The following updates has been released for Ubuntu Linux:

USN-3566-2: PHP vulnerabilities
USN-3992-1: WebKitGTK+ vulnerabilities
USN-3993-1: curl vulnerabilities

USN-3566-2: PHP vulnerabilities

==========================================================================
Ubuntu Security Notice USN-3566-2
May 22, 2019

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

USN-3566-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to access sensitive information.
(CVE-2018-20783)

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to access sensitive information
or possibly cause a crash, resulting in a denial of service. 
(CVE-2019-11036)

Original advisory details:

 It was discovered that PHP incorrectly handled memory when
 unserializing certain data. A remote attacker could use this issue to
 cause PHP to crash, resulting in a denial of service, or possibly
 execute arbitrary code. This issue only affected Ubuntu 12.04 ESM.
 (CVE-2017-12933)

 It was discovered that PHP incorrectly handled locale length. A remote
 attacker could possibly use this issue to cause PHP to crash,
 resulting in a denial of service. This issue only affected Ubuntu
 12.04 ESM. (CVE-2017-11362)

 It was discovered that PHP incorrectly handled certain stream
 metadata. A remote attacker could possibly use this issue to set
 arbitrary metadata. This issue only affected Ubuntu 12.04 ESM.
 (CVE-2016-10712)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libapache2-mod-php 5.5.9+dfsg-1ubuntu4.29+esm2
  php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm2
  php5-cli 5.5.9+dfsg-1ubuntu4.29+esm2
  php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm2

Ubuntu 12.04 ESM:
  libapache2-mod-php5 5.3.10-1ubuntu3.36
  php5-cgi 5.3.10-1ubuntu3.36
  php5-cli 5.3.10-1ubuntu3.36
  php5-fpm 5.3.10-1ubuntu3.36

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3566-2
  https://usn.ubuntu.com/usn/usn-3566-1
  CVE-2016-10712, CVE-2017-11362, CVE-2017-12933, CVE-2018-20783,
  CVE-2019-11036

USN-3992-1: WebKitGTK+ vulnerabilities

==========================================================================
Ubuntu Security Notice USN-3992-1
May 22, 2019

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in WebKitGTK+.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libjavascriptcoregtk-4.0-18 2.24.2-0ubuntu0.19.04.1
libwebkit2gtk-4.0-37 2.24.2-0ubuntu0.19.04.1

Ubuntu 18.10:
libjavascriptcoregtk-4.0-18 2.24.2-0ubuntu0.18.10.1
libwebkit2gtk-4.0-37 2.24.2-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.24.2-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.24.2-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any
applications that use WebKitGTK+, such as Epiphany, to make all the
necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3992-1
CVE-2019-8595, CVE-2019-8607, CVE-2019-8615

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.24.2-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.24.2-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.24.2-0ubuntu0.18.04.1

USN-3993-1: curl vulnerabilities

==========================================================================
Ubuntu Security Notice USN-3993-1
May 22, 2019

curl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Wenchao Li discovered that curl incorrectly handled memory in the
curl_url_set() function. A remote attacker could use this issue to cause
curl to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)

It was discovered that curl incorrectly handled memory when receiving data
from a TFTP server. A remote attacker could use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2019-5436)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
curl 7.64.0-2ubuntu1.1
libcurl3-gnutls 7.64.0-2ubuntu1.1
libcurl3-nss 7.64.0-2ubuntu1.1
libcurl4 7.64.0-2ubuntu1.1

Ubuntu 18.10:
curl 7.61.0-1ubuntu2.4
libcurl3-gnutls 7.61.0-1ubuntu2.4
libcurl3-nss 7.61.0-1ubuntu2.4
libcurl4 7.61.0-1ubuntu2.4

Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.7
libcurl3-gnutls 7.58.0-2ubuntu3.7
libcurl3-nss 7.58.0-2ubuntu3.7
libcurl4 7.58.0-2ubuntu3.7

Ubuntu 16.04 LTS:
curl 7.47.0-1ubuntu2.13
libcurl3 7.47.0-1ubuntu2.13
libcurl3-gnutls 7.47.0-1ubuntu2.13
libcurl3-nss 7.47.0-1ubuntu2.13

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3993-1
CVE-2019-5435, CVE-2019-5436

Package Information:
https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.1
https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.4
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.7
https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13