1.286.0

No changes.

1.285.0

Notably, this release addresses:

USN-3957-2 USN-3957-2: MariaDB vulnerabilities:

• CVE-2019-2614: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:Server: Replication). Supported versions that are affected are 5.6.43 andprior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploitvulnerability allows high privileged attacker with network access viamultiple protocols to compromise MySQL Server. Successful attacks of thisvulnerability can result in unauthorized ability to cause a hang orfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 BaseScore 4.4 (Availability impacts). CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
• CVE-2019-2627: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:Server: Security: Privileges). Supported versions that are affected are5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitablevulnerability allows high privileged attacker with network access viamultiple protocols to compromise MySQL Server. Successful attacks of thisvulnerability can result in unauthorized ability to cause a hang orfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 BaseScore 4.9 (Availability impacts). CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

1.284.0

Notably, this release addresses:

USN-3982-2 USN-3982-2: Linux kernel (Xenial HWE) vulnerabilities:

• CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on somemicroprocessors utilizing speculative executionmay allow an authenticated userto potentially enable information disclosure via a side channel with localaccess.
• CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
• CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
• CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheablememory on some microprocessors utilizing speculative execution may allow anauthenticated user to potentially enable information disclosure via a sidechannel with local access.
• CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted bythe cgroups subsystem. An attacker can use this flaw to cause a denial ofservice attack. Kernel 3.10.x and 4.18.x branches are believed to bevulnerable.
• CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation thatpermits violation of the user's locked memory limit. If a device is boundto a vfio driver, such as vfio-pci, and the local attacker isadministratively granted ownership of the device, it may cause a systemmemory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14and 4.18 are vulnerable.

USN-3983-1 USN-3983-1: Linux kernel vulnerabilities:

• CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on somemicroprocessors utilizing speculative executionmay allow an authenticated userto potentially enable information disclosure via a side channel with localaccess.
• CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
• CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
• CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheablememory on some microprocessors utilizing speculative execution may allow anauthenticated user to potentially enable information disclosure via a sidechannel with local access.

1.281.0

Notably, this release addresses:

USN-3947-1 USN-3947-1: Libxslt vulnerability:

• CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection mechanism becausecallers of xsltCheckRead and xsltCheckWrite permit access even uponreceiving a -1 error code. xsltCheckRead can return -1 for a crafted URLthat is not actually invalid and is subsequently loaded.

1.280.0

Notably, this release addresses:

USN-3943-1 USN-3943-1: Wget vulnerabilities:

• CVE-2018-20483: set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file'sorigin URL in the user.xdg.origin.url metadata attribute of the extendedattributes of the downloaded file, which allows local users to obtainsensitive information (e.g., credentials contained in the URL) by readingthis attribute, as demonstrated by getfattr. This also applies to Refererinformation in the user.xdg.referrer.url metadata attribute. According to2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially basedon the behavior of fwrite_xattr in tool_xattr.c in curl.
• CVE-2019-5953: Buffer overflow vulnerability

-ii  libudev1:amd64 204-5ubuntu20.29      amd64  libudev shared library
+ii  libudev1:amd64 204-5ubuntu20.31      amd64  libudev shared library
-ii  udev           204-5ubuntu20.29      amd64  /dev/ and hotplug management daemon
+ii  udev           204-5ubuntu20.31      amd64  /dev/ and hotplug management daemon
-ii  wget           1.15-1ubuntu1.14.04.4 amd64  retrieves files from the web
+ii  wget           1.15-1ubuntu1.14.04.5 amd64  retrieves files from the web

1.279.0

1.278.0

Notably, this release addresses:

USN-3935-1 USN-3935-1: BusyBox vulnerabilities:

• CVE-2011-5325: Directory traversal vulnerability in the BusyBox implementation of tarbefore 1.22.0 v5 allows remote attackers to point to files outside thecurrent working directory via a symlink.
• CVE-2014-9645: The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0allows local users to bypass intended restrictions on loading kernelmodules via a / (slash) character in a module name, as demonstrated by an"ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
• CVE-2015-9261: huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before1.27.2 misuses a pointer, causing segfaults and an application crash duringan unzip operation on a specially crafted ZIP file.
• CVE-2016-2147: Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0allows remote attackers to cause a denial of service (crash) via amalformed RFC1035-encoded domain name, which triggers an out-of-bounds heapwrite.
• CVE-2016-2148: Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before1.25.0 allows remote attackers to have unspecified impact via vectorsinvolving OPTION_6RD parsing.
• CVE-2017-15873: The get_next_block function in archival/libarchive/decompress_bunzip2.c inBusyBox 1.27.2 has an Integer Overflow that may lead to a write accessviolation.
• CVE-2017-16544: In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,the tab autocomplete feature of the shell, used to get a list of filenamesin a directory, does not sanitize filenames and results in executing anyescape sequence in the terminal. This could potentially result in codeexecution, arbitrary file writes, or other attacks.
• CVE-2018-1000517: BusyBox project BusyBox wget version prior to commit8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflowvulnerability in Busybox wget that can result in heap buffer overflow. Thisattack appear to be exploitable via network connectivity. Thisvulnerability appears to have been fixed in after commit8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
• CVE-2018-20679: An issue was discovered in BusyBox before 1.30.0. An out of bounds read inudhcp components (consumed by the DHCP server, client, and relay) allows aremote attacker to leak sensitive information from the stack by sending acrafted DHCP message. This is related to verification in udhcp_get_option()in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
• CVE-2019-5747: An issue was discovered in BusyBox through 1.30.0. An out of bounds read inudhcp components (consumed by the DHCP server, client, and/or relay) mightallow a remote attacker to leak sensitive information from the stack bysending a crafted DHCP message. This is related to assurance of a 4-bytelength when decoding DHCP_SUBNET. NOTE: this issue exists because of anincomplete fix for CVE-2018-20679.

