The following updates has been released for Ubuntu Linux:
USN-3729-1: libxcursor vulnerability
USN-3730-1: LXC vulnerability
USN-3731-1: LFTP vulnerability
USN-3731-2: LFTP vulnerability
USN-3732-1: Linux kernel vulnerability
USN-3732-2: Linux kernel (HWE) vulnerability
USN-3729-1: libxcursor vulnerability
USN-3730-1: LXC vulnerability
USN-3731-1: LFTP vulnerability
USN-3731-2: LFTP vulnerability
USN-3732-1: Linux kernel vulnerability
USN-3732-2: Linux kernel (HWE) vulnerability
USN-3729-1: libxcursor vulnerability
==========================================================================
Ubuntu Security Notice USN-3729-1
August 06, 2018
libxcursor vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
libxcursor could be made to crash or run programs if it opened a
specially crafted file.
Software Description:
- libxcursor: X11 cursor management library
Details:
It was discovered that libxcursor incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libxcursor1 1:1.1.14-1ubuntu0.16.04.2
Ubuntu 14.04 LTS:
libxcursor1 1:1.1.14-1ubuntu0.14.04.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3729-1
CVE-2015-9262
Package Information:
https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.14-1ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.14-1ubuntu0.14.04.2
USN-3730-1: LXC vulnerability
==========================================================================
Ubuntu Security Notice USN-3730-1
August 06, 2018
lxc vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
LXC would allow unintended access to files.
Software Description:
- lxc: Linux Containers userspace tools
Details:
Matthias Gerstner discovered that LXC incorrectly handled the lxc-user-nic
utility. A local attacker could possibly use this issue to open arbitrary
files.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
lxc 3.0.1-0ubuntu1~18.04.2
After a standard system update you need to restart LXC containers to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3730-1
CVE-2018-6556
Package Information:
https://launchpad.net/ubuntu/+source/lxc/3.0.1-0ubuntu1~18.04.2
USN-3731-1: LFTP vulnerability
==========================================================================
Ubuntu Security Notice USN-3731-1
August 06, 2018
lftp vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
LFTP could be made to crash if it received specially crafted file.
Software Description:
- lftp: Sophisticated command-line FTP/HTTP/BitTorrent client programs
Details:
It was discovered that LFTP incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
lftp 4.8.1-1ubuntu0.1
Ubuntu 16.04 LTS:
lftp 4.6.3a-1ubuntu0.1
Ubuntu 14.04 LTS:
lftp 4.4.13-1ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3731-1
CVE-2018-10196
Package Information:
https://launchpad.net/ubuntu/+source/lftp/4.8.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/lftp/4.6.3a-1ubuntu0.1
https://launchpad.net/ubuntu/+source/lftp/4.4.13-1ubuntu0.1
USN-3731-2: LFTP vulnerability
==========================================================================
Ubuntu Security Notice USN-3731-2
August 06, 2018
lftp vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
LFTP could be made to crash if it received specially crafted file.
Software Description:
- lftp: Sophisticated command-line FTP/HTTP client programs
Details:
USN-3731-1 fixed a vulnerability in LFTP. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that LFTP incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
lftp 4.3.3-1ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3731-2
https://usn.ubuntu.com/usn/usn-3731-1
CVE-2018-10916
USN-3732-1: Linux kernel vulnerability
=========================================================================
Ubuntu Security Notice USN-3732-1
August 06, 2018
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem,
linux-raspi2 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
The system could be made unavailable if it received specially crafted
network traffic.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oem: Linux kernel for OEM processors
- linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel
performed algorithmically expensive operations in some situations when
handling incoming packets. A remote attacker could use this to cause a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1013-oem 4.15.0-1013.16
linux-image-4.15.0-1015-gcp 4.15.0-1015.15
linux-image-4.15.0-1017-aws 4.15.0-1017.17
linux-image-4.15.0-1017-kvm 4.15.0-1017.17
linux-image-4.15.0-1018-raspi2 4.15.0-1018.19
linux-image-4.15.0-1019-azure 4.15.0-1019.19
linux-image-4.15.0-30-generic 4.15.0-30.32
linux-image-4.15.0-30-generic-lpae 4.15.0-30.32
linux-image-4.15.0-30-lowlatency 4.15.0-30.32
linux-image-4.15.0-30-snapdragon 4.15.0-30.32
linux-image-aws 4.15.0.1017.17
linux-image-azure 4.15.0.1019.19
linux-image-azure-edge 4.15.0.1019.19
linux-image-gcp 4.15.0.1015.17
linux-image-generic 4.15.0.30.32
linux-image-generic-lpae 4.15.0.30.32
linux-image-gke 4.15.0.1015.17
linux-image-kvm 4.15.0.1017.17
linux-image-lowlatency 4.15.0.30.32
linux-image-oem 4.15.0.1013.15
linux-image-raspi2 4.15.0.1018.16
linux-image-snapdragon 4.15.0.30.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3732-1
CVE-2018-5390
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-30.32
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1017.17
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1019.19
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1015.15
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1017.17
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1013.16
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1018.19
USN-3732-2: Linux kernel (HWE) vulnerability
=========================================================================
Ubuntu Security Notice USN-3732-2
August 06, 2018
linux-hwe, linux-azure, linux-gcp vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
The system could be made unavailable if it received specially crafted
network traffic.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel
performed algorithmically expensive operations in some situations when
handling incoming packets. A remote attacker could use this to cause a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.15.0-1015-gcp 4.15.0-1015.15~16.04.1
linux-image-4.15.0-1019-azure 4.15.0-1019.19~16.04.1
linux-image-4.15.0-30-generic 4.15.0-30.32~16.04.1
linux-image-4.15.0-30-generic-lpae 4.15.0-30.32~16.04.1
linux-image-4.15.0-30-lowlatency 4.15.0-30.32~16.04.1
linux-image-azure 4.15.0.1019.25
linux-image-gcp 4.15.0.1015.27
linux-image-generic-hwe-16.04 4.15.0.30.52
linux-image-generic-lpae-hwe-16.04 4.15.0.30.52
linux-image-gke 4.15.0.1015.27
linux-image-lowlatency-hwe-16.04 4.15.0.30.52
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3732-2
https://usn.ubuntu.com/usn/usn-3732-1
CVE-2018-5390
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1019.19~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1015.15~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-30.32~16.04.1