Misc: - Stemcells are now built through Concourse via https://main.bosh-ci.cf-app.com/teams/main/pipelines/bosh:stemcells

3263.x

This section includes release notes for the 3263 line of Linux stemcells used with Ops Manager.

3263.10

Release Date: November 03, 2016

  • Updates CentOS kernel to the latest version for “Dirty COW”
    • Ubuntu stemcells were updated in previous versions at the time of Ubuntu USN updates
  • Includes fix to the bosh-agent to better support 1TB+ disk partitioning

3263.8

Release Date: October 21, 2016

  • Bump Ubuntu stemcells for USN-3106-2: Linux kernel (Xenial HWE) vulnerability
  • Includes a fix to the bosh-agent to work more reliably with 2TB+ persistent disks

3263.7

Release Date: October 12, 2016

  • Bump Ubuntu stemcells for USN-3099-2: Linux kernel (Xenial HWE) vulnerabilities

3263.5

Release Date: September 30, 2016

  • Periodic bump
  • Delay start of rsyslogd using systemd on CentOS

3263.4

Release Date: September 28, 2016

  • google-kvm: improve the google-* daemon configurations
    • fixes ssh: handshake failed errors on boot

3263.3

Release Date: September 26, 2016

  • Bumps Ubuntu stemcells for USN-3087-2 (OpenSSL regression)

3263

Release Date: September 19, 2016

  • Bumps Ubuntu to Linux kernel to 4.4

Based on 3262 stemcells. Note: OpenStack stemcells series 3263 is broken due to https://github.com/cloudfoundry/bosh-agent/issues/98 and should not be used

3262.x

This section includes release notes for the 3262 line of Linux stemcells used with Ops Manager.

3262.21

Release Date: October 13, 2016

  • Bump Ubuntu stemcells for USN-3099-2: Linux kernel (Xenial HWE) vulnerabilities

3262.19

Release Date: September 28, 2016

  • google-kvm: improve the google-* daemon configurations
    • fixes ssh: handshake failed errors on boot

3262.16

Release Date: September 26, 2016

  • Bumps Ubuntu stemcells for USN-3087-2 (OpenSSL regression)

3262.15

Release Date: September 23, 2016

  • Bumps Ubuntu stemcells for USN-3087-1: OpenSSL vulnerabilities

3233.x

This section includes release notes for the 3233 line of Linux stemcells used with Ops Manager.

3233.1

Release Date: September 27, 2016

  • Bumps Ubuntu stemcells for USN-3087-2 (OpenSSL regression)

USN-3522-2 Addresses Meltdown Vulnerabilities

Meltdown exploits critical vulnerabilities in modern processors. For more information about Meltdown, see the Meltdown and Spectre Attacks blog post. USN-3522-2 addresses the critical vulnerability in Ubuntu associated with Meltdown.

This update may include degradations to performance if your VM’s CPU and memory usage are currently at near-capacity levels. Prior to upgrading to this stemcell, monitor your Ops Manager VM’s current CPU and memory usage and scale those components if necessary. If any of your VMs are currently operating at 60% or above, Pivotal recommends scaling that VM. For more information about the performance impact of Meltdown-related stemcell patches on Ops Manager components and guidance on scaling, see this KB article.

For more information about monitoring and scaling Ops Manager, see the Monitoring Ops Manager VMs from Ops Manager, Key Capacity Scaling Indicators, and Scaling PAS topics. Performance degradation is likely to vary by workload type, IaaS, and other factors. Pivotal recommends testing your deployment thoroughly after upgrading to this stemcell.

3232.x

This section includes release notes for the 3232 line of Linux stemcells used with Ops Manager.

3232.21

Release Date: September 26, 2016

  • Bumps Ubuntu stemcells for USN-3087-2 (OpenSSL regression)