Overview
This week we look at some details of the 16 unique CVEs addressed across the supported Ubuntu releases and more.
This week in Ubuntu Security Updates
16 unique CVEs addressed
[USN-3816-2] systemd vulnerability
- 3 CVEs addressed in Xenial, Bionic, Cosmic
- Episode 12 - original fix for CVE-2018-6954 was incomplete - this includes the complete fix
- Also includes an update to avoid a possible hang on shutdown in unattended-upgrades - LP #1803391
- During shutdown, systemd is already in the process of shutting down
- Then unattended-upgrades runs and it goes and tries to update systemd - which then tries to reexec it - which blocks waiting for it to finish shutting down
- Creates a deadlock since systemd is waiting on unattended-upgrades to finish but u-u is waiting on systemd reexec
- Fix is to not do reexec if systemd is already in the process of stopping
[USN-3825-1, USN-3825-2] mod_perl vulnerability
- 1 CVEs addressed in Precise ESM, Trusty, Xenial, Bionic, Cosmic
- Old CVE - reported to Debian in 2011, who assigned a CVE internally but didn’t go any further with it
- Recently the original reporter of the vulnerability submitted a patch to Debian to fix it - so vuln was reported to Mitre
- Now fixed in Ubuntu as well
[USN-3801-2] Firefox regressions
- 12 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Firefox update (v63) (Episode 9) had some minor regressions
- These were present in the upstream firefox release itself
- This provides 63.0.3 which contains these fixes from upstream to address the regressions
- WebGL hangs, slow page loading if using specific proxy settings etc.
Goings on in Ubuntu Security Community
Linux Cryptocoin Malware
Preview of next episode
Upcoming fixes
Get in contact