-ii  busybox-initramfs 1:1.21.0-1ubuntu1   amd64  Standalone shell setup for initramfs
+ii  busybox-initramfs 1:1.21.0-1ubuntu1.4 amd64  Standalone shell setup for initramfs
-ii  libc-bin          2.19-0ubuntu6.14    amd64  Embedded GNU C Library: Binaries
-ii  libc-dev-bin      2.19-0ubuntu6.14    amd64  Embedded GNU C Library: Development binaries
-ii  libc6:amd64       2.19-0ubuntu6.14    amd64  Embedded GNU C Library: Shared libraries
-ii  libc6-dev:amd64   2.19-0ubuntu6.14    amd64  Embedded GNU C Library: Development Libraries and Header Files
+ii  libc-bin          2.19-0ubuntu6.15    amd64  Embedded GNU C Library: Binaries
+ii  libc-dev-bin      2.19-0ubuntu6.15    amd64  Embedded GNU C Library: Development binaries
+ii  libc6:amd64       2.19-0ubuntu6.15    amd64  Embedded GNU C Library: Shared libraries
+ii  libc6-dev:amd64   2.19-0ubuntu6.15    amd64  Embedded GNU C Library: Development Libraries and Header Files
-ii  multiarch-support 2.19-0ubuntu6.14    amd64  Transitional package to ensure multiarch compatibility
+ii  multiarch-support 2.19-0ubuntu6.15    amd64  Transitional package to ensure multiarch compatibility

1.277.0

Notably, this release addresses:

USN-3932-2 USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities:

• CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12does not properly track an allocated nid, which allows local users to causea denial of service (race condition) or possibly have unspecified otherimpact via concurrent threads.
• CVE-2018-13097: An issue was discovered in fs/f2fs/super.c in the Linux kernel through4.17.3. There is an out-of-bounds read or a divide-by-zero error for anincorrect user_block_count in a corrupted f2fs image, leading to a denialof service (BUG).
• CVE-2018-13099: An issue was discovered in fs/f2fs/inline.c in the Linux kernel through4.17.3. A denial of service (out-of-bounds memory access and BUG) can occurfor a modified f2fs filesystem image in which an inline inode contains aninvalid reserved blkaddr.
• CVE-2018-13100: An issue was discovered in fs/f2fs/super.c in the Linux kernel through4.17.3, which does not properly validate secs_per_zone in a corrupted f2fsimage, as demonstrated by a divide-by-zero error.
• CVE-2018-14610: An issue was discovered in the Linux kernel through 4.17.10. There isout-of-bounds access in write_extent_buffer() when mounting and operating acrafted btrfs image, because of a lack of verification that each blockgroup has a corresponding chunk at mount time, withinbtrfs_read_block_groups in fs/btrfs/extent-tree.c.
• CVE-2018-14611: An issue was discovered in the Linux kernel through 4.17.10. There is ause-after-free in try_merge_free_space() when mounting a crafted btrfsimage, because of a lack of chunk type flag checks inbtrfs_check_chunk_valid in fs/btrfs/volumes.c.
• CVE-2018-14612: An issue was discovered in the Linux kernel through 4.17.10. There is aninvalid pointer dereference in btrfs_root_node() when mounting a craftedbtrfs image, because of a lack of chunk block group mapping validation inbtrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-treechecks in check_leaf in fs/btrfs/tree-checker.c.
• CVE-2018-14613: An issue was discovered in the Linux kernel through 4.17.10. There is aninvalid pointer dereference in io_ctl_map_page() when mounting andoperating a crafted btrfs image, because of a lack of block group itemvalidation in check_leaf_item in fs/btrfs/tree-checker.c.
• CVE-2018-14614: An issue was discovered in the Linux kernel through 4.17.10. There is anout-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c whenmounting an f2fs image.
• CVE-2018-14616: An issue was discovered in the Linux kernel through 4.17.10. There is aNULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.cwhen operating on a file in a corrupted f2fs image.
• CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ sharesmounted in different network namespaces at the same time can makebc_svc_process() use wrong back-channel IDs and cause a use-after-freevulnerability. Thus a malicious container user can cause a host kernelmemory corruption and a system panic. Due to the nature of the flaw,privilege escalation cannot be fully ruled out.
• CVE-2018-9517: In pppol2tp_connect, there is possible memory corruption due to a use afterfree. This could lead to local escalation of privilege with Systemexecution privileges needed. User interaction is not needed forexploitation. Product: Android. Versions: Android kernel. Android ID:A-38159931.
• CVE-2019-3459: Heap address infoleak in use of l2cap_get_conf_opt
• CVE-2019-3460: Heap data infoleak in multiple locations includingfunctionl2cap_parse_conf_rsp
• CVE-2019-3701: An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linuxkernel through 4.19.13. The CAN frame modification rules allow bitwiselogical operations that can be also applied to the can_dlc field. Becauseof a missing check, the CAN drivers may write arbitrary content beyond thedata registers in the CAN controller's I/O memory when processing can-gwmanipulated outgoing frames. This is related to cgw_csum_xor_rel. Anunprivileged user can trigger a system crash (general protection fault).
• CVE-2019-3819: A flaw was found in the Linux kernel in the functionhid_debug_events_read() in drivers/hid/hid-debug.c file which may enter aninfinite loop with certain parameters passed from a userspace. A localprivileged user ("root") can cause a system lock up and a denial ofservice. Versions from v4.18 and newer are vulnerable.
• CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device invirt/kvm/kvm_main.c mishandles reference counting because of a racecondition, leading to a use-after-free.
• CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has aUse-after-Free.
• CVE-2019-7222: The KVM implementation in the Linux kernel through 4.20.5 has anInformation Leak.
• CVE-2019-9213: In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks acheck for the mmap minimum address, which makes it easier for attackers toexploit kernel NULL pointer dereferences on non-SMAP platforms. This isrelated to a capability check for the wrong task.

