Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities

Ubuntu Released security updates frequently this month and fixed multiple critical vulnerabilities that affected the Ubuntu package.

The vulnerabilities are fixed with the latest packages if you have enabled automatic update in your Ubuntu servers the updates will be applied automatically.

php5 vulnerabilities

Ubuntu fixes the several vulnerabilities that affected the PHP that provides  corresponding update for Ubuntu 12.04 ESM.

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

GLib vulnerabilities

There are 2 Vulnerabilities fixed that affected glib2.0 – GLib Input, Output and Streaming Library.

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428)

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429)

Ghostscript vulnerabilities

Several security issues were fixed in Ghostscript.Tavis Ormandy discovered multiple security issues in Ghostscript.

If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

glib2.0 vulnerabilities

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360)

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361)

PHP vulnerabilities

It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS.

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Also Read

Google Chrome to Show Not Secure For HTTP Sites and Fix for 42 Security Issues

Apache Software Foundation Releases Important Security Patches for Multiple Apache Tomcat Versions

Cisco Released Critical Security Updates for Vulnerabilities that Affected Cisco Products

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government entities and energy companies.  The attackers,…

3 hours ago

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to dismantle its operations. Initially detected in…

3 hours ago

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature. However, it has a big…

3 hours ago

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth. However, this shift towards…

3 hours ago

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within…

7 hours ago

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware.  The write-up outlines…

8 hours ago