Ubuntu 6578 Published by

The following updates has been released for Ubuntu Linux:

USN-3957-1: MySQL vulnerabilities
USN-3958-1: GStreamer Base Plugins vulnerability
USN-3959-1: Evince vulnerability



USN-3957-1: MySQL vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3957-1
April 29, 2019

mysql-5.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.7: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
a new upstream MySQL version to fix these issues.

Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have
been updated to MySQL 5.7.26.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
mysql-server-5.7 5.7.26-0ubuntu0.19.04.1

Ubuntu 18.10:
mysql-server-5.7 5.7.26-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
mysql-server-5.7 5.7.26-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.26-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3957-1
CVE-2019-2566, CVE-2019-2581, CVE-2019-2592, CVE-2019-2614,
CVE-2019-2627, CVE-2019-2628, CVE-2019-2632, CVE-2019-2683

Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.16.04.1

USN-3958-1: GStreamer Base Plugins vulnerability


==========================================================================
Ubuntu Security Notice USN-3958-1
April 29, 2019

gst-plugins-base0.10, gst-plugins-base1.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

GStreamer Base Plugins could be made to crash or run programs if it
received specially crafted network traffic.

Software Description:
- gst-plugins-base1.0: GStreamer plugins
- gst-plugins-base0.10: GStreamer plugins

Details:

It was discovered that GStreamer Base Plugins did not correctly handle
certain malformed RTSP streams. If a user were tricked into opening a
crafted RTSP stream with a GStreamer application, an attacker could cause a
denial of service via application crash, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
gstreamer1.0-plugins-base 1.14.4-1ubuntu1.1

Ubuntu 18.04 LTS:
gstreamer1.0-plugins-base 1.14.1-1ubuntu1~ubuntu18.04.2

Ubuntu 16.04 LTS:
gstreamer0.10-plugins-base 0.10.36-2ubuntu0.2
gstreamer1.0-plugins-base 1.8.3-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3958-1
CVE-2019-9928

Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.14.4-1ubuntu1.1

https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.14.1-1ubuntu1~ubuntu18.04.2
https://launchpad.net/ubuntu/+source/gst-plugins-base0.10/0.10.36-2ubuntu0.2
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.8.3-1ubuntu0.3

USN-3959-1: Evince vulnerability


==========================================================================
Ubuntu Security Notice USN-3959-1
April 29, 2019

evince vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Evince could be made to expose sensitive information if it received
a specially crafted file.

Software Description:
- evince: Document viewer

Details:

It was discovered that Evince incorrectly handled certain images.
An attacker could possibly use this issue to expose sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
evince 3.32.0-1ubuntu0.1
evince-common 3.32.0-1ubuntu0.1

Ubuntu 18.10:
evince 3.30.1-1ubuntu1.3
evince-common 3.30.1-1ubuntu1.3

Ubuntu 18.04 LTS:
evince 3.28.4-0ubuntu1.1
evince-common 3.28.4-0ubuntu1.1

Ubuntu 16.04 LTS:
evince 3.18.2-1ubuntu4.4
evince-common 3.18.2-1ubuntu4.4

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3959-1
CVE-2019-11459

Package Information:
https://launchpad.net/ubuntu/+source/evince/3.32.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/evince/3.30.1-1ubuntu1.3
https://launchpad.net/ubuntu/+source/evince/3.28.4-0ubuntu1.1
https://launchpad.net/ubuntu/+source/evince/3.18.2-1ubuntu4.4