-ii  apt                  1.0.1ubuntu2.22 amd64  commandline package manager
-ii  apt-utils            1.0.1ubuntu2.22 amd64  package management related utility programs
+ii  apt                  1.0.1ubuntu2.23 amd64  commandline package manager
+ii  apt-utils            1.0.1ubuntu2.23 amd64  package management related utility programs
-ii  libapt-inst1.5:amd64 1.0.1ubuntu2.22 amd64  deb package format runtime library
-ii  libapt-pkg4.12:amd64 1.0.1ubuntu2.22 amd64  package management runtime library
+ii  libapt-inst1.5:amd64 1.0.1ubuntu2.23 amd64  deb package format runtime library
+ii  libapt-pkg4.12:amd64 1.0.1ubuntu2.23 amd64  package management runtime library
-ii  linux-libc-dev:amd64 3.13.0-167.217  amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64 3.13.0-168.218  amd64  Linux Kernel Headers for development

1.276.0

-ii  apt                  1.0.1ubuntu2.20  amd64  commandline package manager
-ii  apt-utils            1.0.1ubuntu2.20  amd64  package management related utility programs
+ii  apt                  1.0.1ubuntu2.22  amd64  commandline package manager
+ii  apt-utils            1.0.1ubuntu2.22  amd64  package management related utility programs
-ii  libapt-inst1.5:amd64 1.0.1ubuntu2.20  amd64  deb package format runtime library
-ii  libapt-pkg4.12:amd64 1.0.1ubuntu2.20  amd64  package management runtime library
+ii  libapt-inst1.5:amd64 1.0.1ubuntu2.22  amd64  deb package format runtime library
+ii  libapt-pkg4.12:amd64 1.0.1ubuntu2.22  amd64  package management runtime library

1.275.0

Notably, this release addresses:

USN-3910-2 USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities:

• CVE-2017-18241: fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users tocause a denial of service (NULL pointer dereference and panic) by using anoflush_merge option that triggers a NULL value for a flush_cmd_controldata structure.
• CVE-2018-1120: A flaw was found affecting the Linux kernel before version 4.17. Bymmap()ing a FUSE-backed file onto a process's memory containing commandline arguments (or environment strings), an attacker can cause utilitiesfrom psutils or procps (such as ps, w) or any other program which makes aread() call to the /proc//cmdline (or /proc//environ) files toblock indefinitely (denial of service) or for some controlled time (as asynchronization primitive for other attacks).
• CVE-2018-19985: USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
• CVE-2018-7740: The resv_map_release function in mm/hugetlb.c in the Linux kernel through4.15.7 allows local users to cause a denial of service (BUG) via a craftedapplication that makes mmap system calls and has a large pgoff argument tothe remap_file_pages system call.
• CVE-2019-6133: In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism canbe bypassed because fork() is not atomic, and therefore authorizationdecisions are improperly cached. This is related to lack of uid checking inpolkitbackend/polkitbackendinteractiveauthority.c.

-ii  linux-libc-dev:amd64  3.13.0-165.215  amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64  3.13.0-167.217  amd64  Linux Kernel Headers for development