The following security updates has been released for Ubuntu Linux:
USN-3965-1: aria2 vulnerability
USN-3966-1: GNOME Shell vulnerability
USN-3965-1: aria2 vulnerability
USN-3966-1: GNOME Shell vulnerability
USN-3965-1: aria2 vulnerability
==========================================================================
Ubuntu Security Notice USN-3965-1
May 06, 2019
aria2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
Summary:
aria2 stores authentication information in plain text.
Software Description:
- aria2: High speed command-line download utility
Details:
Dhiraj Mishra discovered that aria2 incorrectly stored authentication
information. A local attacker could possibly use this issue to obtain
credentials.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
aria2 1.34.0-3ubuntu0.1
libaria2-0 1.34.0-3ubuntu0.1
Ubuntu 18.10:
aria2 1.34.0-2ubuntu0.1
libaria2-0 1.34.0-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3965-1
CVE-2019-3500
Package Information:
https://launchpad.net/ubuntu/+source/aria2/1.34.0-3ubuntu0.1
https://launchpad.net/ubuntu/+source/aria2/1.34.0-2ubuntu0.1
USN-3966-1: GNOME Shell vulnerability
==========================================================================
Ubuntu Security Notice USN-3966-1
May 06, 2019
gnome-shell vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
Summary:
GNOME Shell could be made to execute keyboard shortcuts and other
actions while the workstation was locked.
Software Description:
- gnome-shell: graphical shell for the GNOME desktop
Details:
It was discovered that the GNOME Shell incorrectly handled certain
keyboard inputs. An attacker could possibly use this issue to invoke
keyboard shortcuts, and potentially other actions while the workstation
was locked.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
gnome-shell 3.30.2-0ubuntu1.18.10.2
Ubuntu 18.04 LTS:
gnome-shell 3.28.3+git20190124-0ubuntu18.04.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3966-1
CVE-2019-3820
Package Information:
https://launchpad.net/ubuntu/+source/gnome-shell/3.30.2-0ubuntu1.18.10.2
https://launchpad.net/ubuntu/+source/gnome-shell/3.28.3+git20190124-0ubuntu18.04.2
