Ubuntu 6589 Published by

The following security updates has been released for Ubuntu Linux:

USN-3965-1: aria2 vulnerability
USN-3966-1: GNOME Shell vulnerability



USN-3965-1: aria2 vulnerability

==========================================================================
Ubuntu Security Notice USN-3965-1
May 06, 2019

aria2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10

Summary:

aria2 stores authentication information in plain text.

Software Description:
- aria2: High speed command-line download utility

Details:

Dhiraj Mishra discovered that aria2 incorrectly stored authentication
information. A local attacker could possibly use this issue to obtain
credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
aria2 1.34.0-3ubuntu0.1
libaria2-0 1.34.0-3ubuntu0.1

Ubuntu 18.10:
aria2 1.34.0-2ubuntu0.1
libaria2-0 1.34.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3965-1
CVE-2019-3500

Package Information:
https://launchpad.net/ubuntu/+source/aria2/1.34.0-3ubuntu0.1
https://launchpad.net/ubuntu/+source/aria2/1.34.0-2ubuntu0.1

USN-3966-1: GNOME Shell vulnerability


==========================================================================
Ubuntu Security Notice USN-3966-1
May 06, 2019

gnome-shell vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS

Summary:

GNOME Shell could be made to execute keyboard shortcuts and other
actions while the workstation was locked.

Software Description:
- gnome-shell: graphical shell for the GNOME desktop

Details:

It was discovered that the GNOME Shell incorrectly handled certain
keyboard inputs. An attacker could possibly use this issue to invoke
keyboard shortcuts, and potentially other actions while the workstation
was locked.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  gnome-shell 3.30.2-0ubuntu1.18.10.2

Ubuntu 18.04 LTS:
  gnome-shell 3.28.3+git20190124-0ubuntu18.04.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3966-1
  CVE-2019-3820

Package Information:
  https://launchpad.net/ubuntu/+source/gnome-shell/3.30.2-0ubuntu1.18.10.2
  https://launchpad.net/ubuntu/+source/gnome-shell/3.28.3+git20190124-0ubuntu18.04.2