Ubuntu 6589 Published by

The following updates has been released for Ubuntu Linux:

USN-4049-3: GLib regression
USN-4058-2: Bash vulnerability



USN-4049-3: GLib regression


=========================================================================
Ubuntu Security Notice USN-4049-3
August 05, 2019

glib2.0 regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

USN-4049-1 introduced a regression in GLib.

Software Description:
- glib2.0: GLib Input, Output and Streaming Library (fam module)

Details:

USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression
in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that GLib created directories and files without properly
restricting permissions. An attacker could possibly use this issue to access
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libglib2.0-0 2.48.2-0ubuntu4.4
libglib2.0-bin 2.48.2-0ubuntu4.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4049-3
https://usn.ubuntu.com/4049-1
https://launchpad.net/bugs/1838890

Package Information:
https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.4

USN-4058-2: Bash vulnerability


=========================================================================
Ubuntu Security Notice USN-4058-2
August 05, 2019

bash vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

A system hardening measure could be bypassed.

Software Description:
- bash: GNU Bourne Again SHell

Details:

USN-4058-1 fixed a vulnerability in bash. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Bash incorrectly handled the restricted shell. An
attacker could possibly use this issue to escape restrictions and execute
any command.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
bash 4.3-7ubuntu1.8+esm1

Ubuntu 12.04 ESM:
bash 4.2-2ubuntu2.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4058-2
https://usn.ubuntu.com/4058-1
CVE-2019-9924